CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2025-37952 – ksmbd: Fix UAF in __close_file_table_ids
https://notcve.org/view.php?id=CVE-2025-37952
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while another thread holds a reference to it. The existing checks on fp->refcount are not sufficient to prevent this. The fix takes ft->lock around the section which removes the file from the file table. This prevents two threads acquiring the same file pointer via __close_file_table_ids, as well as the other functions ... • https://git.kernel.org/stable/c/fec1f9e9a650e8e7011330a085c77e7bf2a08ea9 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-37951 – drm/v3d: Add job to pending list if the reset was skipped
https://notcve.org/view.php?id=CVE-2025-37951
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won't be automatically freed through `... • https://git.kernel.org/stable/c/5235b56b7e5449d990d21d78723b1a5e7bb5738e •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-37949 – xenbus: Use kref to track req lifetime
https://notcve.org/view.php?id=CVE-2025-37949
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace:
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-37948 – arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
https://notcve.org/view.php?id=CVE-2025-37948
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp. In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cB... • https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2025-37947 – ksmbd: prevent out-of-bounds stream writes by validating *pos
https://notcve.org/view.php?id=CVE-2025-37947
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds memory write. This patch adds a check to ensure *pos is less than v_len before proceeding. If the condition fails, -EINVAL is returned. In the Linux kernel, the f... • https://git.kernel.org/stable/c/7f61da79df86fd140c7768e668ad846bfa7ec8e1 •
CVSS: 4.9EPSS: %CPEs: 6EXPL: 0CVE-2025-37945 – net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
https://notcve.org/view.php?id=CVE-2025-37945
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Those who call dsa_switch_suspend() and dsa_switch_resume() from their device PM ops: qca8k-8xxx, bcm_sf2, microchip ksz 2. Those who don't: all others. The above methods should be optional. For type 1, dsa_switch_suspend() calls dsa_user_suspend() -> phylink_stop(), and dsa_switch_resume() calls dsa_user_resume() -> phylink... • https://git.kernel.org/stable/c/744d23c71af39c7dc77ac7c3cac87ae86a181a85 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-37944 – wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
https://notcve.org/view.php?id=CVE-2025-37944
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption or crashes due to accessing incorrect memory locations. This h... • https://git.kernel.org/stable/c/2c512f2eadabb1e80816116894ffaf7d802a944e •
CVSS: 8.3EPSS: %CPEs: 5EXPL: 0CVE-2025-37943 – wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
https://notcve.org/view.php?id=CVE-2025-37943
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before proce... • https://git.kernel.org/stable/c/7f1d986da5c6abb75ffe4d0d325fc9b341c41a1c •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-37942 – HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
https://notcve.org/view.php?id=CVE-2025-37942
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX As noted by Anssi some 20 years ago, pool report is sometimes messed up. This worked fine on many devices but casued oops on VRS DirectForce PRO. Here, we're making sure pool report is refetched before trying to access any of it's fields. While loop was replaced with a for loop + exit conditions were moved aroud to decrease the possibility of creating an infinite loop scen... • https://git.kernel.org/stable/c/211861869766a7bb7c72158aee0140ec67e182a7 •
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2025-37940 – ftrace: Add cond_resched() to ftrace_graph_set_hash()
https://notcve.org/view.php?id=CVE-2025-37940
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced, the loop in ftrace_graph_set_hash() may take a lot of time to execute. This may trigger the softlockup watchdog. Add cond_resched() within the loop to allow the kernel to remain responsive even when processing a large number of functions. This matches the cond_resched() that is used in other locations of the code th... • https://git.kernel.org/stable/c/b9b0c831bed2682c2e3e9f5420fb6985549ef020 •