CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37878 – perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
https://notcve.org/view.php?id=CVE-2025-37878
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Move the get_ctx(child_ctx) call and the child_event->ctx assignment to occur immediately after the child event is allocated. Ensure that child_event->ctx is non-NULL before any subsequent error path within inherit_event calls free_event(), satisfying the assumptions of the cleanup code. Details: There's no clear Fixes tag, because this bug is a side-effect of multiple interact... • https://git.kernel.org/stable/c/1fe9b92eede32574dbe05b5bdb6ad666b350bed0 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37877 – iommu: Clear iommu-dma ops on cleanup
https://notcve.org/view.php?id=CVE-2025-37877
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu: Clear iommu-dma ops on cleanup If iommu_device_register() encounters an error, it can end up tearing down already-configured groups and default domains, however this currently still leaves devices hooked up to iommu-dma (and even historically the behaviour in this area was at best inconsistent across architectures/drivers...) Although in the case that an IOMMU is present whose driver has failed to probe, users cannot necessarily expe... • https://git.kernel.org/stable/c/b14d98641312d972bb3f38e82eddf92898522389 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37876 – netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS
https://notcve.org/view.php?id=CVE-2025-37876
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS When testing a special config: CONFIG_NETFS_SUPPORTS=y CONFIG_PROC_FS=n The system crashes with something like: [ 3.766197] ------------[ cut here ]------------ [ 3.766484] kernel BUG at mm/mempool.c:560! [ 3.766789] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 3.767123] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W [ 3.767777] Tainted: [W]=WARN [ 3.767968] Hardware name: QEMU Standar... • https://git.kernel.org/stable/c/2ef6eea2efce01d1956ace483216f6b6e26330c9 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37875 – igc: fix PTM cycle trigger logic
https://notcve.org/view.php?id=CVE-2025-37875
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The issue can be reproduced with the following: $ sudo phc2sys -R 1000 -O 0 -i tsn0 -m Note: 1000 Hz (-R 1000) is unrealistically large, but provides a way to quickly reproduce the issue. PHC2SYS exits with: "ioctl PTP_OF... • https://git.kernel.org/stable/c/a90ec84837325df4b9a6798c2cc0df202b5680bd •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37874 – net: ngbe: fix memory leak in ngbe_probe() error path
https://notcve.org/view.php?id=CVE-2025-37874
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ngbe: fix memory leak in ngbe_probe() error path When ngbe_sw_init() is called, memory is allocated for wx->rss_key in wx_init_rss_key(). However, in ngbe_probe() function, the subsequent error paths after ngbe_sw_init() don't free the rss_key. Fix that by freeing it in error path along with wx->mac_table. Also change the label to which execution jumps when ngbe_sw_init() fails, because otherwise, it could lead to a double free for rss... • https://git.kernel.org/stable/c/02338c484ab6250b81f0266ffb40d53c3efe0f47 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37873 – eth: bnxt: fix missing ring index trim on error path
https://notcve.org/view.php?id=CVE-2025-37873
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix missing ring index trim on error path Commit under Fixes converted tx_prod to be free running but missed masking it on the Tx error path. This crashes on error conditions, for example when DMA mapping fails. • https://git.kernel.org/stable/c/6d1add95536bafe585c500ad8114af7ed4225a0f •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37872 – net: txgbe: fix memory leak in txgbe_probe() error path
https://notcve.org/view.php?id=CVE-2025-37872
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix memory leak in txgbe_probe() error path When txgbe_sw_init() is called, memory is allocated for wx->rss_key in wx_init_rss_key(). However, in txgbe_probe() function, the subsequent error paths after txgbe_sw_init() don't free the rss_key. Fix that by freeing it in error path along with wx->mac_table. Also change the label to which execution jumps when txgbe_sw_init() fails, because otherwise, it could lead to a double free f... • https://git.kernel.org/stable/c/937d46ecc5f941b26270bdf7ce37495f12b25955 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-37871 – nfsd: decrease sc_count directly if fail to queue dl_recall
https://notcve.org/view.php?id=CVE-2025-37871
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp->cl_lock nfs4_lockowner_has_blockers locks_owner_has_blockers spin_lock // flctx->flc_lock nfsd_break_deleg_cb nfsd_break_one_deleg nfs4_put_stid refcount_... • https://git.kernel.org/stable/c/b874cdef4e67e5150e07eff0eae1cbb21fb92da1 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37870 – drm/amd/display: prevent hang on link training fail
https://notcve.org/view.php?id=CVE-2025-37870
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail [Why] When link training fails, the phy clock will be disabled. However, in enable_streams, it is assumed that link training succeeded and the mux selects the phy clock, causing a hang when a register write is made. [How] When enable_stream is hit, check if link training failed. If it did, fall back to the ref clock to avoid a hang and keep the system in a recoverable state. • https://git.kernel.org/stable/c/0363c03672cd3191f037905bf981eb523a3b71b1 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37869 – drm/xe: Use local fence in error path of xe_migrate_clear
https://notcve.org/view.php?id=CVE-2025-37869
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xe_migrate_clear The intent of the error path in xe_migrate_clear is to wait on locally generated fence and then return. The code is waiting on m->fence which could be the local fence but this is only stable under the job mutex leading to a possible UAF. Fix code to wait on local fence. (cherry picked from commit 762b7e95362170b3e13a8704f38d5e47eca4ba74) • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •