CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37803 – udmabuf: fix a buf size overflow issue during udmabuf creation
https://notcve.org/view.php?id=CVE-2025-37803
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. • https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37802 – ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"
https://notcve.org/view.php?id=CVE-2025-37802
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" wait_event_timeout() will set the state of the current task to TASK_UNINTERRUPTIBLE, before doing the condition check. This means that ksmbd_durable_scavenger_alive() will try to acquire the mutex while already in a sleeping state. The scheduler warns us by giving the following warning: do not call blocking ops when !TASK_RUNNING; state=2 set at [<0000000061515a6f>] prepare_to... • https://git.kernel.org/stable/c/8f805b3746d2f41702c77cba22f94f8415fadd1a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37801 – spi: spi-imx: Add check for spi_imx_setupxfer()
https://notcve.org/view.php?id=CVE-2025-37801
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() return error, and make NULL pointer dereference. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: 0x0 spi_imx_pio_transfer+0x50/0xd8 spi_imx_transfer_one+0x18c/0x858 spi_transfer_one_message+0x43c/0x790 __spi_pu... • https://git.kernel.org/stable/c/2fea0d6d7b5d27fbf55512d51851ba0a346ede52 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37800 – driver core: fix potential NULL pointer dereference in dev_uevent()
https://notcve.org/view.php?id=CVE-2025-37800
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev->driver from a valid pointer to NULL may result in crash. Fix this by using READ_ONCE() when fetching the pointer, and take bus' drivers klist lock to make sure driver instance will not disappear while we access it. Use WRITE_ONCE() when setting... • https://git.kernel.org/stable/c/abe56be73eb10a677d16066f65ff9d30251f5eee •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58237 – bpf: consider that tail calls invalidate packet pointers
https://notcve.org/view.php?id=CVE-2024-58237
05 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers. Making the change in bpf_helper_changes_pkt_data() automatically makes use of check_cfg() logic that computes 'changes_pkt_data' effect for global sub-programs, such that the following program could be rejected: int tail_c... • https://git.kernel.org/stable/c/51c39bb1d5d105a02e29aa7960f0a395086e6342 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58100 – bpf: check changes_pkt_data property for extension programs
https://notcve.org/view.php?id=CVE-2024-58100
05 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changes_pkt_data property of the global sub-program. Because of this, an extension program replacing a global sub-program must be compatible with changes_pkt_data property of the sub-program being replaced. This commit: - adds changes_pkt_data f... • https://git.kernel.org/stable/c/be8704ff07d2374bcc5c675526f95e70c6459683 •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58098 – bpf: track changes_pkt_data property for global functions
https://notcve.org/view.php?id=CVE-2024-58098
05 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider the following program: __attribute__((__noinline__)) long skb_pull_data(struct __sk_buff *sk, __u32 len) { return bpf_skb_pull_data(sk, len); } SEC("tc") int test_invalidate_checks(struct __sk_buff *sk) { int *p = (void *)(long)sk->data; if ((void *)(p + 1) > (... • https://git.kernel.org/stable/c/51c39bb1d5d105a02e29aa7960f0a395086e6342 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53144 – erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms
https://notcve.org/view.php?id=CVE-2023-53144
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted 6.2.0-rc5 #4 Workqueue: erofs_worker z_erofs_decompressqueue_work EIP: z_erofs_lzma_decompress+0x34b/0x8ac z_erofs_decompress+0x12/0x14 z_erofs_decompress_queue+0x7e7/0xb1c z_erofs_decompressqueue_work+0x32/0x60 pr... • https://git.kernel.org/stable/c/622ceaddb7649ca328832f50ba1400af778d75fa •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53143 – ext4: fix another off-by-one fsmap error on 1k block filesystems
https://notcve.org/view.php?id=CVE-2023-53143
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one fsmap error on 1k block filesystems Apparently syzbot figured out that issuing this FSMAP call: struct fsmap_head cmd = { .fmh_count = ...; .fmh_keys = { { .fmr_device = /* ext4 dev */, .fmr_physical = 0, }, { .fmr_device = /* ext4 dev */, .fmr_physical = 0, }, }, ... }; ret = ioctl(fd, FS_IOC_GETFSMAP, &cmd); Produces this crash if the underlying filesystem is a 1k-block ext4 filesystem: kernel BUG at fs/ext4/e... • https://git.kernel.org/stable/c/4a4956249dac0b9b0027949907bff0cd1a9b57fa •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53142 – ice: copy last block omitted in ice_get_module_eeprom()
https://notcve.org/view.php?id=CVE-2023-53142
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: copy last block omitted in ice_get_module_eeprom() ice_get_module_eeprom() is broken since commit e9c9692c8a81 ("ice: Reimplement module reads used by ethtool") In this refactor, ice_get_module_eeprom() reads the eeprom in blocks of size 8. But the condition that should protect the buffer overflow ignores the last block. The last block always contains zeros. Bug uncovered by ethtool upstream commit 9538f384b535 ("netlink: eeprom: Defer... • https://git.kernel.org/stable/c/e9c9692c8a81aacf0854f68ab54dc182f8be38e8 •