CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2025-37979 – ASoC: qcom: Fix sc7280 lpass potential buffer overflow
https://notcve.org/view.php?id=CVE-2025-37979
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). Redefine LPASS_MAX_PORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values. Found by Linux Verification Center (li... • https://git.kernel.org/stable/c/77d0ffef793da818741127f4905a3e3d45d05ac7 •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2025-37977 – scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
https://notcve.org/view.php?id=CVE-2025-37977
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dma-coherent property isn't set then descriptors are non-cacheable and the iocc shareability bits should be disabled. Without this UFS can end up in an incompatible configuration and suffer from random cache related stability issues. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dm... • https://git.kernel.org/stable/c/cc52e15397cc5dc773d3c6792b98352d3209f93f •
CVSS: 5.5EPSS: %CPEs: 1EXPL: 0CVE-2025-37976 – wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
https://notcve.org/view.php?id=CVE-2025-37976
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process [ Upstream commit 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 ] Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption o... • https://git.kernel.org/stable/c/0c1015493f0e3979bcbd3a12ebc0977578c87f21 •
CVSS: 10.0EPSS: %CPEs: 4EXPL: 0CVE-2025-37973 – wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation
https://notcve.org/view.php?id=CVE-2025-37973
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation process, the multi-link element length added to the total IEs length when calculating the length of remaining IEs after the multi-link element in cfg80211_defrag_mle(). This could lead to out-of-bounds access if the multi-link element or its corresponding fragment elements are the last elements in the IE... • https://git.kernel.org/stable/c/2481b5da9c6b2ee1fde55a1c29eb2ca377145a10 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-37972 – Input: mtk-pmic-keys - fix possible null pointer dereference
https://notcve.org/view.php?id=CVE-2025-37972
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the code will try to dereference a null pointer. Let's use the regs struct instead as it is defined for all supported platforms. Note that it is ok set... • https://git.kernel.org/stable/c/b581acb49aec5c3b0af9ab1c537fb73481b79069 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-37970 – iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
https://notcve.org/view.php?id=CVE-2025-37970
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty. In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the devi... • https://git.kernel.org/stable/c/290a6ce11d938be52634b3ce1bbc6b78be4d23c1 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-37969 – iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
https://notcve.org/view.php?id=CVE-2025-37969
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty. In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in case pattern_len i... • https://git.kernel.org/stable/c/801a6e0af0c6cedca2e99155e343ad385a50f08e •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2025-37968 – iio: light: opt3001: fix deadlock due to concurrent flag access
https://notcve.org/view.php?id=CVE-2025-37968
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the flag is designed to prevent it, there are subtle cases where the flag could be true at the mutex_lock stage and false at the mutex_unlock stage. This results in the mutex not being unlocked, resulting in a deadlock. Fix it by making th... • https://git.kernel.org/stable/c/94a9b7b1809f56cfaa080e70ec49b6979563a237 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2025-37967 – usb: typec: ucsi: displayport: Fix deadlock
https://notcve.org/view.php?id=CVE-2025-37967
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire i... • https://git.kernel.org/stable/c/af8622f6a585d8d82b11cd7987e082861fd0edd3 •
CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2025-37964 – x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
https://notcve.org/view.php?id=CVE-2025-37964
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the new CR3 is set and the CPU should be getting TLB flushes for the new mm. But should_flush_tlb() has a bug and suppresses the flush. Fix it by widening the window where should_flush_tlb() sends an IPI. Long Version: === History === There were a few things leading up to this. First, updating mm_cpumask() was obse... • https://git.kernel.org/stable/c/848b5815177582de0e1d0118725378e0fbadca20 •