CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37816 – mei: vsc: Fix fortify-panic caused by invalid counted_by() use
https://notcve.org/view.php?id=CVE-2025-37816
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[] and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it contains the actual packet length *without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to buf[] the fortify-panic handler gets triggered: [ 80.842193] memcpy: detected buffer overflow: 4 ... • https://git.kernel.org/stable/c/566f5ca9768075e453b7b51a397733968df4287d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37815 – misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration
https://notcve.org/view.php?id=CVE-2025-37815
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Resolve kernel panic while accessing IRQ handler associated with the generated IRQ. This is done by acquiring the spinlock and storing the current interrupt state before handling the interrupt request using generic_handle_irq. A previous fix patch was submitted where 'generic_handle_irq' was replaced with 'handle_nested_irq'. However, this change also causes the ker... • https://git.kernel.org/stable/c/79aef6187e16b2d32307c8ff610e9e04f7f86e1f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37813 – usb: xhci: Fix invalid pointer dereference in Etron workaround
https://notcve.org/view.php?id=CVE-2025-37813
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before prepare_transfer() and prepare_ring(), so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of times this code is called. Then enqueue + 1 is an invalid pointer. It will crash the kernel right away or load some junk which may look like a link TRB and cause the real link TRB to be replaced with a NOOP. This ... • https://git.kernel.org/stable/c/fbc0a0c7718a6cb1dc5e0811a4f88a2b1deedfa1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37812 – usb: cdns3: Fix deadlock when using NCM gadget
https://notcve.org/view.php?id=CVE-2025-37812
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget"). Under PREEMPT_RT the deadlock can be readily triggered by heavy network traffic, for example using "iperf --bidir" over NCM ethernet link. The deadlock occurs because the threaded interrupt handler gets preempted by a softirq, but both are protected by ... • https://git.kernel.org/stable/c/7733f6c32e36ff9d7adadf40001039bf219b1cbe •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37811 – usb: chipidea: ci_hdrc_imx: fix usbmisc handling
https://notcve.org/view.php?id=CVE-2025-37811
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the corresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the pointer. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool. In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optiona... • https://git.kernel.org/stable/c/3f46fefab962fc5dcfe4d53a7c2cdccd51ebdc6d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37810 – usb: dwc3: gadget: check that event count does not exceed event buffer length
https://notcve.org/view.php?id=CVE-2025-37810
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length, avoiding an out-of-bounds access when memcpy'ing the event. Crash log: Unable to handle kernel paging request at virtual address ffffffc0129be000 pc : __memcpy+0... • https://git.kernel.org/stable/c/72246da40f3719af3bfd104a2365b32537c27d83 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37809 – usb: typec: class: Fix NULL pointer access
https://notcve.org/view.php?id=CVE-2025-37809
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. The same mutex protects both the device pointers and the partner device registration. In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unl... • https://git.kernel.org/stable/c/59de2a56d127890cc610f3896d5fc31887c54ac2 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37808 – crypto: null - Use spin lock instead of mutex
https://notcve.org/view.php?id=CVE-2025-37808
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm. In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm... • https://git.kernel.org/stable/c/f7a5a5c8e1ec16a4b2041398abe95de0e14572ef •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37807 – bpf: Fix kmemleak warning for percpu hashmap
https://notcve.org/view.php?id=CVE-2025-37807
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 (size 32): backtrace (crc 0): pcpu_alloc_noprof+0x730/0xeb0 bpf_map_alloc_percpu+0x69/0xc0 prealloc_init+0x9d/0x1b0 htab_map_alloc+0x363/0x510 map_create+0x215/0x3a0 __sys_bpf+0x16b/0x3e0 __x64_sys_bpf+0x18/0x20 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Further investigation shows the re... • https://git.kernel.org/stable/c/7758e308aeda1038aba1944f7302d34161b3effe •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37806 – fs/ntfs3: Keep write operations atomic
https://notcve.org/view.php?id=CVE-2025-37806
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Keep write operations atomic syzbot reported a NULL pointer dereference in __generic_file_write_iter. [1] Before the write operation is completed, the user executes ioctl[2] to clear the compress flag of the file, which causes the is_compressed() judgment to return 0, further causing the program to enter the wrong process and call the wrong ops ntfs_aops_cmpr, which triggers the null pointer dereference of write_begin. Use inode l... • https://git.kernel.org/stable/c/8db49e89a7f8b48ee59fa9ad32b6ed0879747df8 •