CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37745 – PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
https://notcve.org/view.php?id=CVE-2025-37745
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() syzbot reported a deadlock in lock_system_sleep() (see below). The write operation to "/sys/module/hibernate/parameters/compressor" conflicts with the registration of ieee80211 device, resulting in a deadlock when attempting to acquire system_transition_mutex under param_lock. To avoid this deadlock, change hibernate_compressor_param_set() to use mutex_trylock() for attemptin... • https://git.kernel.org/stable/c/11ae4fec1f4b4ee06770a572c37d89cbaecbf66e •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37744 – wifi: ath12k: fix memory leak in ath12k_pci_remove()
https://notcve.org/view.php?id=CVE-2025-37744
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_pci_remove() Kmemleak reported this error: unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (age 235.596s) backtrace: [<000000005434db68>] __kmem_cache_alloc_node+0x1f4/0x2c0 [<000000001203b155>] kmalloc_trace+0x40/0x88 [<0000000028adc9c8>] _request_firmware+0xb8/0x608 [<00000000cad1aef7>] firmware_request_nowarn+0x50/0x80 [<000000005011a682>] local_pci_prob... • https://git.kernel.org/stable/c/3cb47b50926a5b9eef8c06506a14cdc0f3d95c53 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-37743 – wifi: ath12k: Avoid memory leak while enabling statistics
https://notcve.org/view.php?id=CVE-2025-37743
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid memory leak while enabling statistics Driver uses monitor destination rings for extended statistics mode and standalone monitor mode. In extended statistics mode, TLVs are parsed from the buffer received from the monitor destination ring and assigned to the ppdu_info structure to update per-packet statistics. In standalone monitor mode, along with per-packet statistics, the packet data (payload) is captured, and the driv... • https://git.kernel.org/stable/c/286bab0fc7b9db728dab8c63cadf6be9b3facf8c •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37742 – jfs: Fix uninit-value access of imap allocated in the diMount() function
https://notcve.org/view.php?id=CVE-2025-37742
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount() function syzbot reports that hex_dump_to_buffer is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 print_hex_dump+0x13d/0x3e0 lib/hexdump.c:276 diFree+0x5ba/0x4350 fs/jfs/jfs_imap.c:876 jfs_evict_inode+0x510/0x550 fs/jfs/inode... • https://git.kernel.org/stable/c/cab1852368dd74d629ee02abdbc559218ca64dde •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37741 – jfs: Prevent copying of nlink with value 0 from disk inode
https://notcve.org/view.php?id=CVE-2025-37741
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Prevent copying of nlink with value 0 from disk inode syzbot report a deadlock in diFree. [1] When calling "ioctl$LOOP_SET_STATUS64", the offset value passed in is 4, which does not match the mounted loop device, causing the mapping of the mounted loop device to be invalidated. When creating the directory and creating the inode of iag in diReadSpecial(), read the page of fixed disk inode (AIT) in raw mode in read_metapage(), the metapa... • https://git.kernel.org/stable/c/c9541c2bd0edbdbc5c1148a84d3b48dc8d1b8af2 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37740 – jfs: add sanity check for agwidth in dbMount
https://notcve.org/view.php?id=CVE-2025-37740
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add sanity check for agwidth in dbMount The width in dmapctl of the AG is zero, it trigger a divide error when calculating the control page level in dbAllocAG. To avoid this issue, add a check for agwidth in dbAllocAG. • https://git.kernel.org/stable/c/a260bf14cd347878f01f70739ba829442a474a16 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37739 – f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
https://notcve.org/view.php?id=CVE-2025-37739
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() syzbot reports an UBSAN issue as below: ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/f2fs/node.h:381:10 index 18446744073709550692 is out of range for type '__le32[5]' (aka 'unsigned int[5]') CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.14.0-rc3-syzkaller-00060-g6537cfb395f3 #0 Call Trace:
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37738 – ext4: ignore xattrs past end
https://notcve.org/view.php?id=CVE-2025-37738
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue: ================================================================== BUG: KASAN: slab-use-after-free in ext4_xattr_inode_dec_ref_all+0xb8c/0xe90 Read of size 4 at addr ffff888012c120c4 by task repro/2065 CPU: 1 UID: 0 PID: 2065 Comm: repro Not tainted 6.13.0-rc2+ #11 Hardw... • https://git.kernel.org/stable/c/cf9291a3449b04688b81e32621e88de8f4314b54 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-23163 – net: vlan: don't propagate flags on open
https://notcve.org/view.php?id=CVE-2025-23163
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: [ 1.211455] ============================================ [ 1.211571] WARNING: possible recursive locking detected [ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted [ 1.211823] -------------------------------------------- [ 1.211936] ip/184 is trying to acquire lock: [ 1.212032] ffff8881024a4c30 (&dev->lock){+.+.}-{... • https://git.kernel.org/stable/c/53fb25e90c0a503a17c639341ba5e755cb2feb5c •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-23162 – drm/xe/vf: Don't try to trigger a full GT reset if VF
https://notcve.org/view.php?id=CVE-2025-23162
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't try to trigger a full GT reset if VF VFs don't have access to the GDRST(0x941c) register that driver uses to reset a GT. Attempt to trigger a reset using debugfs: $ cat /sys/kernel/debug/dri/0000:00:02.1/gt0/force_reset or due to a hang condition detected by the driver leads to: [ ] xe 0000:00:02.1: [drm] GT0: trying reset from force_reset [xe] [ ] xe 0000:00:02.1: [drm] GT0: reset queued [ ] xe 0000:00:02.1: [drm] GT0: res... • https://git.kernel.org/stable/c/2eec2fa8666dcecebae33a565a818c9de9af8b50 •