CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39728 – clk: samsung: Fix UBSAN panic in samsung_clk_init()
https://notcve.org/view.php?id=CVE-2025-39728
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38637 – net_sched: skbprio: Remove overly strict queue assertions
https://notcve.org/view.php?id=CVE-2025-38637
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packets in the child qdisc without actually dequeuing them when tokens are unavailable. This peek operation creates a discrepancy between the parent ... • https://git.kernel.org/stable/c/aea5f654e6b78a0c976f7a25950155932c77a53f •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38575 – ksmbd: use aead_request_free to match aead_request_alloc
https://notcve.org/view.php?id=CVE-2025-38575
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: usar aead_request_free para coincidir con aead_request_alloc. Usar aead_request_free() en lugar de kfree() para liberar correctamente la memoria a... • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38240 – drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
https://notcve.org/view.php?id=CVE-2025-38240
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr The function mtk_dp_wait_hpd_asserted() may be called before the `mtk_dp->drm_dev` pointer is assigned in mtk_dp_bridge_attach(). Specifically it can be called via this callpath: - mtk_edp_wait_hpd_asserted - [panel probe] - dp_aux_ep_probe Using "drm" level prints anywhere in this callpath causes a NULL pointer dereference. Change the error message directly in mtk_dp_wait_h... • https://git.kernel.org/stable/c/7eacba9a083be65c0f251c19380ec01147c01ebc •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38152 – remoteproc: core: Clear table_sz when rproc_shutdown
https://notcve.org/view.php?id=CVE-2025-38152
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear table_sz when rproc_shutdown There is case as below could trigger kernel dump: Use U-Boot to start remote processor(rproc) with resource table published to a fixed address by rproc. After Kernel boots up, stop the rproc, load a new firmware which doesn't have resource table ,and start rproc. When starting rproc with a firmware not have resource table, `memcpy(loaded_table, rproc->cached_table, rproc->table_sz)` will ... • https://git.kernel.org/stable/c/9dc9507f1880fb6225e3e058cb5219b152cbf198 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38104 – drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
https://notcve.org/view.php?id=CVE-2025-38104
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB flushes and register reads. When multiple threads or VFs try to access the same registers simultaneously, it can lead to race conditions. By using the RLCG interface, the driver can serialize access to the register... • https://git.kernel.org/stable/c/e864180ee49b4d30e640fd1e1d852b86411420c9 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37925 – jfs: reject on-disk inodes of an unsupported type
https://notcve.org/view.php?id=CVE-2025-37925
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:clear_inode+0x168/0x190 Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 ... • https://git.kernel.org/stable/c/79ac5a46c5c1c17476fbf84b4d4600d6d565defd •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37893 – LoongArch: BPF: Fix off-by-one error in build_prologue()
https://notcve.org/view.php?id=CVE-2025-37893
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix off-by-one error in build_prologue() Vincent reported that running BPF progs with tailcalls on LoongArch causes kernel hard lockup. Debugging the issues shows that the JITed image missing a jirl instruction at the end of the epilogue. There are two passes in JIT compiling, the first pass set the flags and the second pass generates JIT code based on those flags. With BPF progs mixing bpf2bpf and tailcalls, build_prologue(... • https://git.kernel.org/stable/c/5dc615520c4dfb358245680f1904bad61116648e •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37860 – sfc: fix NULL dereferences in ef100_process_design_param()
https://notcve.org/view.php?id=CVE-2025-37860
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_set_tso_max_size() or _segs() at this point. Move those netif calls to ef100_probe_netdev(), and also replace netif_err within the design params code with pci_err. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sfc: s... • https://git.kernel.org/stable/c/98ff4c7c8ac7f5339aac6114105395fea19f992e •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37785 – ext4: fix OOB read when checking dotdot dir
https://notcve.org/view.php?id=CVE-2025-37785
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted directory is removed). ext4_empty_dir() assumes every ext4 directory contains at least '.' and '..' as directory entries in the first data block. It first loads the '.' dir entry, performs sanity checks by calling ext4_check_dir_entry() ... • https://git.kernel.org/stable/c/ac27a0ec112a089f1a5102bc8dffc79c8c815571 •