CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37773 – virtiofs: add filesystem context source name check
https://notcve.org/view.php?id=CVE-2025-37773
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an extra check for the source name should be added. In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which... • https://git.kernel.org/stable/c/a62a8ef9d97da23762a588592c8b8eb50a8deb6a •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37770 – drm/amd/pm: Prevent division by zero
https://notcve.org/view.php?id=CVE-2025-37770
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center... • https://git.kernel.org/stable/c/c52dcf49195d06319189c7f1dd8b62bfca545197 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37768 – drm/amd/pm: Prevent division by zero
https://notcve.org/view.php?id=CVE-2025-37768
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center... • https://git.kernel.org/stable/c/c52dcf49195d06319189c7f1dd8b62bfca545197 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37766 – drm/amd/pm: Prevent division by zero
https://notcve.org/view.php?id=CVE-2025-37766
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center... • https://git.kernel.org/stable/c/031db09017da532d4dc7bbba8c734cfc80f49f34 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37765 – drm/nouveau: prime: fix ttm_bo_delayed_delete oops
https://notcve.org/view.php?id=CVE-2025-37765
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Fix an oops in ttm_bo_delayed_delete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP CPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 Not tainted 6.14.0-rc4-00267-g505460b44513-dirty #216 Hardware name: LENOVO 82N6/LNVNB161216, BIOS GKCN65WW 01/16/2024 Workqueue: ttm ttm_bo_delayed_del... • https://git.kernel.org/stable/c/22b33e8ed0e38b8ddcf082e35580f2e67a3a0262 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37758 – ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
https://notcve.org/view.php?id=CVE-2025-37758
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does not check for this case, which can result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue. In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL ... • https://git.kernel.org/stable/c/2dc6c6f15da97cb3e810963c80e981f19d42cd7d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37757 – tipc: fix memory leak in tipc_link_xmit
https://notcve.org/view.php?id=CVE-2025-37757
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_link_xmit In case the backlog transmit queue for system-importance messages is overloaded, tipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to memory leak and failure when a skb is allocated. This commit fixes this issue by purging the skb list before tipc_link_xmit() returns. In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_link_xmit ... • https://git.kernel.org/stable/c/365ad353c2564bba8835290061308ba825166b3a •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37756 – net: tls: explicitly disallow disconnect
https://notcve.org/view.php?id=CVE-2025-37756
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago. Supporting disconnect is really hard, for one thing if offload is enabled we'd need to wait for all packets to be _acked_. Disconnect is not commonly used, disallow it. The immediate problem syzbot run into is the war... • https://git.kernel.org/stable/c/3c4d7559159bfe1e3b94df3a657b2cda3a34e218 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37749 – net: ppp: Add bound checking for skb data on ppp_sync_txmung
https://notcve.org/view.php?id=CVE-2025-37749
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an empty payload: (remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37746 – perf/dwc_pcie: fix duplicate pci_dev devices
https://notcve.org/view.php?id=CVE-2025-37746
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_device_register, wrongly using struct device pci_dev as platform_data caused a kmemdup copy of pci_dev. Worse still, accessing the duplicated device leads to list corruption as its mutex content (e.g., list, magic) remains the same as the original. In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_devic... • https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9 •