Skip to main content

Linux Kernel

9356 CVEs product

Monthly

CVE-2025-37992 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37991 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37990 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37989 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37988 MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Normally do_lock_mount(path, _) is locking a mountpoint. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-37987 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37986 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37985 MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Debian Linux +2
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-37984 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37983 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37982 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37981 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable to determine whether. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37979 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37978 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37977 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dma-coherent property isn't set then descriptors are. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Samsung Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37975 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows rel[j] to access one element past the end of the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-37974 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpci_create_device() error return The zpci_create_device() function returns an error pointer that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37973 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-37971 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37970 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37969 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37967 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37966 MEDIUM PATCH This Month

A denial-of-service vulnerability exists in the Linux kernel's RISC-V architecture implementation where improper validation of the PR_SET_TAGGED_ADDR_CTRL prctl system call causes a kernel crash when the Supm (Supervisor User Memory) extension is not available. Affected systems are Linux kernel versions including 6.15-rc1 through 6.15-rc5 and potentially earlier versions across all RISC-V platforms. A local attacker with unprivileged user access can trigger an illegal instruction exception, crashing the kernel and denying service to all users, with an EPSS exploitation probability of only 0.11 percent indicating low real-world exploitation likelihood despite the availability of a vendor patch.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37965 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper [Why] "BUG: sleeping function called from invalid context" error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Linux Information Disclosure Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37963 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37962 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease context introduced a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37961 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Google Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37960 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: memblock: Accept allocated memory before use in memblock_double_array() When increasing the array size in memblock_double_array(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37958 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Debian Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37957 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37956 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37955 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() The selftests added to our CI by Bui Quang Minh recently reveals. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37954 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37953 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() idempotent Alan reported a NULL pointer dereference in htb_next_rb_node() after we made. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37952 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37951 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37950 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix panic in failed foilio allocation commit 7e119cff9d0a ("ocfs2: convert w_pages to w_folios") and commit 9a5e08652dc4b. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37949 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37948 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37947 HIGH PATCH This Week

A boundary validation vulnerability in the Linux kernel's ksmbd (in-kernel SMB server) allows authenticated local users to perform out-of-bounds memory writes when handling stream data operations. The flaw occurs when write offsets exceed existing stream data boundaries, potentially leading to memory corruption with high impact on system confidentiality, integrity, and availability (CVSS 7.8). A proof-of-concept exploit is publicly available on GitHub, though real-world exploitation probability remains low at 0.03% according to EPSS data.

Linux Buffer Overflow Debian Linux Linux Kernel Red Hat +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-37946 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37944 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-37943 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37941 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() When snd_soc_dapm_new_controls() or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37940 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced, the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37939 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix accessing BTF.ext core_relo header Update btf_ext_parse_info() to ensure the core_relo header is present before reading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37938 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37937 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call to dib8000_read32() returns zero,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37936 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37935 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM If the mtk_poll_rx() function detects the MTK_RESETTING flag, it will jump. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Mediatek Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37934 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Actually check if the passed pointers are valid,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37933 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix host hang issue during device reboot When the host loses heartbeat messages from the device, the driver calls the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37932 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37930 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37929 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Commit a5951389e58d ("arm64: errata: Add newer ARM cores to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37928 HIGH POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Qualcomm Linux Kernel Debian Linux +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-37927 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Amd Memory Corruption Buffer Overflow Linux Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37926 HIGH PATCH This Week

A use-after-free vulnerability exists in the Linux kernel's ksmbd (in-kernel SMB server) component, where a race condition between ksmbd_session_rpc_open() and __session_rpc_close() functions can lead to memory corruption. This vulnerability affects Linux kernel versions up to 6.15-rc4 and allows local attackers with low privileges to potentially execute arbitrary code or cause system crashes, achieving complete compromise of confidentiality, integrity, and availability. With an EPSS score of 0.07%, the vulnerability has low real-world exploitation likelihood despite its high CVSS score, and patches are available from the vendor.

Linux Use After Free Race Condition Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37923 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Google Linux Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37922 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: book3s64/radix : Align section vmemmap start address to PAGE_SIZE A vmemmap altmap is a device-provided region used to provide. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37921 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fix unlocked deletion of default FDB entry When a VNI is deleted from a VXLAN device in 'vnifilter' mode, the FDB. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37920 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AF_XDP generic RX path Move rx_lock from xsk_socket to xsk_buff_pool.

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-37919 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot Update chip data using dev_get_drvdata(dev->parent) to fix NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Amd Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37918 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() A NULL pointer dereference can occur in skb_dequeue() when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37916 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pds_core: remove write-after-free of client_id A use-after-free error popped up in stress testing: [Mon Apr 21 21:21:33 2025] BUG:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37915 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases. Rated high severity (CVSS 7.0).

