CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37930 – drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
https://notcve.org/view.php?id=CVE-2025-37930
20 May 2025 — Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/ea13e5abf807ea912ce84eef6a1946b9a38c6508 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37929 – arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
https://notcve.org/view.php?id=CVE-2025-37929
20 May 2025 — Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/46e22de65eb45a67a68ddfe9301f79b0c3821ca8 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37928 – dm-bufio: don't schedule in atomic context
https://notcve.org/view.php?id=CVE-2025-37928
20 May 2025 — Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/7cd326747f46ffe1c7bff5682e97dfbcb98990ec •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37927 – iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
https://notcve.org/view.php?id=CVE-2025-37927
20 May 2025 — For example if the length of hid string is 4 and the length of the uid string is 260, the length of str will be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer which size is 256. For example if the length of hid string is 4 and the length of the uid string is 260, the length of str will be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer which size is 256. ... Check the length of hid and uid strings separately to prevent buffer ... • https://git.kernel.org/stable/c/ca3bf5d47cec8b7614bcb2e9132c40081d6d81db •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37924 – ksmbd: fix use-after-free in kerberos authentication
https://notcve.org/view.php?id=CVE-2025-37924
20 May 2025 — However, it is possible another thread could be operating on the session and make use of sess->user after it has been passed to ksmbd_free_user but before sess->user is set to NULL. However, it is possible another thread could be operating on the session and make use of sess->user after it has been passed to ksmbd_free_user but before sess->user is set to NULL. ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37923 – tracing: Fix oob write in trace_seq_to_buffer()
https://notcve.org/view.php?id=CVE-2025-37923
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260 CPU: 1 UID: 0 PID: 7260 Comm:... • https://git.kernel.org/stable/c/3c56819b14b00dd449bd776303e61f8532fad09f •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37921 – vxlan: vnifilter: Fix unlocked deletion of default FDB entry
https://notcve.org/view.php?id=CVE-2025-37921
20 May 2025 — [1] WARNING: CPU: 3 PID: 392 at drivers/net/vxlan/vxlan_core.c:417 vxlan_find_mac+0x17f/0x1a0 [...] RIP: 0010:vxlan_find_mac+0x17f/0x1a0 [...] Call Trace:
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37917 – net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll
https://notcve.org/view.php?id=CVE-2025-37917
20 May 2025 — ``` BUG: spinlock recursion on CPU#0, swapper/0/0 lock: 0xffff00000db9cf20, .magic: dead4ead, .owner: swapper/0/0, .owner_cpu: 0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc2-next-20250417-00001-gf6a27738686c-dirty #28 PREEMPT Hardware name: MediaTek MT8365 Open Platform EVK (DT) Call trace: show_stack+0x18/0x24 (C) dump_stack_lvl+0x60/0x80 dump_stack+0x18/0x24 spin_dump+0x78/0x88 do_raw_spin_lock+0x11c/0x120 _raw_spin_lock+0x20/0x2c mtk_star_handle_irq+0xc0/0x22c [mtk_star_emac] __handle_irq_... • https://git.kernel.org/stable/c/0a8bd81fd6aaace14979152e0540da8ff158a00a •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37915 – net_sched: drr: Fix double list add in class with netem as child qdisc
https://notcve.org/view.php?id=CVE-2025-37915
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In the case of drr, there won't be a UAF, but the code will add the same classi... • https://git.kernel.org/stable/c/37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37914 – net_sched: ets: Fix double list add in class with netem as child qdisc
https://notcve.org/view.php?id=CVE-2025-37914
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of ets, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In the case of ets, there won't be a UAF, but the code will add the same classi... • https://git.kernel.org/stable/c/dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 •