CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37838 – HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
https://notcve.org/view.php?id=CVE-2025-37838
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function within the ssip_pn_ops structure is capable of starting the work. In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Dr... • https://git.kernel.org/stable/c/ae5a6a0b425e8f76a9f0677e50796e494e89b088 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40364 – io_uring: fix io_req_prep_async with provided buffers
https://notcve.org/view.php?id=CVE-2025-40364
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed. In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimport... • https://git.kernel.org/stable/c/c7fb19428d67dd0a2a78a4f237af01d39c78dc5a •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40325 – md/raid10: wait barrier before returning discard request with REQ_NOWAIT
https://notcve.org/view.php?id=CVE-2025-40325
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_handle_discard should wait barrier before returning a discard bio which has REQ_NOWAIT. ... In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_handle_discard should wait barrier before returning a discard bio which has REQ_NOWAIT. • https://git.kernel.org/stable/c/c9aa889b035fca4598ae985a0f0c76ebbb547ad2 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40114 – iio: light: Add check for array bounds in veml6075_read_int_time_ms
https://notcve.org/view.php?id=CVE-2025-40114
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, which could lead to out-of-bounds access. In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml... • https://git.kernel.org/stable/c/3b82f43238aecd73464aeacc9c73407079511533 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40014 – objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()
https://notcve.org/view.php?id=CVE-2025-40014
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. ... Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode() In the Linux kernel, the follo... • https://git.kernel.org/stable/c/3fe26121dc3a9bf64e18fe0075cd9a92c9cd1b1a •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39989 – x86/mce: use is_copy_from_user() to determine copy-from-user context
https://notcve.org/view.php?id=CVE-2025-39989
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mce: use is_copy_from_user() to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. ... User process takes #PF, Linux allocates a new page and fills by reading from storage. User process takes #PF, Linux allocates a new page and fills by reading from storage. ## 3. ... Just to add to the confusion, Linux does take an action (in uc_decode_notifier(... • https://git.kernel.org/stable/c/4c132d1d844a53fc4e4b5c34e36ef10d6124b783 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39930 – ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai()
https://notcve.org/view.php?id=CVE-2025-39930
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() commit 419d1918105e ("ASoC: simple-card-utils: use __free(device_node) for device node") uses __free(device_node) for dlc->of_node, but we need to keep it while driver is in use. In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() commit 419d1918105e (... • https://git.kernel.org/stable/c/419d1918105e5d9926ab02f1f834bb416dc76f65 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39778 – objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
https://notcve.org/view.php?id=CVE-2025-39778
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() The csts_state_names[] array only has six sparse entries, but the iteration code in nvmet_ctrl_state_show() iterates seven, resulting in a potential out-of-bounds stack read. ... Fixes the following warning with an UBSAN kernel: vmlinux.o: warning: objtool: .text.nvmet_ctrl_state_show: unexpected end of section In the Linux kernel, the following vulnerab... • https://git.kernel.org/stable/c/649fd41420a816b11b07423ebf4dbd4ac1ac2905 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39755 – staging: gpib: Fix cb7210 pcmcia Oops
https://notcve.org/view.php?id=CVE-2025-39755
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmcia_driver struct was still only using the old .name initialization in the drv field. ... In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmcia_driver struct was still only using the old .name initialization in the drv field. • https://git.kernel.org/stable/c/e9dc69956d4d9bf4a81d35995ce9229ff5e4cad5 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2025-39735 – jfs: fix slab-out-of-bounds read in ea_get()
https://notcve.org/view.php?id=CVE-2025-39735
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. ... In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. • https://git.kernel.org/stable/c/6e39b681d1eb16f408493bf5023788b57f68998c •