CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37886 – pds_core: make wait_context part of q_info
https://notcve.org/view.php?id=CVE-2025-37886
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pds_core: make wait_context part of q_info Make the wait_context a full part of the q_info struct rather than a stack variable that goes away after pdsc_adminq_post() is done so that the context is still available after the wait loop has given up. There was a case where a slow development firmware caused the adminq request to time out, but then later the FW finally finished the request and sent the interrupt. The handler tried to complete_a... • https://git.kernel.org/stable/c/01ba61b55b2041a39c54aefb3153c770dd59a0ef •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37885 – KVM: x86: Reset IRTE to host control if *new* route isn't postable
https://notcve.org/view.php?id=CVE-2025-37885
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. Updating the IRTE if and only if the new GSI is an MSI results in KVM leaving an IRTE posting to a vCPU. The dangling IRTE can result in interrupts being incorrectly delivered to the guest, and in the worst... • https://git.kernel.org/stable/c/efc644048ecde54f016011fe10110addd0de348f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37883 – s390/sclp: Add check for get_zeroed_page()
https://notcve.org/view.php?id=CVE-2025-37883
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Furthermore, to solve the memory leak caused by the loop allocation, add a free helper to do the free job. In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_ini... • https://git.kernel.org/stable/c/4c8f4794b61e89dd68f96cfc23a9d9b6c25be420 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37882 – usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
https://notcve.org/view.php?id=CVE-2025-37882
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event, a new TD may be queued at this ring position. I can trigger this race by rising interrupt moderation to increase IRQ handling delay. Similar delay may occur naturally due to system load. If this ever happens after ... • https://git.kernel.org/stable/c/608b973b70f87e9a9bafbfdfa16aab68507aef45 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37881 – usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
https://notcve.org/view.php?id=CVE-2025-37881
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool In the Linux kernel, the following vulnerability has been resolved: usb: gad... • https://git.kernel.org/stable/c/7ecca2a4080cb6b1fa174adc588fce9e9014c43c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37880 – um: work around sched_yield not yielding in time-travel mode
https://notcve.org/view.php?id=CVE-2025-37880
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield by a userspace may not actually cause scheduling in time-travel mode as no time has passed. In the case seen it appears to be a badly implemented userspace spinlock in ASAN. Unfortunately, with time-travel it causes an extreme slowdown or even deadlock depending on the kernel configuration (CONFIG_UML_MAX_USERSPACE_ITERATIONS). Work around it by accounting time to the ... • https://git.kernel.org/stable/c/065038706f77a56754e8f0c2556dab7e22dfe577 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37879 – 9p/net: fix improper handling of bogus negative read/write replies
https://notcve.org/view.php?id=CVE-2025-37879
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) <= rsize (positive) because both variables were signed. Make variables unsigned to avoid this problem. The reproducer linked below now fails with the following error instead of a null pointer deref: 9pnet: bo... • https://git.kernel.org/stable/c/070b3656cf228eaaef7b28b59264c5c7cdbdd0fb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37876 – netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS
https://notcve.org/view.php?id=CVE-2025-37876
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS When testing a special config: CONFIG_NETFS_SUPPORTS=y CONFIG_PROC_FS=n The system crashes with something like: [ 3.766197] ------------[ cut here ]------------ [ 3.766484] kernel BUG at mm/mempool.c:560! [ 3.766789] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 3.767123] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W [ 3.767777] Tainted: [W]=WARN [ 3.767968] Hardware name: QEMU Standar... • https://git.kernel.org/stable/c/7eb5b3e3a0a55f2d166ca949ef47ca6e0c704aab •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37875 – igc: fix PTM cycle trigger logic
https://notcve.org/view.php?id=CVE-2025-37875
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The issue can be reproduced with the following: $ sudo phc2sys -R 1000 -O 0 -i tsn0 -m Note: 1000 Hz (-R 1000) is unrealistically large, but provides a way to quickly reproduce the issue. PHC2SYS exits with: "ioctl PTP_OF... • https://git.kernel.org/stable/c/a90ec84837325df4b9a6798c2cc0df202b5680bd •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37874 – net: ngbe: fix memory leak in ngbe_probe() error path
https://notcve.org/view.php?id=CVE-2025-37874
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ngbe: fix memory leak in ngbe_probe() error path When ngbe_sw_init() is called, memory is allocated for wx->rss_key in wx_init_rss_key(). However, in ngbe_probe() function, the subsequent error paths after ngbe_sw_init() don't free the rss_key. Fix that by freeing it in error path along with wx->mac_table. Also change the label to which execution jumps when ngbe_sw_init() fails, because otherwise, it could lead to a double free for rss... • https://git.kernel.org/stable/c/02338c484ab6250b81f0266ffb40d53c3efe0f47 •