CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37868 – drm/xe/userptr: fix notifier vs folio deadlock
https://notcve.org/view.php?id=CVE-2025-37868
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix notifier vs folio deadlock User is reporting what smells like notifier vs folio deadlock, where migrate_pages_batch() on core kernel side is holding folio lock(s) and then interacting with the mappings of it, however those mappings are tied to some userptr, which means calling into the notifier callback and grabbing the notifier lock. • https://git.kernel.org/stable/c/2a24c98f0e4cc994334598d4f3a851972064809d •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-37867 – RDMA/core: Silence oversized kvmalloc() warning
https://notcve.org/view.php?id=CVE-2025-37867
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Silence oversized kvmalloc() warning syzkaller triggered an oversized kvmalloc() warning. Silence it by adding __GFP_NOWARN. • https://git.kernel.org/stable/c/37824952dc8fcd96e5c5a1ce9abf3f0ba09b1e5e •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-37866 – mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show()
https://notcve.org/view.php?id=CVE-2025-37866
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() A warning is seen when running the latest kernel on a BlueField SOC: [251.512704] ------------[ cut here ]------------ [251.512711] invalid sysfs_emit: buf:0000000003aa32ae [251.512720] WARNING: CPU: 1 PID: 705264 at fs/sysfs/file.c:767 sysfs_emit+0xac/0xc8 The warning is triggered because the mlxbf-bootctl driver invokes "sysfs_emit()" with a buffer pointer that is ... • https://git.kernel.org/stable/c/9886f575de5aefcfab537467c72e5176e5301df0 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-37865 – net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
https://notcve.org/view.php?id=CVE-2025-37865
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Russell King reports that on the ZII dev rev B, deleting a bridge VLAN from a user port fails with -ENOENT: https://lore.kernel.org/netdev/Z_lQXNP0s5-IiJzd@shell.armlinux.org.uk/ This comes from mv88e6xxx_port_vlan_leave() -> mv88e6xxx_mst_put(), which tries to find an MST entry in &chip->msts associated with the SID, but fails and returns -ENOENT as such. • https://git.kernel.org/stable/c/acaf4d2e36b3466334af4d3ee6ac254c3316165c •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37864 – net: dsa: clean up FDB, MDB, VLAN entries on unbind
https://notcve.org/view.php?id=CVE-2025-37864
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d ("net: dsa: delete dsa_legacy_fdb_add and dsa_legacy_fdb_del"), DSA is written given the assumption that higher layers have balanced additions/deletions. As such, it only makes sense to be extremely vocal when those assumptions are violated and the driver unbinds with entries still present. • https://git.kernel.org/stable/c/0832cd9f1f023226527e95002d537123061ddac4 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37863 – ovl: don't allow datadir only
https://notcve.org/view.php?id=CVE-2025-37863
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. • https://git.kernel.org/stable/c/cc0918b3582c98f12cfb30bf7496496d14bff3e9 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-37862 – HID: pidff: Fix null pointer dereference in pidff_find_fields
https://notcve.org/view.php?id=CVE-2025-37862
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. • https://git.kernel.org/stable/c/44a1b8b2027afbb37e418993fb23561bdb9efb38 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37861 – scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
https://notcve.org/view.php?id=CVE-2025-37861
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID (0xFFFF), set by the reset thread, which points to unallocated memory, causing a crash. • https://git.kernel.org/stable/c/65ba18c84dbd03afe9b38c06c151239d97a09834 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-37859 – page_pool: avoid infinite loop to schedule delayed worker
https://notcve.org/view.php?id=CVE-2025-37859
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in page_pool_inflight()[1]. • https://git.kernel.org/stable/c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-37858 – fs/jfs: Prevent integer overflow in AG size calculation
https://notcve.org/view.php?id=CVE-2025-37858
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group (AG) size using 1 << l2agsize in dbExtendFS(). ... Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454 •