CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37923 – tracing: Fix oob write in trace_seq_to_buffer()
https://notcve.org/view.php?id=CVE-2025-37923
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260 CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainte... • https://git.kernel.org/stable/c/3c56819b14b00dd449bd776303e61f8532fad09f •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37921 – vxlan: vnifilter: Fix unlocked deletion of default FDB entry
https://notcve.org/view.php?id=CVE-2025-37921
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fix unlocked deletion of default FDB entry When a VNI is deleted from a VXLAN device in 'vnifilter' mode, the FDB entry associated with the default remote (assuming one was configured) is deleted without holding the hash lock. This is wrong and will result in a warning [1] being generated by the lockdep annotation that was added by commit ebe642067455 ("vxlan: Create wrappers for FDB lookup"). Reproducer: # ip link add vx0... • https://git.kernel.org/stable/c/f9c4bb0b245cee35ef66f75bf409c9573d934cf9 •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37920 – xsk: Fix race condition in AF_XDP generic RX path
https://notcve.org/view.php?id=CVE-2025-37920
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AF_XDP generic RX path Move rx_lock from xsk_socket to xsk_buff_pool. Fix synchronization for shared umem mode in generic RX path where multiple sockets share single xsk_buff_pool. RX queue is exclusive to xsk_socket, while FILL queue can be shared between multiple sockets. This could result in race condition where two CPU cores access RX path of two different sockets sharing the same umem. Protect both queues by ... • https://git.kernel.org/stable/c/bf0bdd1343efbbf65b4d53aef1fce14acbd79d50 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37915 – net_sched: drr: Fix double list add in class with netem as child qdisc
https://notcve.org/view.php?id=CVE-2025-37915
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In addition to checking for qlen being zero, this patch checks whether the class was already ... • https://git.kernel.org/stable/c/37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37914 – net_sched: ets: Fix double list add in class with netem as child qdisc
https://notcve.org/view.php?id=CVE-2025-37914
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of ets, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In addition to checking for qlen being zero, this patch checks whether the class was already ... • https://git.kernel.org/stable/c/37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37913 – net_sched: qfq: Fix double list add in class with netem as child qdisc
https://notcve.org/view.php?id=CVE-2025-37913
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of qfq, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. This patch checks whether the class was already added to the agg->active list (cl_is_active) ... • https://git.kernel.org/stable/c/37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37912 – ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
https://notcve.org/view.php?id=CVE-2025-37912
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI pointer values"), we need to perform a null pointer check on the return value of ice_get_vf_vsi() before using it. In the Linux kernel, the following vulnerability has been resolved: ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI pointer val... • https://git.kernel.org/stable/c/e81b674ead8e2172b2a69e7b45e079239ace4dbc •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37911 – bnxt_en: Fix out-of-bound memcpy() during ethtool -w
https://notcve.org/view.php?id=CVE-2025-37911
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory corruption: BUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] Corrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! • https://git.kernel.org/stable/c/c74751f4c39232c31214ec6a3bc1c7e62f5c728b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37909 – net: lan743x: Fix memleak issue when GSO enabled
https://notcve.org/view.php?id=CVE-2025-37909
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fix memleak issue when GSO enabled Always map the `skb` to the LS descriptor. Previously skb was mapped to EXT descriptor when the number of fragments is zero with GSO enabled. Mapping the skb to EXT descriptor prevents it from being freed, leading to a memory leak In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fix memleak issue when GSO enabled Always map the `skb` to the LS descriptor. Prev... • https://git.kernel.org/stable/c/23f0703c125be490f70501b6b24ed5645775c56a •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37905 – firmware: arm_scmi: Balance device refcount when destroying devices
https://notcve.org/view.php?id=CVE-2025-37905
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance device refcount when destroying devices Using device_find_child() to lookup the proper SCMI device to destroy causes an unbalance in device refcount, since device_find_child() calls an implicit get_device(): this, in turns, inhibits the call of the provided release methods upon devices destruction. As a consequence, one of the structures that is not freed properly upon destruction is the internal struct device_pr... • https://git.kernel.org/stable/c/d4f9dddd21f39395c62ea12d3d91239637d4805f •