CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37775 – ksmbd: fix the warning from __kernel_write_iter
https://notcve.org/view.php?id=CVE-2025-37775
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------ [ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280 This patch doesn't allow writing to directory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------ [ 2110.972301] WARNING: CPU: 3 PID... • https://git.kernel.org/stable/c/44079e544c9f6e3e9fb43a16ddf8b08cf686d657 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37765 – drm/nouveau: prime: fix ttm_bo_delayed_delete oops
https://notcve.org/view.php?id=CVE-2025-37765
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Fix an oops in ttm_bo_delayed_delete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP CPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 Not tainted 6.14.0-rc4-00267-g505460b44513-dirty #216 Hardware name: LENOVO 82N6/LNVNB161216, BIOS GKCN65WW 01/16/2024 Workqueue: ttm ttm_bo_delayed_del... • https://git.kernel.org/stable/c/22b33e8ed0e38b8ddcf082e35580f2e67a3a0262 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37758 – ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
https://notcve.org/view.php?id=CVE-2025-37758
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does not check for this case, which can result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue. In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL ... • https://git.kernel.org/stable/c/2dc6c6f15da97cb3e810963c80e981f19d42cd7d •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37749 – net: ppp: Add bound checking for skb data on ppp_sync_txmung
https://notcve.org/view.php?id=CVE-2025-37749
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an empty payload: (remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37746 – perf/dwc_pcie: fix duplicate pci_dev devices
https://notcve.org/view.php?id=CVE-2025-37746
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_device_register, wrongly using struct device pci_dev as platform_data caused a kmemdup copy of pci_dev. Worse still, accessing the duplicated device leads to list corruption as its mutex content (e.g., list, magic) remains the same as the original. In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_devic... • https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37745 – PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
https://notcve.org/view.php?id=CVE-2025-37745
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() syzbot reported a deadlock in lock_system_sleep() (see below). The write operation to "/sys/module/hibernate/parameters/compressor" conflicts with the registration of ieee80211 device, resulting in a deadlock when attempting to acquire system_transition_mutex under param_lock. To avoid this deadlock, change hibernate_compressor_param_set() to use mutex_trylock() for attemptin... • https://git.kernel.org/stable/c/11ae4fec1f4b4ee06770a572c37d89cbaecbf66e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37744 – wifi: ath12k: fix memory leak in ath12k_pci_remove()
https://notcve.org/view.php?id=CVE-2025-37744
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_pci_remove() Kmemleak reported this error: unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (age 235.596s) backtrace: [<000000005434db68>] __kmem_cache_alloc_node+0x1f4/0x2c0 [<000000001203b155>] kmalloc_trace+0x40/0x88 [<0000000028adc9c8>] _request_firmware+0xb8/0x608 [<00000000cad1aef7>] firmware_request_nowarn+0x50/0x80 [<000000005011a682>] local_pci_prob... • https://git.kernel.org/stable/c/3cb47b50926a5b9eef8c06506a14cdc0f3d95c53 •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37743 – wifi: ath12k: Avoid memory leak while enabling statistics
https://notcve.org/view.php?id=CVE-2025-37743
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid memory leak while enabling statistics Driver uses monitor destination rings for extended statistics mode and standalone monitor mode. In extended statistics mode, TLVs are parsed from the buffer received from the monitor destination ring and assigned to the ppdu_info structure to update per-packet statistics. In standalone monitor mode, along with per-packet statistics, the packet data (payload) is captured, and the driv... • https://git.kernel.org/stable/c/286bab0fc7b9db728dab8c63cadf6be9b3facf8c •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37742 – jfs: Fix uninit-value access of imap allocated in the diMount() function
https://notcve.org/view.php?id=CVE-2025-37742
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount() function syzbot reports that hex_dump_to_buffer is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 print_hex_dump+0x13d/0x3e0 lib/hexdump.c:276 diFree+0x5ba/0x4350 fs/jfs/jfs_imap.c:876 jfs_evict_inode+0x510/0x550 fs/jfs/inode... • https://git.kernel.org/stable/c/4f10732712fce33e53703ffe5ed9155f23814097 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37741 – jfs: Prevent copying of nlink with value 0 from disk inode
https://notcve.org/view.php?id=CVE-2025-37741
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Prevent copying of nlink with value 0 from disk inode syzbot report a deadlock in diFree. [1] When calling "ioctl$LOOP_SET_STATUS64", the offset value passed in is 4, which does not match the mounted loop device, causing the mapping of the mounted loop device to be invalidated. When creating the directory and creating the inode of iag in diReadSpecial(), read the page of fixed disk inode (AIT) in raw mode in read_metapage(), the metapa... • https://git.kernel.org/stable/c/5b2f26d3fba4e9aac314f8bc0963b3fc28c0e456 •