CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37784 – net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
https://notcve.org/view.php?id=CVE-2025-37784
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ti: icss-iep: Fix possible NULL pointer dereference for perout request The ICSS IEP driver tracks perout and pps enable state with flags. Currently when disabling pps and perout signals during icss_iep_exit(), results in NULL pointer dereference for perout. To fix the null pointer dereference issue, the icss_iep_perout_enable_hw function can be modified to directly clear the IEP CMP registers when disabling PPS or PEROUT, without refer... • https://git.kernel.org/stable/c/d6b130fabfe197935346fe9f1e50a0947b2b1be7 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37782 – hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
https://notcve.org/view.php?id=CVE-2025-37782
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Syzbot reported an issue in hfs subsystem: BUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 Write of size 94 at addr ffff8880123cd100 by task syz-executor237/5102 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37781 – i2c: cros-ec-tunnel: defer probe if parent EC is not present
https://notcve.org/view.php?id=CVE-2025-37781
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device will not be found, leading to NULL pointer dereference. That can also be reproduced by unbinding the controller driver and then loading i2c-cros-ec-tunnel module (or binding the device). [ 271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 271.998215] #PF: supervisor read access... • https://git.kernel.org/stable/c/9d230c9e4f4e67cb1c1cb9e0f6142da16b0f2796 •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37780 – isofs: Prevent the use of too small fid
https://notcve.org/view.php?id=CVE-2025-37780
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too small fid syzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1] The handle_bytes value passed in by the reproducing program is equal to 12. In handle_to_path(), only 12 bytes of memory are allocated for the structure file_handle->f_handle member, which causes an out-of-bounds access when accessing the member parent_block of the structure isofs_fid in isofs, because accessing parent_block requires... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37778 – ksmbd: Fix dangling pointer in krb_authenticate
https://notcve.org/view.php?id=CVE-2025-37778
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krb_authenticate krb_authenticate frees sess->user and does not set the pointer to NULL. It calls ksmbd_krb5_authenticate to reinitialise sess->user but that function may return without doing so. If that happens then smb2_sess_setup, which calls krb_authenticate, will be accessing free'd memory when it later uses sess->user. In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix danglin... • https://git.kernel.org/stable/c/d5b554bc8d554ed6ddf443d3db2fad9f665cec10 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37777 – ksmbd: fix use-after-free in __smb2_lease_break_noti()
https://notcve.org/view.php?id=CVE-2025-37777
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __smb2_lease_break_noti() Move tcp_transport free to ksmbd_conn_free. If ksmbd connection is referenced when ksmbd server thread terminates, It will not be freed, but conn->tcp_transport is freed. __smb2_lease_break_noti can be performed asynchronously when the connection is disconnected. __smb2_lease_break_noti calls ksmbd_conn_write, which can cause use-after-free when conn->ksmbd_transport is already freed. I... • https://git.kernel.org/stable/c/1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37776 – ksmbd: fix use-after-free in smb_break_all_levII_oplock()
https://notcve.org/view.php?id=CVE-2025-37776
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_break_all_levII_oplock() There is a room in smb_break_all_levII_oplock that can cause racy issues when unlocking in the middle of the loop. This patch use read lock to protect whole loop. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_break_all_levII_oplock() There is a room in smb_break_all_levII_oplock that can cause racy issues when unlocking in the mi... • https://git.kernel.org/stable/c/296cb5457cc6f4a754c4ae29855f8a253d52bcc6 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37775 – ksmbd: fix the warning from __kernel_write_iter
https://notcve.org/view.php?id=CVE-2025-37775
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------ [ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280 This patch doesn't allow writing to directory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------ [ 2110.972301] WARNING: CPU: 3 PID... • https://git.kernel.org/stable/c/44079e544c9f6e3e9fb43a16ddf8b08cf686d657 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37774 – slab: ensure slab->obj_exts is clear in a newly allocated slab page
https://notcve.org/view.php?id=CVE-2025-37774
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: slab: ensure slab->obj_exts is clear in a newly allocated slab page ktest recently reported crashes while running several buffered io tests with __alloc_tagging_slab_alloc_hook() at the top of the crash call stack. The signature indicates an invalid address dereference with low bits of slab->obj_exts being set. The bits were outside of the range used by page_memcg_data_flags and objext_flags and hence were not masked out by slab_obj_exts() ... • https://git.kernel.org/stable/c/21c690a349baab895dc68ab70d291e1598d7109d •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37773 – virtiofs: add filesystem context source name check
https://notcve.org/view.php?id=CVE-2025-37773
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an extra check for the source name should be added. In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which... • https://git.kernel.org/stable/c/a62a8ef9d97da23762a588592c8b8eb50a8deb6a •