CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-37836 – PCI: Fix reference leak in pci_register_host_bridge()
https://notcve.org/view.php?id=CVE-2025-37836
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reference leak in pci_register_host_bridge() If device_register() fails, call put_device() to give up the reference to avoid a memory leak, per the comment at device_register(). Found by code review. [bhelgaas: squash Dan Carpenter's double free fix from https://lore.kernel.org/r/db806a6c-a91b-4e5a-a84b-6b7e01bdac85@stanley.mountain] • https://git.kernel.org/stable/c/37d6a0a6f4700ad3ae7bbf8db38b4557e97b3fe4 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37835 – smb: client: Fix netns refcount imbalance causing leaks and use-after-free
https://notcve.org/view.php?id=CVE-2025-37835
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix netns refcount imbalance causing leaks and use-after-free Commit ef7134c7fc48 ("smb: client: Fix use-after-free of network namespace.") attempted to fix a netns use-after-free issue by manually adjusting reference counts via sk->sk_net_refcnt and sock_inuse_add(). However, a later commit e9f2517a3e18 ("smb: client: fix TCP timers deadlock after rmmod") pointed out that the approach of manually setting sk->sk_net_refcnt in t... • https://git.kernel.org/stable/c/e8c71494181153a134c96da28766a57bd1eac8cb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37834 – mm/vmscan: don't try to reclaim hwpoison folio
https://notcve.org/view.php?id=CVE-2025-37834
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 users Memory failure: 0x18b00e: recovery action for dirty swapcache page: Failed page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e memcg:ffff0000dd6d9000 anon flags: 0x5ffffe00482011... • https://git.kernel.org/stable/c/1c9798bf8145a92abf45aa9d38a6406d9eb8bdf0 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-37833 – net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
https://notcve.org/view.php?id=CVE-2025-37833
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Fix niu_try_msix() to not cause a fatal trap on sparc systems. Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to work around a bug in the hardware or firmware. For each vector entry in the msix table, niu chips will cause a fatal trap if any registers in that entry are read before that entries' ENTRY_DATA register is written to. Testing indicates writ... • https://git.kernel.org/stable/c/7d5ec3d3612396dc6d4b76366d20ab9fc06f399f •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37832 – cpufreq: sun50i: prevent out-of-bounds access
https://notcve.org/view.php?id=CVE-2025-37832
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: sun50i: prevent out-of-bounds access A KASAN enabled kernel reports an out-of-bounds access when handling the nvmem cell in the sun50i cpufreq driver: ================================================================== BUG: KASAN: slab-out-of-bounds in sun50i_cpufreq_nvmem_probe+0x180/0x3d4 Read of size 4 at addr ffff000006bf31e0 by task kworker/u16:1/38 This is because the DT specifies the nvmem cell as covering only two bytes, but... • https://git.kernel.org/stable/c/6cc4bcceff9af0e6be9738096d95e4ba75e75123 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37831 – cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()
https://notcve.org/view.php?id=CVE-2025-37831
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. apple_soc_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() cpufreq_cpu_get_raw() can retur... • https://git.kernel.org/stable/c/6286bbb40576ffadfde206c332b61345c19af57f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37830 – cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
https://notcve.org/view.php?id=CVE-2025-37830
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. Add NULL check after cpufreq_cpu_get_raw() to prevent this issue. In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_g... • https://git.kernel.org/stable/c/99d6bdf3387734d75e3e34e94a58b8a355b7a9c8 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37829 – cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
https://notcve.org/view.php?id=CVE-2025-37829
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CP... • https://git.kernel.org/stable/c/343a8d17fa8d6dd97f408e8fedbcef12073f3774 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37828 – scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
https://notcve.org/view.php?id=CVE-2025-37828
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() A race can occur between the MCQ completion path and the abort handler: once a request completes, __blk_mq_free_request() sets rq->mq_hctx to NULL, meaning the subsequent ufshcd_mcq_req_to_hwq() call in ufshcd_mcq_abort() can return a NULL pointer. If this NULL pointer is dereferenced, the kernel will crash. Add a NULL check for the returned hwq pointer. If hwq is NULL, log an error and r... • https://git.kernel.org/stable/c/f1304d4420777f82a1d844c606db3d9eca841765 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37827 – btrfs: zoned: return EIO on RAID1 block group write pointer mismatch
https://notcve.org/view.php?id=CVE-2025-37827
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: return EIO on RAID1 block group write pointer mismatch There was a bug report about a NULL pointer dereference in __btrfs_add_free_space_zoned() that ultimately happens because a conversion from the default metadata profile DUP to a RAID1 profile on two disks. The stack trace has the following signature: BTRFS error (device sdc): zoned: write pointer offset mismatch of zones in raid1 profile BUG: kernel NULL pointer dereferenc... • https://git.kernel.org/stable/c/b1934cd6069538db2255dc94ba573771ecf3b560 •