CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37852 – drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
https://notcve.org/view.php?id=CVE-2025-37852
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Add error handling to propagate amdgpu_cgs_create_device() failures to the caller. When amdgpu_cgs_create_device() fails, release hwmgr and return -ENOMEM to prevent null pointer dereference. [v1]->[v2]: Change error code from -EINVAL to -ENOMEM. Free hwmgr. • https://git.kernel.org/stable/c/55ef52c30c3e747f145a64de96192e37a8fed670 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-37851 – fbdev: omapfb: Add 'plane' value check
https://notcve.org/view.php?id=CVE-2025-37851
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' value check Function dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB of the enum parameter plane. The value of this parameter is initialized in dss_init_overlays and in the current state of the code it cannot take this value so it's not a real problem. For the purposes of defensive coding it wouldn't be superfluous to check the parameter value, because some functions down the call stack process ... • https://git.kernel.org/stable/c/a570efb4d877adbf3db2dc95487f2ba6bfdd148a •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-37850 – pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
https://notcve.org/view.php?id=CVE-2025-37850
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() With CONFIG_COMPILE_TEST && !CONFIG_HAVE_CLK, pwm_mediatek_config() has a divide-by-zero in the following line: do_div(resolution, clk_get_rate(pc->clk_pwms[pwm->hwpwm])); due to the fact that the !CONFIG_HAVE_CLK version of clk_get_rate() returns zero. This is presumably just a theoretical problem: COMPILE_TEST overrides the dependency on RALINK which would select COMMON_CLK. R... • https://git.kernel.org/stable/c/caf065f8fd583b43a3f95d84c8a0a0d07597963b •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37849 – KVM: arm64: Tear down vGIC on failed vCPU creation
https://notcve.org/view.php?id=CVE-2025-37849
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destroyed but it can also lead to use-after-free if the redistributor device handling tries to walk into the vCPU. Add the missing cleanup to kvm_arch_vcpu_create(), e... • https://git.kernel.org/stable/c/07476e0d932afc53c05468076393ac35d0b4999e •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-37841 – pm: cpupower: bench: Prevent NULL dereference on malloc failure
https://notcve.org/view.php?id=CVE-2025-37841
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference. • https://git.kernel.org/stable/c/34a9394794b0f97af6afedc0c9ee2012c24b28ed •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-37839 – jbd2: remove wrong sb->s_sequence check
https://notcve.org/view.php?id=CVE-2025-37839
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb->s_sequence check Journal emptiness is not determined by sb->s_sequence == 0 but rather by sb->s_start == 0 (which is set a few lines above). Furthermore 0 is a valid transaction ID so the check can spuriously trigger. Remove the invalid WARN_ON. • https://git.kernel.org/stable/c/cf30432f5b3064ff85d85639c2f0106f89c566f6 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-37836 – PCI: Fix reference leak in pci_register_host_bridge()
https://notcve.org/view.php?id=CVE-2025-37836
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reference leak in pci_register_host_bridge() If device_register() fails, call put_device() to give up the reference to avoid a memory leak, per the comment at device_register(). Found by code review. [bhelgaas: squash Dan Carpenter's double free fix from https://lore.kernel.org/r/db806a6c-a91b-4e5a-a84b-6b7e01bdac85@stanley.mountain] • https://git.kernel.org/stable/c/37d6a0a6f4700ad3ae7bbf8db38b4557e97b3fe4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37834 – mm/vmscan: don't try to reclaim hwpoison folio
https://notcve.org/view.php?id=CVE-2025-37834
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 users Memory failure: 0x18b00e: recovery action for dirty swapcache page: Failed page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e memcg:ffff0000dd6d9000 anon flags: 0x5ffffe00482011... • https://git.kernel.org/stable/c/1c9798bf8145a92abf45aa9d38a6406d9eb8bdf0 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-37833 – net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
https://notcve.org/view.php?id=CVE-2025-37833
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Fix niu_try_msix() to not cause a fatal trap on sparc systems. Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to work around a bug in the hardware or firmware. For each vector entry in the msix table, niu chips will cause a fatal trap if any registers in that entry are read before that entries' ENTRY_DATA register is written to. Testing indicates writ... • https://git.kernel.org/stable/c/7d5ec3d3612396dc6d4b76366d20ab9fc06f399f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37823 – net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
https://notcve.org/view.php?id=CVE-2025-37823
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer. In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •