CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37755 – net: libwx: handle page_pool_dev_alloc_pages error
https://notcve.org/view.php?id=CVE-2025-37755
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: libwx: handle page_pool_dev_alloc_pages error page_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page) but it would still proceed to use the NULL pointer and then crash. This is similar to commit 001ba0902046 ("net: fec: handle page_pool_dev_alloc_pages error"). This is found by our static analysis tool KNighter. • https://git.kernel.org/stable/c/3c47e8ae113a68da47987750d9896e325d0aeedd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37754 – drm/i915/huc: Fix fence not released on early probe errors
https://notcve.org/view.php?id=CVE-2025-37754
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da ("drm/i915/huc: track delayed HuC load with a fence"), is registered with object tracker early on driver probe but unregistered only from driver remove, which is not called on early probe errors. Since its memory is allocated under devres, then released anyway, it may happen to be allocated again to the fence and reused... • https://git.kernel.org/stable/c/27536e03271da3dafcdddf735102041a26ad5bd0 •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37752 – net_sched: sch_sfq: move the limit validation
https://notcve.org/view.php?id=CVE-2025-37752
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the limit validation It is not sufficient to directly validate the limit on the data that the user passes as it can be updated based on how the other parameters are changed. Move the check at the end of the configuration update process to also catch scenarios where the limit is indirectly updated, for example with the following configurations: tc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1 tc qdi... • https://git.kernel.org/stable/c/35d0137305ae2f97260a9047f445bd4434bd6cc7 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37750 – smb: client: fix UAF in decryption with multichannel
https://notcve.org/view.php?id=CVE-2025-37750
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary server") and commit b0abcd65ec54 ("smb: client: fix UAF in async decryption"), the channels started reusing AEAD TFM from primary channel to perform synchronous decryption, but that can't done as there could be multiple cifsd threads (one per channel) simultaneously accessing it to perform decryption. This fixes the... • https://git.kernel.org/stable/c/b0abcd65ec545701b8793e12bc27dc98042b151a •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37749 – net: ppp: Add bound checking for skb data on ppp_sync_txmung
https://notcve.org/view.php?id=CVE-2025-37749
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an empty payload: (remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37748 – iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
https://notcve.org/view.php?id=CVE-2025-37748
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Currently, mtk_iommu calls during probe iommu_device_register before the hw_list from driver data is initialized. Since iommu probing issue fix, it leads to NULL pointer dereference in mtk_iommu_device_group when hw_list is accessed with list_first_entry (not null safe). So, change the call order to ensure iommu_device_register is called after the driver data are initializ... • https://git.kernel.org/stable/c/9e3a2a64365318a743e3c0b028952d2cdbaf2b0c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37747 – perf: Fix hang while freeing sigtrap event
https://notcve.org/view.php?id=CVE-2025-37747
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: Fix hang while freeing sigtrap event Perf can hang while freeing a sigtrap event if a related deferred signal hadn't managed to be sent before the file got closed: perf_event_overflow() task_work_add(perf_pending_task) fput() task_work_add(____fput()) task_work_run() ____fput() perf_release() perf_event_release_kernel() _free_event() perf_pending_task_sync() task_work_cancel() -> FAILED rcuwait_wait_event() Once task_work_run() is run... • https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37746 – perf/dwc_pcie: fix duplicate pci_dev devices
https://notcve.org/view.php?id=CVE-2025-37746
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_device_register, wrongly using struct device pci_dev as platform_data caused a kmemdup copy of pci_dev. Worse still, accessing the duplicated device leads to list corruption as its mutex content (e.g., list, magic) remains the same as the original. In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_devic... • https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37745 – PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
https://notcve.org/view.php?id=CVE-2025-37745
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() syzbot reported a deadlock in lock_system_sleep() (see below). The write operation to "/sys/module/hibernate/parameters/compressor" conflicts with the registration of ieee80211 device, resulting in a deadlock when attempting to acquire system_transition_mutex under param_lock. To avoid this deadlock, change hibernate_compressor_param_set() to use mutex_trylock() for attemptin... • https://git.kernel.org/stable/c/11ae4fec1f4b4ee06770a572c37d89cbaecbf66e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37744 – wifi: ath12k: fix memory leak in ath12k_pci_remove()
https://notcve.org/view.php?id=CVE-2025-37744
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_pci_remove() Kmemleak reported this error: unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (age 235.596s) backtrace: [<000000005434db68>] __kmem_cache_alloc_node+0x1f4/0x2c0 [<000000001203b155>] kmalloc_trace+0x40/0x88 [<0000000028adc9c8>] _request_firmware+0xb8/0x608 [<00000000cad1aef7>] firmware_request_nowarn+0x50/0x80 [<000000005011a682>] local_pci_prob... • https://git.kernel.org/stable/c/3cb47b50926a5b9eef8c06506a14cdc0f3d95c53 •