CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37829 – cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
https://notcve.org/view.php?id=CVE-2025-37829
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CP... • https://git.kernel.org/stable/c/343a8d17fa8d6dd97f408e8fedbcef12073f3774 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37828 – scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
https://notcve.org/view.php?id=CVE-2025-37828
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() A race can occur between the MCQ completion path and the abort handler: once a request completes, __blk_mq_free_request() sets rq->mq_hctx to NULL, meaning the subsequent ufshcd_mcq_req_to_hwq() call in ufshcd_mcq_abort() can return a NULL pointer. If this NULL pointer is dereferenced, the kernel will crash. Add a NULL check for the returned hwq pointer. If hwq is NULL, log an error and r... • https://git.kernel.org/stable/c/f1304d4420777f82a1d844c606db3d9eca841765 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37826 – scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
https://notcve.org/view.php?id=CVE-2025-37826
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Add a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq(). This is similar to the fix in commit 74736103fb41 ("scsi: ufs: core: Fix ufshcd_abort_one racing issue"). In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Add a NULL check for the returned hwq pointer by ufshc... • https://git.kernel.org/stable/c/ab248643d3d68b30f95ee9c238a5a20a06891204 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37824 – tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
https://notcve.org/view.php?id=CVE-2025-37824
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() syzbot reported: tipc: Node number set to 1055423674 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q... • https://git.kernel.org/stable/c/28845c28f842e9e55e75b2c116bff714bb039055 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37823 – net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
https://notcve.org/view.php?id=CVE-2025-37823
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer. In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37822 – riscv: uprobes: Add missing fence.i after building the XOL buffer
https://notcve.org/view.php?id=CVE-2025-37822
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after building the XOL buffer The XOL (execute out-of-line) buffer is used to single-step the replaced instruction(s) for uprobes. The RISC-V port was missing a proper fence.i (i$ flushing) after constructing the XOL buffer, which can result in incorrect execution of stale/broken instructions. This was found running the BPF selftests "test_progs: uprobe_autoattach, attach_probe" on the Spacemit K1/X60, wh... • https://git.kernel.org/stable/c/74784081aac8a0f3636965fc230e2d3b7cc123c6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37820 – xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
https://notcve.org/view.php?id=CVE-2025-37820
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may return NULL if it fails to correctly convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or invalid data. Failing to check for NULL may lead to a NULL pointer dereference if the result is used later in processing, potentially causing crashes, data corruption, or undefined behavior. On XDP redirect f... • https://git.kernel.org/stable/c/6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37819 – irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
https://notcve.org/view.php?id=CVE-2025-37819
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400... • https://git.kernel.org/stable/c/0644b3daca28dcb320373ae20069c269c9386304 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37818 – LoongArch: Return NULL from huge_pte_offset() for invalid PMD
https://notcve.org/view.php?id=CVE-2025-37818
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Return NULL from huge_pte_offset() for invalid PMD LoongArch's huge_pte_offset() currently returns a pointer to a PMD slot even if the underlying entry points to invalid_pte_table (indicating no mapping). Callers like smaps_hugetlb_range() fetch this invalid entry value (the address of invalid_pte_table) via this pointer. The generic is_swap_pte() check then incorrectly identifies this address as a swap entry on LoongArch, becaus... • https://git.kernel.org/stable/c/34256805720993e37adf6127371a1265aea8376a •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37817 – mcb: fix a double free bug in chameleon_parse_gdd()
https://notcve.org/view.php?id=CVE-2025-37817
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails. In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_de... • https://git.kernel.org/stable/c/3764e82e5150d87b205c10cd78a9c9ab86fbfa51 •