CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37764 – drm/imagination: fix firmware memory leaks
https://notcve.org/view.php?id=CVE-2025-37764
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/imagination: fix firmware memory leaks Free the memory used to hold the results of firmware image processing when the module is unloaded. Fix the related issue of the same memory being leaked if processing of the firmware image fails during module load. Ensure all firmware GEM objects are destroyed if firmware image processing fails. Fixes memory leaks on powervr module unload detected by Kmemleak: unreferenced object 0xffff000042e20000... • https://git.kernel.org/stable/c/cc1aeedb98ad347c06ff59e991b2f94dfb4c565d •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37763 – drm/imagination: take paired job reference
https://notcve.org/view.php?id=CVE-2025-37763
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/imagination: take paired job reference For paired jobs, have the fragment job take a reference on the geometry job, so that the geometry job cannot be freed until the fragment job has finished with it. The geometry job structure is accessed when the fragment job is being prepared by the GPU scheduler. Taking the reference prevents the geometry job being freed until the fragment job no longer requires it. Fixes a use after free bug detec... • https://git.kernel.org/stable/c/eaf01ee5ba28b97f96a3d3eec4c5fbfb37ee4cde •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37762 – drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb()
https://notcve.org/view.php?id=CVE-2025-37762
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb() Correct error handling in prepare_fb() to fix leaking resources when error happens. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb() Correct error handling in prepare_fb() to fix leaking resources when error happens. • https://git.kernel.org/stable/c/4a696a2ee646ea6f24c28b3624175a7b35482c52 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37761 – drm/xe: Fix an out-of-bounds shift when invalidating TLB
https://notcve.org/view.php?id=CVE-2025-37761
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix an out-of-bounds shift when invalidating TLB When the size of the range invalidated is larger than rounddown_pow_of_two(ULONG_MAX), The function macro roundup_pow_of_two(length) will hit an out-of-bounds shift [1]. Use a full TLB invalidation for such cases. v2: - Use a define for the range size limit over which we use a full TLB invalidation. (Lucas) - Use a better calculation of the limit. [1]: [ 39.202421] ------------[ cut h... • https://git.kernel.org/stable/c/332dd0116c82a75df175a459fa69dda3f23491a7 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37760 – mm/vma: add give_up_on_oom option on modify/merge, use in uffd release
https://notcve.org/view.php?id=CVE-2025-37760
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Currently, if a VMA merge fails due to an OOM condition arising on commit merge or a failure to duplicate anon_vma's, we report this so the caller can handle it. However there are cases where the caller is only ostensibly trying a merge, and doesn't mind if it fails due to this condition. Since we do not want to introduce an implicit assumption that we only actually modi... • https://git.kernel.org/stable/c/79636d2981b066acd945117387a9533f56411f6f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37759 – ublk: fix handling recovery & reissue in ublk_abort_queue()
https://notcve.org/view.php?id=CVE-2025-37759
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ublk: fix handling recovery & reissue in ublk_abort_queue() Commit 8284066946e6 ("ublk: grab request reference when the request is handled by userspace") doesn't grab request reference in case of recovery reissue. Then the request can be requeued & re-dispatch & failed when canceling uring command. If it is one zc request, the request can be freed before io_uring returns the zc buffer back, then cause kernel panic: [ 126.773061] BUG: kernel... • https://git.kernel.org/stable/c/8284066946e6d9cc979566ce698fe24e7ca0b31e •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37758 – ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
https://notcve.org/view.php?id=CVE-2025-37758
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does not check for this case, which can result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue. In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL ... • https://git.kernel.org/stable/c/2dc6c6f15da97cb3e810963c80e981f19d42cd7d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37757 – tipc: fix memory leak in tipc_link_xmit
https://notcve.org/view.php?id=CVE-2025-37757
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_link_xmit In case the backlog transmit queue for system-importance messages is overloaded, tipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to memory leak and failure when a skb is allocated. This commit fixes this issue by purging the skb list before tipc_link_xmit() returns. In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_link_xmit ... • https://git.kernel.org/stable/c/365ad353c2564bba8835290061308ba825166b3a •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37756 – net: tls: explicitly disallow disconnect
https://notcve.org/view.php?id=CVE-2025-37756
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago. Supporting disconnect is really hard, for one thing if offload is enabled we'd need to wait for all packets to be _acked_. Disconnect is not commonly used, disallow it. The immediate problem syzbot run into is the war... • https://git.kernel.org/stable/c/3c4d7559159bfe1e3b94df3a657b2cda3a34e218 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37755 – net: libwx: handle page_pool_dev_alloc_pages error
https://notcve.org/view.php?id=CVE-2025-37755
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: libwx: handle page_pool_dev_alloc_pages error page_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page) but it would still proceed to use the NULL pointer and then crash. This is similar to commit 001ba0902046 ("net: fec: handle page_pool_dev_alloc_pages error"). This is found by our static analysis tool KNighter. • https://git.kernel.org/stable/c/3c47e8ae113a68da47987750d9896e325d0aeedd •