CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37967 – usb: typec: ucsi: displayport: Fix deadlock
https://notcve.org/view.php?id=CVE-2025-37967
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire i... • https://git.kernel.org/stable/c/af8622f6a585d8d82b11cd7987e082861fd0edd3 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37963 – arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
https://notcve.org/view.php?id=CVE-2025-37963
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user. Privileged users can also load the same program via eBPF, making the mitigation pointless. In the Linux kernel, the following vulnerability has been resol... • https://git.kernel.org/stable/c/6e52d043f7dbf1839a24a3fab2b12b0d3839de7a •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-37961 – ipvs: fix uninit-value for saddr in do_output_route4
https://notcve.org/view.php?id=CVE-2025-37961
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local source address for tunnels") already implies that the input value of saddr should be ignored but the code is still reading it which can prevent to connect the route. Fix it by changing the argument to ret_saddr. [1] BUG: KMSAN: uninit-value in do_output_route4+0x42c/0x4d0 net/ne... • https://git.kernel.org/stable/c/4754957f04f5f368792a0eb7dab0ae89fb93dcfd •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37959 – bpf: Scrub packet on bpf_redirect_peer
https://notcve.org/view.php?id=CVE-2025-37959
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpf_redirect_peer When bpf_redirect_peer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can lead skb information from one namespace to be "misused" in another namespace. As one example, this is causing Cilium to drop traffic when using bpf_redirect_peer to redirect packets that just went through IPsec decryption to a container namespace. The following pwru trace shows ... • https://git.kernel.org/stable/c/9aa1206e8f48222f35a0c809f33b2f4aaa1e2661 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37958 – mm/huge_memory: fix dereferencing invalid pmd migration entry
https://notcve.org/view.php?id=CVE-2025-37958
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target foli... • https://git.kernel.org/stable/c/84c3fc4e9c563d8fb91cfdf5948da48fe1af34d3 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37954 – smb: client: Avoid race in open_cached_dir with lease breaks
https://notcve.org/view.php?id=CVE-2025-37954
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir might race with a lease break, meaning open_cached_dir doesn't consider it valid, and thinks it's newly-constructed. This leaks a dentry reference if the allocation occurs before the queued lease break work runs. Avoid the race by extending holding the cfid_list_lock across find_or_create_cached_dir and when the res... • https://git.kernel.org/stable/c/2ed98e89ebc2e1bc73534dc3c18cb7843a889ff9 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37951 – drm/v3d: Add job to pending list if the reset was skipped
https://notcve.org/view.php?id=CVE-2025-37951
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won't be automatically freed through `... • https://git.kernel.org/stable/c/5235b56b7e5449d990d21d78723b1a5e7bb5738e •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37949 – xenbus: Use kref to track req lifetime
https://notcve.org/view.php?id=CVE-2025-37949
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37948 – arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
https://notcve.org/view.php?id=CVE-2025-37948
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp. In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cB... • https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37942 – HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
https://notcve.org/view.php?id=CVE-2025-37942
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX As noted by Anssi some 20 years ago, pool report is sometimes messed up. This worked fine on many devices but casued oops on VRS DirectForce PRO. Here, we're making sure pool report is refetched before trying to access any of it's fields. While loop was replaced with a for loop + exit conditions were moved aroud to decrease the possibility of creating an infinite loop scen... • https://git.kernel.org/stable/c/211861869766a7bb7c72158aee0140ec67e182a7 •