CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-37956 – ksmbd: prevent rename with empty string
https://notcve.org/view.php?id=CVE-2025-37956
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from d_alloc. This patch return the error when attempting to rename a file or directory with an empty new name string. In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from d_alloc.... • https://git.kernel.org/stable/c/6ee551672c8cf36108b0cfba92ec0c7c28ac3439 •
CVSS: 4.7EPSS: %CPEs: 4EXPL: 0CVE-2025-37954 – smb: client: Avoid race in open_cached_dir with lease breaks
https://notcve.org/view.php?id=CVE-2025-37954
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir might race with a lease break, meaning open_cached_dir doesn't consider it valid, and thinks it's newly-constructed. This leaks a dentry reference if the allocation occurs before the queued lease break work runs. Avoid the race by extending holding the cfid_list_lock across find_or_create_cached_dir and when the res... • https://git.kernel.org/stable/c/2ed98e89ebc2e1bc73534dc3c18cb7843a889ff9 •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2025-37952 – ksmbd: Fix UAF in __close_file_table_ids
https://notcve.org/view.php?id=CVE-2025-37952
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while another thread holds a reference to it. The existing checks on fp->refcount are not sufficient to prevent this. The fix takes ft->lock around the section which removes the file from the file table. This prevents two threads acquiring the same file pointer via __close_file_table_ids, as well as the other functions ... • https://git.kernel.org/stable/c/fec1f9e9a650e8e7011330a085c77e7bf2a08ea9 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-37951 – drm/v3d: Add job to pending list if the reset was skipped
https://notcve.org/view.php?id=CVE-2025-37951
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won't be automatically freed through `... • https://git.kernel.org/stable/c/5235b56b7e5449d990d21d78723b1a5e7bb5738e •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-37948 – arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
https://notcve.org/view.php?id=CVE-2025-37948
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp. In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cB... • https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2025-37947 – ksmbd: prevent out-of-bounds stream writes by validating *pos
https://notcve.org/view.php?id=CVE-2025-37947
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds memory write. This patch adds a check to ensure *pos is less than v_len before proceeding. If the condition fails, -EINVAL is returned. In the Linux kernel, the f... • https://git.kernel.org/stable/c/7f61da79df86fd140c7768e668ad846bfa7ec8e1 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-37944 – wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
https://notcve.org/view.php?id=CVE-2025-37944
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption or crashes due to accessing incorrect memory locations. This h... • https://git.kernel.org/stable/c/2c512f2eadabb1e80816116894ffaf7d802a944e •
CVSS: 8.3EPSS: %CPEs: 5EXPL: 0CVE-2025-37943 – wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
https://notcve.org/view.php?id=CVE-2025-37943
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before proce... • https://git.kernel.org/stable/c/7f1d986da5c6abb75ffe4d0d325fc9b341c41a1c •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-37942 – HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
https://notcve.org/view.php?id=CVE-2025-37942
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX As noted by Anssi some 20 years ago, pool report is sometimes messed up. This worked fine on many devices but casued oops on VRS DirectForce PRO. Here, we're making sure pool report is refetched before trying to access any of it's fields. While loop was replaced with a for loop + exit conditions were moved aroud to decrease the possibility of creating an infinite loop scen... • https://git.kernel.org/stable/c/211861869766a7bb7c72158aee0140ec67e182a7 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2025-37937 – objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
https://notcve.org/view.php?id=CVE-2025-37937
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call to dib8000_read32() returns zero, the result is a divide-by-zero. Prevent that from happening. Fixes the following warning with an UBSAN kernel: drivers/media/dvb-frontends/dib8000.o: warning: objtool: dib8000_tune() falls through to next function dib8096p_cfg_DibRx() In the Linux kernel, the following vulnerability has been resolved: objtool, m... • https://git.kernel.org/stable/c/173a64cb3fcff1993b2aa8113e53fd379f6a968f •