CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37949 – xenbus: Use kref to track req lifetime
https://notcve.org/view.php?id=CVE-2025-37949
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37948 – arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
https://notcve.org/view.php?id=CVE-2025-37948
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp. In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cB... • https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37947 – ksmbd: prevent out-of-bounds stream writes by validating *pos
https://notcve.org/view.php?id=CVE-2025-37947
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds memory write. This patch adds a check to ensure *pos is less than v_len before proceeding. If the condition fails, -EINVAL is returned. In the Linux kernel, the f... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37942 – HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
https://notcve.org/view.php?id=CVE-2025-37942
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX As noted by Anssi some 20 years ago, pool report is sometimes messed up. This worked fine on many devices but casued oops on VRS DirectForce PRO. Here, we're making sure pool report is refetched before trying to access any of it's fields. While loop was replaced with a for loop + exit conditions were moved aroud to decrease the possibility of creating an infinite loop scen... • https://git.kernel.org/stable/c/211861869766a7bb7c72158aee0140ec67e182a7 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37940 – ftrace: Add cond_resched() to ftrace_graph_set_hash()
https://notcve.org/view.php?id=CVE-2025-37940
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced, the loop in ftrace_graph_set_hash() may take a lot of time to execute. This may trigger the softlockup watchdog. Add cond_resched() within the loop to allow the kernel to remain responsive even when processing a large number of functions. This matches the cond_resched() that is used in other locations of the code th... • https://git.kernel.org/stable/c/b9b0c831bed2682c2e3e9f5420fb6985549ef020 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37938 – tracing: Verify event formats that have "%*p.."
https://notcve.org/view.php?id=CVE-2025-37938
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. If an event references data that was allocated when the event triggered and that same data is freed before the event is read, then the kernel can crash by reading freed memory. The verifier runs at boot up (or modul... • https://git.kernel.org/stable/c/5013f454a352cce8e62162976026a9c472595e42 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37937 – objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
https://notcve.org/view.php?id=CVE-2025-37937
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call to dib8000_read32() returns zero, the result is a divide-by-zero. Prevent that from happening. Fixes the following warning with an UBSAN kernel: drivers/media/dvb-frontends/dib8000.o: warning: objtool: dib8000_tune() falls through to next function dib8096p_cfg_DibRx() In the Linux kernel, the following vulnerability has been resolved: objtool, m... • https://git.kernel.org/stable/c/173a64cb3fcff1993b2aa8113e53fd379f6a968f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37932 – sch_htb: make htb_qlen_notify() idempotent
https://notcve.org/view.php?id=CVE-2025-37932
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life. In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qle... • https://git.kernel.org/stable/c/73cf6af13153d62f9b76eff422eea79dbc70f15e •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37931 – btrfs: adjust subpage bit start based on sectorsize
https://notcve.org/view.php?id=CVE-2025-37931
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty blocks sometimes, so this in fact affects all metadata writes. When writing out a subpage EB we scan the subpage bitmap for a dirty range. If the range isn't dirty we do bit_start++; to move onto the next bit. The probl... • https://git.kernel.org/stable/c/c4aec299fa8f73f0fd10bc556f936f0da50e3e83 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37930 – drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
https://notcve.org/view.php?id=CVE-2025-37930
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences only ever get signaled through nouveau_fence_signal(). However, in at least one other place, nouveau_fence_done(), can signal fences, too. If that happens (race) a signaled fence remains in the pending list for a while, until it gets removed by nouveau_fence_update(). Should nouveau_fence_context_kill() run in the mean... • https://git.kernel.org/stable/c/ea13e5abf807ea912ce84eef6a1946b9a38c6508 •