CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37956 – ksmbd: prevent rename with empty string
https://notcve.org/view.php?id=CVE-2025-37956
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from d_alloc. This patch return the error when attempting to rename a file or directory with an empty new name string. In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from d_alloc.... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37954 – smb: client: Avoid race in open_cached_dir with lease breaks
https://notcve.org/view.php?id=CVE-2025-37954
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir might race with a lease break, meaning open_cached_dir doesn't consider it valid, and thinks it's newly-constructed. This leaks a dentry reference if the allocation occurs before the queued lease break work runs. Avoid the race by extending holding the cfid_list_lock across find_or_create_cached_dir and when the res... • https://git.kernel.org/stable/c/2ed98e89ebc2e1bc73534dc3c18cb7843a889ff9 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37952 – ksmbd: Fix UAF in __close_file_table_ids
https://notcve.org/view.php?id=CVE-2025-37952
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while another thread holds a reference to it. The existing checks on fp->refcount are not sufficient to prevent this. The fix takes ft->lock around the section which removes the file from the file table. This prevents two threads acquiring the same file pointer via __close_file_table_ids, as well as the other functions ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37951 – drm/v3d: Add job to pending list if the reset was skipped
https://notcve.org/view.php?id=CVE-2025-37951
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won't be automatically freed through `... • https://git.kernel.org/stable/c/5235b56b7e5449d990d21d78723b1a5e7bb5738e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37949 – xenbus: Use kref to track req lifetime
https://notcve.org/view.php?id=CVE-2025-37949
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37948 – arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
https://notcve.org/view.php?id=CVE-2025-37948
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp. In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cB... • https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37947 – ksmbd: prevent out-of-bounds stream writes by validating *pos
https://notcve.org/view.php?id=CVE-2025-37947
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds memory write. This patch adds a check to ensure *pos is less than v_len before proceeding. If the condition fails, -EINVAL is returned. In the Linux kernel, the f... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37945 – net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
https://notcve.org/view.php?id=CVE-2025-37945
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Those who call dsa_switch_suspend() and dsa_switch_resume() from their device PM ops: qca8k-8xxx, bcm_sf2, microchip ksz 2. Those who don't: all others. The above methods should be optional. For type 1, dsa_switch_suspend() calls dsa_user_suspend() -> phylink_stop(), and dsa_switch_resume() calls dsa_user_resume() -> phylink... • https://git.kernel.org/stable/c/744d23c71af39c7dc77ac7c3cac87ae86a181a85 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37942 – HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
https://notcve.org/view.php?id=CVE-2025-37942
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX As noted by Anssi some 20 years ago, pool report is sometimes messed up. This worked fine on many devices but casued oops on VRS DirectForce PRO. Here, we're making sure pool report is refetched before trying to access any of it's fields. While loop was replaced with a for loop + exit conditions were moved aroud to decrease the possibility of creating an infinite loop scen... • https://git.kernel.org/stable/c/211861869766a7bb7c72158aee0140ec67e182a7 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37940 – ftrace: Add cond_resched() to ftrace_graph_set_hash()
https://notcve.org/view.php?id=CVE-2025-37940
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced, the loop in ftrace_graph_set_hash() may take a lot of time to execute. This may trigger the softlockup watchdog. Add cond_resched() within the loop to allow the kernel to remain responsive even when processing a large number of functions. This matches the cond_resched() that is used in other locations of the code th... • https://git.kernel.org/stable/c/b9b0c831bed2682c2e3e9f5420fb6985549ef020 •