CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37911 – bnxt_en: Fix out-of-bound memcpy() during ethtool -w
https://notcve.org/view.php?id=CVE-2025-37911
20 May 2025 — The segment list is then DMA'ed by the FW and the length of the DMA is returned by FW. The segment list is then DMA'ed by the FW and the length of the DMA is returned by FW. ... Fix it by capping the copy length to not exceed the length of info->dest_buf. Fix it by capping the copy length to not exceed the length of info->dest_buf. ... The segment list is then DMA'ed by the FW and the length of the DMA is returned by FW. ... • https://git.kernel.org/stable/c/c74751f4c39232c31214ec6a3bc1c7e62f5c728b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37909 – net: lan743x: Fix memleak issue when GSO enabled
https://notcve.org/view.php?id=CVE-2025-37909
20 May 2025 — Previously skb was mapped to EXT descriptor when the number of fragments is zero with GSO enabled. ... Previously skb was mapped to EXT descriptor when the number of fragments is zero with GSO enabled. Mapping the skb to EXT descriptor prevents it from being freed, leading to a memory leak Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/23f0703c125be490f70501b6b24ed5645775c56a •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37905 – firmware: arm_scmi: Balance device refcount when destroying devices
https://notcve.org/view.php?id=CVE-2025-37905
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance device refcount when destroying devices Using device_find_child() to lookup the proper SCMI device to destroy causes an unbalance in device refcount, since device_find_child() calls an implicit get_device(): this, in turns, inhibits the call of the provided release methods upon devices destruction. In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance device refcou... • https://git.kernel.org/stable/c/d4f9dddd21f39395c62ea12d3d91239637d4805f •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37903 – drm/amd/display: Fix slab-use-after-free in hdcp
https://notcve.org/view.php?id=CVE-2025-37903
20 May 2025 — When the dock is plugged back, the dangling pointers are dereferenced, resulting in a slab-use-after-free: [ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10 [ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233 [ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024 [ 66.776186] Workqueue: events... • https://git.kernel.org/stable/c/da3fd7ac0bcf372cc57117bdfcd725cca7ef975a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37901 – irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
https://notcve.org/view.php?id=CVE-2025-37901
20 May 2025 — Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/a6199bb514d8a63f61c2a22c1f912376e14d0fb2 •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37897 – wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
https://notcve.org/view.php?id=CVE-2025-37897
20 May 2025 — Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/68d57a07bfe5bb29b80cd8b8fa24c9d1ea104124 •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-41227 – Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-41227
20 May 2025 — VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition. A malicious actor with... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-41226 – Guest Operations Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-41226
20 May 2025 — VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operati... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30193 – Denial of service via crafted TCP exchange
https://notcve.org/view.php?id=CVE-2025-30193
20 May 2025 — In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. ... A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQuer... • https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47944 – Multer vulnerable to Denial of Service from maliciously crafted requests
https://notcve.org/view.php?id=CVE-2025-47944
19 May 2025 — A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. • https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 • CWE-248: Uncaught Exception •