CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37810 – usb: dwc3: gadget: check that event count does not exceed event buffer length
https://notcve.org/view.php?id=CVE-2025-37810
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length, avoiding an out-of-bounds access when memcpy'ing the event. Crash log: Unable to handle kernel paging request at virtual address ffffffc0129be000 pc : __memcpy+0... • https://git.kernel.org/stable/c/72246da40f3719af3bfd104a2365b32537c27d83 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37808 – crypto: null - Use spin lock instead of mutex
https://notcve.org/view.php?id=CVE-2025-37808
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm. In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm... • https://git.kernel.org/stable/c/f7a5a5c8e1ec16a4b2041398abe95de0e14572ef •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37807 – bpf: Fix kmemleak warning for percpu hashmap
https://notcve.org/view.php?id=CVE-2025-37807
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 (size 32): backtrace (crc 0): pcpu_alloc_noprof+0x730/0xeb0 bpf_map_alloc_percpu+0x69/0xc0 prealloc_init+0x9d/0x1b0 htab_map_alloc+0x363/0x510 map_create+0x215/0x3a0 __sys_bpf+0x16b/0x3e0 __x64_sys_bpf+0x18/0x20 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Further investigation shows the re... • https://git.kernel.org/stable/c/7758e308aeda1038aba1944f7302d34161b3effe •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37801 – spi: spi-imx: Add check for spi_imx_setupxfer()
https://notcve.org/view.php?id=CVE-2025-37801
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() return error, and make NULL pointer dereference. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: 0x0 spi_imx_pio_transfer+0x50/0xd8 spi_imx_transfer_one+0x18c/0x858 spi_transfer_one_message+0x43c/0x790 __spi_pu... • https://git.kernel.org/stable/c/2fea0d6d7b5d27fbf55512d51851ba0a346ede52 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37800 – driver core: fix potential NULL pointer dereference in dev_uevent()
https://notcve.org/view.php?id=CVE-2025-37800
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev->driver from a valid pointer to NULL may result in crash. Fix this by using READ_ONCE() when fetching the pointer, and take bus' drivers klist lock to make sure driver instance will not disappear while we access it. Use WRITE_ONCE() when setting... • https://git.kernel.org/stable/c/abe56be73eb10a677d16066f65ff9d30251f5eee •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-36791 – net_sched: keep alloc_hash updated after hash allocation
https://notcve.org/view.php?id=CVE-2020-36791
07 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash(). In the Linux kernel, the follo... • https://git.kernel.org/stable/c/73c29d2f6f8ae731b1e09051b69ed3ba2319482b •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21546 – scsi: target: Fix WRITE_SAME No Data Buffer crash
https://notcve.org/view.php?id=CVE-2022-21546
02 May 2025 — In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. CVSS 3.1 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_S... • https://git.kernel.org/stable/c/4226622647e3e5ac06d3ebc1605b917446157510 • CWE-476: NULL Pointer Dereference •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53141 – ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
https://notcve.org/view.php?id=CVE-2023-53141
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() ila_xlat_nl_cmd_get_mapping() generates an empty skb, triggerring a recent sanity check [1]. Instead, return an error code, so that user space can get it. [1] skb_assert_len WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 skb_assert_len include/linux/skbuff.h:2527 [inline] WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 __dev_queue_xmit+0x1bc0/0x3488 net/... • https://git.kernel.org/stable/c/7f00feaf107645d95a6d87e99b4d141ac0a08efd •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53140 – scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
https://notcve.org/view.php?id=CVE-2023-53140
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Remove the /proc/scsi/${proc_name} directory earlier Remove the /proc/scsi/${proc_name} directory earlier to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit 77c019768f06 ("[SCSI] fix /proc memory leak in the SCSI core"). Fix the following kernel warning: proc_dir_entry 'scsi/scsi_debug' already registered WARNING: CPU: 19 PID: 27986 at fs/proc/generic.c:376 proc_... • https://git.kernel.org/stable/c/77c019768f0607c36e25bec11ce3e1eabef09277 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53139 – nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
https://notcve.org/view.php?id=CVE-2023-53139
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds write in device_property_read_u8_array later. In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds ... • https://git.kernel.org/stable/c/a06347c04c13e380afce0c9816df51f00b83faf1 •