CVSS: 6.9EPSS: %CPEs: 6EXPL: 0CVE-2025-37991 – parisc: Fix double SIGFPE crash
https://notcve.org/view.php?id=CVE-2025-37991
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in the signal handler. Dave analyzed it, and it happens because glibc uses a double-word floating-point store to atomically update function descriptors. As a result of lazy binding, we hit a floating-point store in fpe_func almost immediately. When the T bit is set, an assist exception trap occurs when when the co-pr... • https://git.kernel.org/stable/c/ec4584495868bd465fe60a3f771915c0e7ce7951 •
CVSS: 5.0EPSS: %CPEs: 6EXPL: 0CVE-2025-37990 – wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
https://notcve.org/view.php?id=CVE-2025-37990
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl... • https://git.kernel.org/stable/c/71bb244ba2fd5390eefe4ee9054abdb3f8b05922 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2025-37984 – crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
https://notcve.org/view.php?id=CVE-2025-37984
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback returns an unusually large value. Herbert instead suggests (for a division by 8): X / 8 + !!(X & 7) Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and use it in lieu of DIV_ROUND_UP() for ->key_size() return values. Additionally, use the macro... • https://git.kernel.org/stable/c/921b8167f10708e38080f84e195cdc68a7a561f1 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2025-37983 – qibfs: fix _another_ leak
https://notcve.org/view.php?id=CVE-2025-37983
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak ... • https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2025-37982 – wifi: wl1251: fix memory leak in wl1251_tx_work
https://notcve.org/view.php?id=CVE-2025-37982
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue. In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_q... • https://git.kernel.org/stable/c/c5483b71936333ba9474f57d0f3a7a7abf9b87a0 •
CVSS: 5.5EPSS: %CPEs: 1EXPL: 0CVE-2025-37976 – wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
https://notcve.org/view.php?id=CVE-2025-37976
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process [ Upstream commit 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 ] Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption o... • https://git.kernel.org/stable/c/0c1015493f0e3979bcbd3a12ebc0977578c87f21 •
CVSS: 7.2EPSS: %CPEs: 5EXPL: 0CVE-2025-37963 – arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
https://notcve.org/view.php?id=CVE-2025-37963
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user. Privileged users can also load the same program via eBPF, making the mitigation pointless. In the Linux kernel, the following vulnerability has been resol... • https://git.kernel.org/stable/c/6e52d043f7dbf1839a24a3fab2b12b0d3839de7a •
CVSS: 7.1EPSS: %CPEs: 10EXPL: 0CVE-2025-37961 – ipvs: fix uninit-value for saddr in do_output_route4
https://notcve.org/view.php?id=CVE-2025-37961
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local source address for tunnels") already implies that the input value of saddr should be ignored but the code is still reading it which can prevent to connect the route. Fix it by changing the argument to ret_saddr. [1] BUG: KMSAN: uninit-value in do_output_route4+0x42c/0x4d0 net/ne... • https://git.kernel.org/stable/c/4754957f04f5f368792a0eb7dab0ae89fb93dcfd •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-37956 – ksmbd: prevent rename with empty string
https://notcve.org/view.php?id=CVE-2025-37956
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from d_alloc. This patch return the error when attempting to rename a file or directory with an empty new name string. In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from d_alloc.... • https://git.kernel.org/stable/c/6ee551672c8cf36108b0cfba92ec0c7c28ac3439 •
CVSS: 4.7EPSS: %CPEs: 4EXPL: 0CVE-2025-37954 – smb: client: Avoid race in open_cached_dir with lease breaks
https://notcve.org/view.php?id=CVE-2025-37954
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir might race with a lease break, meaning open_cached_dir doesn't consider it valid, and thinks it's newly-constructed. This leaks a dentry reference if the allocation occurs before the queued lease break work runs. Avoid the race by extending holding the cfid_list_lock across find_or_create_cached_dir and when the res... • https://git.kernel.org/stable/c/2ed98e89ebc2e1bc73534dc3c18cb7843a889ff9 •