CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37849 – KVM: arm64: Tear down vGIC on failed vCPU creation
https://notcve.org/view.php?id=CVE-2025-37849
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destroyed but it can also lead to use-after-free if the redistributor device handling tries to walk into the vCPU. Add the missing cleanup to kvm_arch_vcpu_create(), e... • https://git.kernel.org/stable/c/07476e0d932afc53c05468076393ac35d0b4999e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37848 – accel/ivpu: Fix PM related deadlocks in MS IOCTLs
https://notcve.org/view.php?id=CVE-2025-37848
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix PM related deadlocks in MS IOCTLs Prevent runtime resume/suspend while MS IOCTLs are in progress. Failed suspend will call ivpu_ms_cleanup() that would try to acquire file_priv->ms_lock, which is already held by the IOCTLs. In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix PM related deadlocks in MS IOCTLs Prevent runtime resume/suspend while MS IOCTLs are in progress. Failed suspend will ca... • https://git.kernel.org/stable/c/cdfad4db7756563db7d458216d9e3c2651dddc7d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37847 – accel/ivpu: Fix deadlock in ivpu_ms_cleanup()
https://notcve.org/view.php?id=CVE-2025-37847
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in ivpu_ms_cleanup() Fix deadlock in ivpu_ms_cleanup() by preventing runtime resume after file_priv->ms_lock is acquired. During a failure in runtime resume, a cold boot is executed, which calls ivpu_ms_cleanup_all(). This function calls ivpu_ms_cleanup() that acquires file_priv->ms_lock and causes the deadlock. In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in ivpu_ms_c... • https://git.kernel.org/stable/c/cdfad4db7756563db7d458216d9e3c2651dddc7d •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37846 – arm64: mops: Do not dereference src reg for a set operation
https://notcve.org/view.php?id=CVE-2025-37846
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET* and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET* sequence with XZR (reg 31) as the source. Architecturally this is the only case where a src/dst/size field in the ESR can be reported as 31. Prior to 2de451a329cf662b the code in do_el0_mops() was benign as the use... • https://git.kernel.org/stable/c/2de451a329cf662beeba71f63c7f83ee24ca6642 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37845 – tracing: fprobe events: Fix possible UAF on modules
https://notcve.org/view.php?id=CVE-2025-37845
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved try_module_get() from __find_tracepoint_module_cb() to find_tracepoint() caller, but that introduced a possible UAF because the module can be unloaded before try_module_get(). In this case, the module object should be freed too. Thus, try_module_get() does not only fail but may access to the freed object. ... • https://git.kernel.org/stable/c/71c9cf87776eaa556fc0a0a060df94200e1f521c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37844 – cifs: avoid NULL pointer dereference in dbg call
https://notcve.org/view.php?id=CVE-2025-37844
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer dereference in dbg call cifs_server_dbg() implies server to be non-NULL so move call under condition to avoid NULL pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer dereference in dbg call cifs_server_dbg() implies server to be non-NULL so move call under condition to avoid NULL pointer d... • https://git.kernel.org/stable/c/e79b0332ae06b4895dcecddf4bbc5d3917e9383c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37843 – PCI: pciehp: Avoid unnecessary device replacement check
https://notcve.org/view.php?id=CVE-2025-37843
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Avoid unnecessary device replacement check Hot-removal of nested PCI hotplug ports suffers from a long-standing race condition which can lead to a deadlock: A parent hotplug port acquires pci_lock_rescan_remove(), then waits for pciehp to unbind from a child hotplug port. Meanwhile that child hotplug port tries to acquire pci_lock_rescan_remove() as well in order to remove its own children. The deadlock only occurs if the paren... • https://git.kernel.org/stable/c/9d573d19547b3fae0c1d4e5fce52bdad3fda3664 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37842 – spi: fsl-qspi: use devm function instead of driver remove
https://notcve.org/view.php?id=CVE-2025-37842
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kernel panic. Drop the remove function and use devm_add_action_or_reset() for driver cleanup to ensure the release sequence. Trigger kernel panic on i.MX8MQ by echo 30bb0000.spi >/sys/bus/platform/drivers/fsl-quadspi/un... • https://git.kernel.org/stable/c/8fcb830a00f0980ffe38d223cdd9a4d2d24da476 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37841 – pm: cpupower: bench: Prevent NULL dereference on malloc failure
https://notcve.org/view.php?id=CVE-2025-37841
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference. In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference. • https://git.kernel.org/stable/c/34a9394794b0f97af6afedc0c9ee2012c24b28ed •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37840 – mtd: rawnand: brcmnand: fix PM resume warning
https://notcve.org/view.php?id=CVE-2025-37840
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: fix PM resume warning Fixed warning on PM resume as shown below caused due to uninitialized struct nand_operation that checks chip select field : WARN_ON(op->cs >= nanddev_ntargets(&chip->base) [ 14.588522] ------------[ cut here ]------------ [ 14.588529] WARNING: CPU: 0 PID: 1392 at drivers/mtd/nand/raw/internals.h:139 nand_reset_op+0x1e0/0x1f8 [ 14.588553] Modules linked in: bdc udc_core [ 14.588579] CPU: 0 UID: 0... • https://git.kernel.org/stable/c/97d90da8a886949f09bb4754843fb0b504956ad2 •