CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37740 – jfs: add sanity check for agwidth in dbMount
https://notcve.org/view.php?id=CVE-2025-37740
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add sanity check for agwidth in dbMount The width in dmapctl of the AG is zero, it trigger a divide error when calculating the control page level in dbAllocAG. To avoid this issue, add a check for agwidth in dbAllocAG. In the Linux kernel, the following vulnerability has been resolved: jfs: add sanity check for agwidth in dbMount The width in dmapctl of the AG is zero, it trigger a divide error when calculating the control page level i... • https://git.kernel.org/stable/c/a065cec230aa807c18828a3eee82f1c8592c2adf •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37739 – f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
https://notcve.org/view.php?id=CVE-2025-37739
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() syzbot reports an UBSAN issue as below: ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/f2fs/node.h:381:10 index 18446744073709550692 is out of range for type '__le32[5]' (aka 'unsigned int[5]') CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.14.0-rc3-syzkaller-00060-g6537cfb395f3 #0 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37738 – ext4: ignore xattrs past end
https://notcve.org/view.php?id=CVE-2025-37738
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue: ================================================================== BUG: KASAN: slab-use-after-free in ext4_xattr_inode_dec_ref_all+0xb8c/0xe90 Read of size 4 at addr ffff888012c120c4 by task repro/2065 CPU: 1 UID: 0 PID: 2065 Comm: repro Not tainted 6.13.0-rc2+ #11 Hardw... • https://git.kernel.org/stable/c/6aff941cb0f7d0c897c3698ad2e30672709135e3 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-23163 – net: vlan: don't propagate flags on open
https://notcve.org/view.php?id=CVE-2025-23163
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: [ 1.211455] ============================================ [ 1.211571] WARNING: possible recursive locking detected [ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted [ 1.211823] -------------------------------------------- [ 1.211936] ip/184 is trying to acquire lock: [ 1.212032] ffff8881024a4c30 (&dev->lock){+.+.}-{... • https://git.kernel.org/stable/c/a32f1d4f1f4c9d978698f3c718621f6198f2e7ac •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-23162 – drm/xe/vf: Don't try to trigger a full GT reset if VF
https://notcve.org/view.php?id=CVE-2025-23162
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't try to trigger a full GT reset if VF VFs don't have access to the GDRST(0x941c) register that driver uses to reset a GT. Attempt to trigger a reset using debugfs: $ cat /sys/kernel/debug/dri/0000:00:02.1/gt0/force_reset or due to a hang condition detected by the driver leads to: [ ] xe 0000:00:02.1: [drm] GT0: trying reset from force_reset [xe] [ ] xe 0000:00:02.1: [drm] GT0: reset queued [ ] xe 0000:00:02.1: [drm] GT0: res... • https://git.kernel.org/stable/c/2eec2fa8666dcecebae33a565a818c9de9af8b50 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-23161 – PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
https://notcve.org/view.php?id=CVE-2025-23161
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this purpose. A spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be acquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in the same context as... • https://git.kernel.org/stable/c/c250262d6485ca333e9821f85b07eb383ec546b1 •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-23160 – media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization
https://notcve.org/view.php?id=CVE-2025-23160
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor (SCP) the mtk_scp structure has to be removed explicitly to avoid a resource leak. Free the structure in case the allocation of the firmware structure fails during the firmware initialization. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resour... • https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-23159 – media: venus: hfi: add a check to handle OOB in sfr region
https://notcve.org/view.php?id=CVE-2025-23159
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr->buf_size is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to allocated size for such cases. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr->buf_size is in shared memory and can be modified by m... • https://git.kernel.org/stable/c/d96d3f30c0f2f564f6922bf4ccdf4464992e31fb •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-23158 – media: venus: hfi: add check to handle incorrect queue size
https://notcve.org/view.php?id=CVE-2025-23158
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, empty_space will be bigger than the space actually available. Since new_wr_idx is not checked, so the following code will result in an OOB write. ... qsize = qhdr->q_size if (wr_idx >= rd_idx) empty_space = qsize - (wr_idx - rd_idx) ... • https://git.kernel.org/stable/c/d96d3f30c0f2f564f6922bf4ccdf4464992e31fb •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-23157 – media: venus: hfi_parser: add check to avoid out of bound access
https://notcve.org/view.php?id=CVE-2025-23157
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add check to avoid out of bound access There is a possibility that init_codecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecs_count can get incremented to value more than MAX_CODEC_NUM, there can be OOB access. Reset the count so that it always starts from beginning. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add c... • https://git.kernel.org/stable/c/1a73374a04e555103e5369429a30999114001dda •