CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37749 – net: ppp: Add bound checking for skb data on ppp_sync_txmung
https://notcve.org/view.php?id=CVE-2025-37749
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an empty payload: (remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37748 – iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
https://notcve.org/view.php?id=CVE-2025-37748
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Currently, mtk_iommu calls during probe iommu_device_register before the hw_list from driver data is initialized. Since iommu probing issue fix, it leads to NULL pointer dereference in mtk_iommu_device_group when hw_list is accessed with list_first_entry (not null safe). So, change the call order to ensure iommu_device_register is called after the driver data are initializ... • https://git.kernel.org/stable/c/9e3a2a64365318a743e3c0b028952d2cdbaf2b0c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37747 – perf: Fix hang while freeing sigtrap event
https://notcve.org/view.php?id=CVE-2025-37747
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: Fix hang while freeing sigtrap event Perf can hang while freeing a sigtrap event if a related deferred signal hadn't managed to be sent before the file got closed: perf_event_overflow() task_work_add(perf_pending_task) fput() task_work_add(____fput()) task_work_run() ____fput() perf_release() perf_event_release_kernel() _free_event() perf_pending_task_sync() task_work_cancel() -> FAILED rcuwait_wait_event() Once task_work_run() is run... • https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37746 – perf/dwc_pcie: fix duplicate pci_dev devices
https://notcve.org/view.php?id=CVE-2025-37746
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_device_register, wrongly using struct device pci_dev as platform_data caused a kmemdup copy of pci_dev. Worse still, accessing the duplicated device leads to list corruption as its mutex content (e.g., list, magic) remains the same as the original. In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_devic... • https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37745 – PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
https://notcve.org/view.php?id=CVE-2025-37745
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() syzbot reported a deadlock in lock_system_sleep() (see below). The write operation to "/sys/module/hibernate/parameters/compressor" conflicts with the registration of ieee80211 device, resulting in a deadlock when attempting to acquire system_transition_mutex under param_lock. To avoid this deadlock, change hibernate_compressor_param_set() to use mutex_trylock() for attemptin... • https://git.kernel.org/stable/c/11ae4fec1f4b4ee06770a572c37d89cbaecbf66e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37744 – wifi: ath12k: fix memory leak in ath12k_pci_remove()
https://notcve.org/view.php?id=CVE-2025-37744
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_pci_remove() Kmemleak reported this error: unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (age 235.596s) backtrace: [<000000005434db68>] __kmem_cache_alloc_node+0x1f4/0x2c0 [<000000001203b155>] kmalloc_trace+0x40/0x88 [<0000000028adc9c8>] _request_firmware+0xb8/0x608 [<00000000cad1aef7>] firmware_request_nowarn+0x50/0x80 [<000000005011a682>] local_pci_prob... • https://git.kernel.org/stable/c/3cb47b50926a5b9eef8c06506a14cdc0f3d95c53 •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37743 – wifi: ath12k: Avoid memory leak while enabling statistics
https://notcve.org/view.php?id=CVE-2025-37743
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid memory leak while enabling statistics Driver uses monitor destination rings for extended statistics mode and standalone monitor mode. In extended statistics mode, TLVs are parsed from the buffer received from the monitor destination ring and assigned to the ppdu_info structure to update per-packet statistics. In standalone monitor mode, along with per-packet statistics, the packet data (payload) is captured, and the driv... • https://git.kernel.org/stable/c/286bab0fc7b9db728dab8c63cadf6be9b3facf8c •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37742 – jfs: Fix uninit-value access of imap allocated in the diMount() function
https://notcve.org/view.php?id=CVE-2025-37742
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount() function syzbot reports that hex_dump_to_buffer is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 print_hex_dump+0x13d/0x3e0 lib/hexdump.c:276 diFree+0x5ba/0x4350 fs/jfs/jfs_imap.c:876 jfs_evict_inode+0x510/0x550 fs/jfs/inode... • https://git.kernel.org/stable/c/4f10732712fce33e53703ffe5ed9155f23814097 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37741 – jfs: Prevent copying of nlink with value 0 from disk inode
https://notcve.org/view.php?id=CVE-2025-37741
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Prevent copying of nlink with value 0 from disk inode syzbot report a deadlock in diFree. [1] When calling "ioctl$LOOP_SET_STATUS64", the offset value passed in is 4, which does not match the mounted loop device, causing the mapping of the mounted loop device to be invalidated. When creating the directory and creating the inode of iag in diReadSpecial(), read the page of fixed disk inode (AIT) in raw mode in read_metapage(), the metapa... • https://git.kernel.org/stable/c/5b2f26d3fba4e9aac314f8bc0963b3fc28c0e456 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37740 – jfs: add sanity check for agwidth in dbMount
https://notcve.org/view.php?id=CVE-2025-37740
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add sanity check for agwidth in dbMount The width in dmapctl of the AG is zero, it trigger a divide error when calculating the control page level in dbAllocAG. To avoid this issue, add a check for agwidth in dbAllocAG. In the Linux kernel, the following vulnerability has been resolved: jfs: add sanity check for agwidth in dbMount The width in dmapctl of the AG is zero, it trigger a divide error when calculating the control page level i... • https://git.kernel.org/stable/c/a065cec230aa807c18828a3eee82f1c8592c2adf •