CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2025-37937 – objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
https://notcve.org/view.php?id=CVE-2025-37937
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call to dib8000_read32() returns zero, the result is a divide-by-zero. Prevent that from happening. Fixes the following warning with an UBSAN kernel: drivers/media/dvb-frontends/dib8000.o: warning: objtool: dib8000_tune() falls through to next function dib8096p_cfg_DibRx() In the Linux kernel, the following vulnerability has been resolved: objtool, m... • https://git.kernel.org/stable/c/173a64cb3fcff1993b2aa8113e53fd379f6a968f •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-37932 – sch_htb: make htb_qlen_notify() idempotent
https://notcve.org/view.php?id=CVE-2025-37932
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life. In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qle... • https://git.kernel.org/stable/c/73cf6af13153d62f9b76eff422eea79dbc70f15e •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-37931 – btrfs: adjust subpage bit start based on sectorsize
https://notcve.org/view.php?id=CVE-2025-37931
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty blocks sometimes, so this in fact affects all metadata writes. When writing out a subpage EB we scan the subpage bitmap for a dirty range. If the range isn't dirty we do bit_start++; to move onto the next bit. The probl... • https://git.kernel.org/stable/c/c4aec299fa8f73f0fd10bc556f936f0da50e3e83 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2025-37930 – drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
https://notcve.org/view.php?id=CVE-2025-37930
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences only ever get signaled through nouveau_fence_signal(). However, in at least one other place, nouveau_fence_done(), can signal fences, too. If that happens (race) a signaled fence remains in the pending list for a while, until it gets removed by nouveau_fence_update(). Should nouveau_fence_context_kill() run in the mean... • https://git.kernel.org/stable/c/ea13e5abf807ea912ce84eef6a1946b9a38c6508 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-37928 – dm-bufio: don't schedule in atomic context
https://notcve.org/view.php?id=CVE-2025-37928
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected:... • https://git.kernel.org/stable/c/7cd326747f46ffe1c7bff5682e97dfbcb98990ec •
CVSS: 7.8EPSS: %CPEs: 6EXPL: 0CVE-2025-37927 – iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
https://notcve.org/view.php?id=CVE-2025-37927
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIID_LEN against a total string length doesn't take into account the lengths of individual hid and uid buffers so the check is insufficient in some cases. For example if the length of hid string is 4 and the length of the uid string is 260, the length of str will be equal to AC... • https://git.kernel.org/stable/c/ca3bf5d47cec8b7614bcb2e9132c40081d6d81db •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-37926 – ksmbd: fix use-after-free in ksmbd_session_rpc_open
https://notcve.org/view.php?id=CVE-2025-37926
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_session_rpc_open A UAF issue can occur due to a race condition between ksmbd_session_rpc_open() and __session_rpc_close(). Add rpc_lock to the session to protect it. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_session_rpc_open A UAF issue can occur due to a race condition between ksmbd_session_rpc_open() and __session_rpc_close(). Add rpc_lock to t... • https://git.kernel.org/stable/c/8fb3b6c85b7e3127161623586b62abcc366caa20 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2025-37924 – ksmbd: fix use-after-free in kerberos authentication
https://notcve.org/view.php?id=CVE-2025-37924
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another thread could be operating on the session and make use of sess->user after it has been passed to ksmbd_free_user but before sess->user is set to NULL. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authen... • https://git.kernel.org/stable/c/e34a33d5d7e87399af0a138bb32f6a3e95dd83d2 •
CVSS: 7.8EPSS: %CPEs: 6EXPL: 0CVE-2025-37923 – tracing: Fix oob write in trace_seq_to_buffer()
https://notcve.org/view.php?id=CVE-2025-37923
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260 CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainte... • https://git.kernel.org/stable/c/3c56819b14b00dd449bd776303e61f8532fad09f •
CVSS: 5.4EPSS: %CPEs: 5EXPL: 0CVE-2025-37920 – xsk: Fix race condition in AF_XDP generic RX path
https://notcve.org/view.php?id=CVE-2025-37920
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AF_XDP generic RX path Move rx_lock from xsk_socket to xsk_buff_pool. Fix synchronization for shared umem mode in generic RX path where multiple sockets share single xsk_buff_pool. RX queue is exclusive to xsk_socket, while FILL queue can be shared between multiple sockets. This could result in race condition where two CPU cores access RX path of two different sockets sharing the same umem. Protect both queues by ... • https://git.kernel.org/stable/c/bf0bdd1343efbbf65b4d53aef1fce14acbd79d50 •