CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37823 – net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
https://notcve.org/view.php?id=CVE-2025-37823
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer. In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37808 – crypto: null - Use spin lock instead of mutex
https://notcve.org/view.php?id=CVE-2025-37808
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm. In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm... • https://git.kernel.org/stable/c/f7a5a5c8e1ec16a4b2041398abe95de0e14572ef •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37807 – bpf: Fix kmemleak warning for percpu hashmap
https://notcve.org/view.php?id=CVE-2025-37807
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 (size 32): backtrace (crc 0): pcpu_alloc_noprof+0x730/0xeb0 bpf_map_alloc_percpu+0x69/0xc0 prealloc_init+0x9d/0x1b0 htab_map_alloc+0x363/0x510 map_create+0x215/0x3a0 __sys_bpf+0x16b/0x3e0 __x64_sys_bpf+0x18/0x20 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Further investigation shows the re... • https://git.kernel.org/stable/c/7758e308aeda1038aba1944f7302d34161b3effe •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37801 – spi: spi-imx: Add check for spi_imx_setupxfer()
https://notcve.org/view.php?id=CVE-2025-37801
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() return error, and make NULL pointer dereference. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: 0x0 spi_imx_pio_transfer+0x50/0xd8 spi_imx_transfer_one+0x18c/0x858 spi_transfer_one_message+0x43c/0x790 __spi_pu... • https://git.kernel.org/stable/c/2fea0d6d7b5d27fbf55512d51851ba0a346ede52 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37800 – driver core: fix potential NULL pointer dereference in dev_uevent()
https://notcve.org/view.php?id=CVE-2025-37800
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev->driver from a valid pointer to NULL may result in crash. Fix this by using READ_ONCE() when fetching the pointer, and take bus' drivers klist lock to make sure driver instance will not disappear while we access it. Use WRITE_ONCE() when setting... • https://git.kernel.org/stable/c/abe56be73eb10a677d16066f65ff9d30251f5eee •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21546 – scsi: target: Fix WRITE_SAME No Data Buffer crash
https://notcve.org/view.php?id=CVE-2022-21546
02 May 2025 — In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. CVSS 3.1 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_S... • https://git.kernel.org/stable/c/54e57be2573cf0b8bf650375fd8752987b6c3d3b • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53117 – fs: prevent out-of-bounds array speculation when closing a file descriptor
https://notcve.org/view.php?id=CVE-2023-53117
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369 • https://git.kernel.org/stable/c/f31cd5da636682caea424fa1c22679016cbfc16b •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53108 – net/iucv: Fix size of interrupt data
https://notcve.org/view.php?id=CVE-2023-53108
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/iucv: Fix size of interrupt data iucv_irq_data needs to be 4 bytes larger. These bytes are not used by the iucv module, but written by the z/VM hypervisor in case a CPU is deconfigured. Reported as: BUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten ----------------------------------------------------------------------------- 0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc Allocated in iucv... • https://git.kernel.org/stable/c/2356f4cb191100a5e92d537f13e5efdbc697e9cb •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53101 – ext4: zero i_disksize when initializing the bootloader inode
https://notcve.org/view.php?id=CVE-2023-53101
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: zero i_disksize when initializing the bootloader inode If the boot loader inode has never been used before, the EXT4_IOC_SWAP_BOOT inode will initialize it, including setting the i_size to 0. However, if the "never before used" boot loader has a non-zero i_size, then i_disksize will be non-zero, and the inconsistency between i_size and i_disksize can trigger a kernel warning: WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319 CPU: 0 PID:... • https://git.kernel.org/stable/c/d6c1447e483c05dbcfb3ff77ac04237a82070b8c •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53100 – ext4: fix WARNING in ext4_update_inline_data
https://notcve.org/view.php?id=CVE-2023-53100
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4_update_inline_data Syzbot found the following issue: EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" fscrypt: AES-256-XTS using implementation "xts-aes-aesni" ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525... • https://git.kernel.org/stable/c/c5aa102b433b1890e1ccaa40c06826c77dda1665 •