CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37858 – fs/jfs: Prevent integer overflow in AG size calculation
https://notcve.org/view.php?id=CVE-2025-37858
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group (AG) size using 1 << l2agsize in dbExtendFS(). When l2agsize exceeds 31 (possible with >2TB aggregates on 32-bit systems), this 32-bit shift operation causes undefined behavior and improper AG sizing. On 32-bit architectures: - Left-shifting 1 by 32+ bits results in 0 due to integer overflow - This creates invalid AG sizes (0 or garbage va... • https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37857 – scsi: st: Fix array overflow in st_setup()
https://notcve.org/view.php?id=CVE-2025-37857
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in st_setup() Change the array size to follow parms size instead of a fixed value. • https://git.kernel.org/stable/c/736ae988bfb5932c05625baff70fba224d547c08 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37856 – btrfs: harden block_group::bg_list against list_del() races
https://notcve.org/view.php?id=CVE-2025-37856
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: harden block_group::bg_list against list_del() races As far as I can tell, these calls of list_del_init() on bg_list cannot run concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(), as they are in transaction error paths and situations where the block group is readonly. However, if there is any chance at all of racing with mark_bg_unused(), or a different future user of bg_list, better to be safe than sorry. Otherwi... • https://git.kernel.org/stable/c/bf089c4d1141b27332c092b1dcca5022c415a3b6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37855 – drm/amd/display: Guard Possible Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2025-37855
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Guard Possible Null Pointer Dereference [WHY] In some situations, dc->res_pool may be null. [HOW] Check if pointer is null before dereference. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Guard Possible Null Pointer Dereference [WHY] In some situations, dc->res_pool may be null. [HOW] Check if pointer is null before dereference. • https://git.kernel.org/stable/c/dc2de1ac7145f882f3c03d2d6f84583ae7e35d41 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37854 – drm/amdkfd: Fix mode1 reset crash issue
https://notcve.org/view.php?id=CVE-2025-37854
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal user space to abort the processes. After process abort exit, user queues still use the GPU to access system memory before h/w is reset while KFD cleanup worker free system memory and free VRAM. There is use-after-free race bug that KFD allocate and reuse the freed system memory, and user queue write to the same system memory to c... • https://git.kernel.org/stable/c/57c9dabda80ac167de8cd71231baae37cc2f442d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37853 – drm/amdkfd: debugfs hang_hws skip GPU with MES
https://notcve.org/view.php?id=CVE-2025-37853
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: debugfs hang_hws skip GPU with MES debugfs hang_hws is used by GPU reset test with HWS, for MES this crash the kernel with NULL pointer access because dqm->packet_mgr is not setup for MES path. Skip GPU with MES for now, MES hang_hws debugfs interface will be supported later. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: debugfs hang_hws skip GPU with MES debugfs hang_hws is used by GPU reset te... • https://git.kernel.org/stable/c/a36f8d544522a19ef06ed9e84667d154dcb6be52 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37852 – drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
https://notcve.org/view.php?id=CVE-2025-37852
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Add error handling to propagate amdgpu_cgs_create_device() failures to the caller. When amdgpu_cgs_create_device() fails, release hwmgr and return -ENOMEM to prevent null pointer dereference. [v1]->[v2]: Change error code from -EINVAL to -ENOMEM. Free hwmgr. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_d... • https://git.kernel.org/stable/c/55ef52c30c3e747f145a64de96192e37a8fed670 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37851 – fbdev: omapfb: Add 'plane' value check
https://notcve.org/view.php?id=CVE-2025-37851
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' value check Function dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB of the enum parameter plane. The value of this parameter is initialized in dss_init_overlays and in the current state of the code it cannot take this value so it's not a real problem. For the purposes of defensive coding it wouldn't be superfluous to check the parameter value, because some functions down the call stack process ... • https://git.kernel.org/stable/c/559d67018950ced65c73358cd69c4bdd2b0c5dd6 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37849 – KVM: arm64: Tear down vGIC on failed vCPU creation
https://notcve.org/view.php?id=CVE-2025-37849
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destroyed but it can also lead to use-after-free if the redistributor device handling tries to walk into the vCPU. Add the missing cleanup to kvm_arch_vcpu_create(), e... • https://git.kernel.org/stable/c/07476e0d932afc53c05468076393ac35d0b4999e •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37841 – pm: cpupower: bench: Prevent NULL dereference on malloc failure
https://notcve.org/view.php?id=CVE-2025-37841
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference. In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference. • https://git.kernel.org/stable/c/34a9394794b0f97af6afedc0c9ee2012c24b28ed •