CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37864 – net: dsa: clean up FDB, MDB, VLAN entries on unbind
https://notcve.org/view.php?id=CVE-2025-37864
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d ("net: dsa: delete dsa_legacy_fdb_add and dsa_legacy_fdb_del"), DSA is written given the assumption that higher layers have balanced additions/deletions. As such, it only makes sense to be extremely vocal when those assumptions are violated and the driver unbinds with entries still present. But Ido Schimmel points out a very simple si... • https://git.kernel.org/stable/c/0832cd9f1f023226527e95002d537123061ddac4 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37863 – ovl: don't allow datadir only
https://notcve.org/view.php?id=CVE-2025-37863
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, only introduced by the "datadir+" feature, but without actually handling this case, resulting in an Oops. Fix by disallowing datadir without lowerdir. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/cc0918b3582c98f12cfb30bf7496496d14bff3e9 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37862 – HID: pidff: Fix null pointer dereference in pidff_find_fields
https://notcve.org/view.php?id=CVE-2025-37862
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike. The same logic was applied to pidff_find_special_field and although pidff_init_fields should return an error earlier if one of the required reports is missing, future modifications could change this log... • https://git.kernel.org/stable/c/44a1b8b2027afbb37e418993fb23561bdb9efb38 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37861 – scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
https://notcve.org/view.php?id=CVE-2025-37861
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID (0xFFFF), set by the reset thread, which points to unallocated memory, causing a crash. Add flag 'io_admin_reset_sync' to synchronize access between the reset, I/O, and admin threads. Before a reset, the reset handler sets t... • https://git.kernel.org/stable/c/65ba18c84dbd03afe9b38c06c151239d97a09834 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37859 – page_pool: avoid infinite loop to schedule delayed worker
https://notcve.org/view.php?id=CVE-2025-37859
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in page_pool_inflight()[1]. Since the inflight value goes negative, it means we should not expect the whole page_pool to get back to work normally. This patch mitigates the adverse effect by not rescheduli... • https://git.kernel.org/stable/c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37858 – fs/jfs: Prevent integer overflow in AG size calculation
https://notcve.org/view.php?id=CVE-2025-37858
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group (AG) size using 1 << l2agsize in dbExtendFS(). When l2agsize exceeds 31 (possible with >2TB aggregates on 32-bit systems), this 32-bit shift operation causes undefined behavior and improper AG sizing. On 32-bit architectures: - Left-shifting 1 by 32+ bits results in 0 due to integer overflow - This creates invalid AG sizes (0 or garbage va... • https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37857 – scsi: st: Fix array overflow in st_setup()
https://notcve.org/view.php?id=CVE-2025-37857
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in st_setup() Change the array size to follow parms size instead of a fixed value. • https://git.kernel.org/stable/c/736ae988bfb5932c05625baff70fba224d547c08 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37856 – btrfs: harden block_group::bg_list against list_del() races
https://notcve.org/view.php?id=CVE-2025-37856
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: harden block_group::bg_list against list_del() races As far as I can tell, these calls of list_del_init() on bg_list cannot run concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(), as they are in transaction error paths and situations where the block group is readonly. However, if there is any chance at all of racing with mark_bg_unused(), or a different future user of bg_list, better to be safe than sorry. Otherwi... • https://git.kernel.org/stable/c/bf089c4d1141b27332c092b1dcca5022c415a3b6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37855 – drm/amd/display: Guard Possible Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2025-37855
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Guard Possible Null Pointer Dereference [WHY] In some situations, dc->res_pool may be null. [HOW] Check if pointer is null before dereference. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Guard Possible Null Pointer Dereference [WHY] In some situations, dc->res_pool may be null. [HOW] Check if pointer is null before dereference. • https://git.kernel.org/stable/c/dc2de1ac7145f882f3c03d2d6f84583ae7e35d41 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37854 – drm/amdkfd: Fix mode1 reset crash issue
https://notcve.org/view.php?id=CVE-2025-37854
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal user space to abort the processes. After process abort exit, user queues still use the GPU to access system memory before h/w is reset while KFD cleanup worker free system memory and free VRAM. There is use-after-free race bug that KFD allocate and reuse the freed system memory, and user queue write to the same system memory to c... • https://git.kernel.org/stable/c/57c9dabda80ac167de8cd71231baae37cc2f442d •