CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-40325 – md/raid10: wait barrier before returning discard request with REQ_NOWAIT
https://notcve.org/view.php?id=CVE-2025-40325
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_handle_discard should wait barrier before returning a discard bio which has REQ_NOWAIT. And there is no need to print warning calltrace if a discard bio has REQ_NOWAIT flag. Quality engineer usually checks dmesg and reports error if dmesg has warning/error calltrace. • https://git.kernel.org/stable/c/c9aa889b035fca4598ae985a0f0c76ebbb547ad2 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-40014 – objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()
https://notcve.org/view.php?id=CVE-2025-40014
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objto... • https://git.kernel.org/stable/c/3fe26121dc3a9bf64e18fe0075cd9a92c9cd1b1a •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-39989 – x86/mce: use is_copy_from_user() to determine copy-from-user context
https://notcve.org/view.php?id=CVE-2025-39989
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mce: use is_copy_from_user() to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. What am I trying to do: This patchset resolves two critical regressions related to memory failure handling that have appeared in the upstream kernel since version 5.17, as compared to 5.10 LTS. - copyin case: poison found in user page while kernel copying from user space - instr case: poison ... • https://git.kernel.org/stable/c/4c132d1d844a53fc4e4b5c34e36ef10d6124b783 •
CVSS: -EPSS: %CPEs: 11EXPL: 0CVE-2025-39735 – jfs: fix slab-out-of-bounds read in ea_get()
https://notcve.org/view.php?id=CVE-2025-39735
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended attribute" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t... • https://git.kernel.org/stable/c/6e39b681d1eb16f408493bf5023788b57f68998c •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-39728 – clk: samsung: Fix UBSAN panic in samsung_clk_init()
https://notcve.org/view.php?id=CVE-2025-39728
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-38637 – net_sched: skbprio: Remove overly strict queue assertions
https://notcve.org/view.php?id=CVE-2025-38637
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packets in the child qdisc without actually dequeuing them when tokens are unavailable. This peek operation creates a discrepancy between the parent ... • https://git.kernel.org/stable/c/aea5f654e6b78a0c976f7a25950155932c77a53f •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38575 – ksmbd: use aead_request_free to match aead_request_alloc
https://notcve.org/view.php?id=CVE-2025-38575
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed. • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38240 – drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
https://notcve.org/view.php?id=CVE-2025-38240
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr The function mtk_dp_wait_hpd_asserted() may be called before the `mtk_dp->drm_dev` pointer is assigned in mtk_dp_bridge_attach(). Specifically it can be called via this callpath: - mtk_edp_wait_hpd_asserted - [panel probe] - dp_aux_ep_probe Using "drm" level prints anywhere in this callpath causes a NULL pointer dereference. Change the error message directly in mtk_dp_wait_h... • https://git.kernel.org/stable/c/7eacba9a083be65c0f251c19380ec01147c01ebc •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38152 – remoteproc: core: Clear table_sz when rproc_shutdown
https://notcve.org/view.php?id=CVE-2025-38152
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear table_sz when rproc_shutdown There is case as below could trigger kernel dump: Use U-Boot to start remote processor(rproc) with resource table published to a fixed address by rproc. After Kernel boots up, stop the rproc, load a new firmware which doesn't have resource table ,and start rproc. When starting rproc with a firmware not have resource table, `memcpy(loaded_table, rproc->cached_table, rproc->table_sz)` will ... • https://git.kernel.org/stable/c/9dc9507f1880fb6225e3e058cb5219b152cbf198 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38104 – drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
https://notcve.org/view.php?id=CVE-2025-38104
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB flushes and register reads. When multiple threads or VFs try to access the same registers simultaneously, it can lead to race conditions. By using the RLCG interface, the driver can serialize access to the register... • https://git.kernel.org/stable/c/e864180ee49b4d30e640fd1e1d852b86411420c9 •