CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37885 – KVM: x86: Reset IRTE to host control if *new* route isn't postable
https://notcve.org/view.php?id=CVE-2025-37885
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. Updating the IRTE if and only if the new GSI is an MSI results in KVM leaving an IRTE posting to a vCPU. The dangling IRTE can result in interrupts being incorrectly delivered to the guest, and in the worst... • https://git.kernel.org/stable/c/efc644048ecde54f016011fe10110addd0de348f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37884 – bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
https://notcve.org/view.php?id=CVE-2025-37884
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Fix the following deadlock: CPU A _free_event() perf_kprobe_destroy() mutex_lock(&event_mutex) perf_trace_event_unreg() synchronize_rcu_tasks_trace() There are several paths where _free_event() grabs event_mutex and calls sync_rcu_tasks_trace. Above is one such case. CPU B bpf_prog_test_run_syscall() rcu_read_lock_trace() bpf_prog_run_pin_on_cpu() bpf_prog_load() bpf_tracing_func_pr... • https://git.kernel.org/stable/c/255cbc9db7067a83713fd2f4b31034ddd266549a •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37883 – s390/sclp: Add check for get_zeroed_page()
https://notcve.org/view.php?id=CVE-2025-37883
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Furthermore, to solve the memory leak caused by the loop allocation, add a free helper to do the free job. In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_ini... • https://git.kernel.org/stable/c/e1e00dc45648125ef7cb87ebc3b581ac224e7b39 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37882 – usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
https://notcve.org/view.php?id=CVE-2025-37882
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event, a new TD may be queued at this ring position. I can trigger this race by rising interrupt moderation to increase IRQ handling delay. Similar delay may occur naturally due to system load. If this ever happens after ... • https://git.kernel.org/stable/c/16a7a8e6c47fea5c847beb696c8c21a7a44c1915 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37881 – usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
https://notcve.org/view.php?id=CVE-2025-37881
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool In the Linux kernel, the following vulnerability has been resolved: usb: gad... • https://git.kernel.org/stable/c/a777ccfb9ba8d43f745e41b69ba39d4a506a081e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37880 – um: work around sched_yield not yielding in time-travel mode
https://notcve.org/view.php?id=CVE-2025-37880
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield by a userspace may not actually cause scheduling in time-travel mode as no time has passed. In the case seen it appears to be a badly implemented userspace spinlock in ASAN. Unfortunately, with time-travel it causes an extreme slowdown or even deadlock depending on the kernel configuration (CONFIG_UML_MAX_USERSPACE_ITERATIONS). Work around it by accounting time to the ... • https://git.kernel.org/stable/c/990ddc65173776f1e01e7135d8c1fd5f8fd4d5d2 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37879 – 9p/net: fix improper handling of bogus negative read/write replies
https://notcve.org/view.php?id=CVE-2025-37879
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) <= rsize (positive) because both variables were signed. Make variables unsigned to avoid this problem. The reproducer linked below now fails with the following error instead of a null pointer deref: 9pnet: bo... • https://git.kernel.org/stable/c/468ff4a7c61fb811c596a7c44b6a5455e40fd12b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37878 – perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
https://notcve.org/view.php?id=CVE-2025-37878
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Move the get_ctx(child_ctx) call and the child_event->ctx assignment to occur immediately after the child event is allocated. Ensure that child_event->ctx is non-NULL before any subsequent error path within inherit_event calls free_event(), satisfying the assumptions of the cleanup code. Details: There's no clear Fixes tag, because this bug is a side-effect of multiple interact... • https://git.kernel.org/stable/c/1fe9b92eede32574dbe05b5bdb6ad666b350bed0 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37877 – iommu: Clear iommu-dma ops on cleanup
https://notcve.org/view.php?id=CVE-2025-37877
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu: Clear iommu-dma ops on cleanup If iommu_device_register() encounters an error, it can end up tearing down already-configured groups and default domains, however this currently still leaves devices hooked up to iommu-dma (and even historically the behaviour in this area was at best inconsistent across architectures/drivers...) Although in the case that an IOMMU is present whose driver has failed to probe, users cannot necessarily expe... • https://git.kernel.org/stable/c/b14d98641312d972bb3f38e82eddf92898522389 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37870 – drm/amd/display: prevent hang on link training fail
https://notcve.org/view.php?id=CVE-2025-37870
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail [Why] When link training fails, the phy clock will be disabled. However, in enable_streams, it is assumed that link training succeeded and the mux selects the phy clock, causing a hang when a register write is made. [How] When enable_stream is hit, check if link training failed. If it did, fall back to the ref clock to avoid a hang and keep the system in a recoverable state. In the Linux k... • https://git.kernel.org/stable/c/0363c03672cd3191f037905bf981eb523a3b71b1 •