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-37914 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37913 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37912 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37911 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37910 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations On Adva boards, SMA sysfs store/get operations can call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37908 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab->obj_exts always When memory allocation profiling is disabled at runtime or due to an error,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Intel Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37907 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37906 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd ublk_cancel_cmd() calls io_uring_cmd_done() to complete. Rated medium severity (CVSS 4.7).

Linux Race Condition Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-37905 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance device refcount when destroying devices Using device_find_child() to lookup the proper SCMI device to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37904 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfs_iget() [BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Ubuntu Debian Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37903 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Amd +5
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37901 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs On Qualcomm chipsets not all GPIOs are wakeup capable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Qualcomm Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37900 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommu_copy_struct_from_user() In the review for iommu_copy_struct_to_user() helper, Matt pointed out that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Oracle Denial Of Service Nvidia +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37899 HIGH POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37898 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries get_stubs_size assumes that there must always be at least. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37897 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37896 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37895 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix error handling path in bnxt_init_chip() WARN_ON() is triggered in __flush_work() if bnxt_init_chip() fails because we. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37894 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: use sock_gen_put() when sk_state is TCP_TIME_WAIT It is possible for a pointer of type struct inet_timewait_sock to be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37892 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37891 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37890 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53146 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-53145 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Normally do_lock_mount(path, _) is locking a mountpoint. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable to determine whether. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dma-coherent property isn't set then descriptors are. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Samsung Linux +3
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows rel[j] to access one element past the end of the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpci_create_device() error return The zpci_create_device() function returns an error pointer that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +3
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial-of-service vulnerability exists in the Linux kernel's RISC-V architecture implementation where improper validation of the PR_SET_TAGGED_ADDR_CTRL prctl system call causes a kernel crash when the Supm (Supervisor User Memory) extension is not available. Affected systems are Linux kernel versions including 6.15-rc1 through 6.15-rc5 and potentially earlier versions across all RISC-V platforms. A local attacker with unprivileged user access can trigger an illegal instruction exception, crashing the kernel and denying service to all users, with an EPSS exploitation probability of only 0.11 percent indicating low real-world exploitation likelihood despite the availability of a vendor patch.

Linux Denial Of Service Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper [Why] "BUG: sleeping function called from invalid context" error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Linux Information Disclosure +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease context introduced a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Google Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: memblock: Accept allocated memory before use in memblock_double_array() When increasing the array size in memblock_double_array(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Debian +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() The selftests added to our CI by Bui Quang Minh recently reveals. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() idempotent Alan reported a NULL pointer dereference in htb_next_rb_node() after we made. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix panic in failed foilio allocation commit 7e119cff9d0a ("ocfs2: convert w_pages to w_folios") and commit 9a5e08652dc4b. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A boundary validation vulnerability in the Linux kernel's ksmbd (in-kernel SMB server) allows authenticated local users to perform out-of-bounds memory writes when handling stream data operations. The flaw occurs when write offsets exceed existing stream data boundaries, potentially leading to memory corruption with high impact on system confidentiality, integrity, and availability (CVSS 7.8). A proof-of-concept exploit is publicly available on GitHub, though real-world exploitation probability remains low at 0.03% according to EPSS data.

Linux Buffer Overflow Debian Linux +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() When snd_soc_dapm_new_controls() or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced, the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix accessing BTF.ext core_relo header Update btf_ext_parse_info() to ensure the core_relo header is present before reading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call to dib8000_read32() returns zero,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Linux Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM If the mtk_poll_rx() function detects the MTK_RESETTING flag, it will jump. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Mediatek +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Actually check if the passed pointers are valid,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix host hang issue during device reboot When the host loses heartbeat messages from the device, the driver calls the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Commit a5951389e58d ("arm64: errata: Add newer ARM cores to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +4
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Qualcomm +5
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Amd Memory Corruption Buffer Overflow +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability exists in the Linux kernel's ksmbd (in-kernel SMB server) component, where a race condition between ksmbd_session_rpc_open() and __session_rpc_close() functions can lead to memory corruption. This vulnerability affects Linux kernel versions up to 6.15-rc4 and allows local attackers with low privileges to potentially execute arbitrary code or cause system crashes, achieving complete compromise of confidentiality, integrity, and availability. With an EPSS score of 0.07%, the vulnerability has low real-world exploitation likelihood despite its high CVSS score, and patches are available from the vendor.

Linux Use After Free Race Condition +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Google +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: book3s64/radix : Align section vmemmap start address to PAGE_SIZE A vmemmap altmap is a device-provided region used to provide. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fix unlocked deletion of default FDB entry When a VNI is deleted from a VXLAN device in 'vnifilter' mode, the FDB. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AF_XDP generic RX path Move rx_lock from xsk_socket to xsk_buff_pool.

Linux Information Disclosure Race Condition +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot Update chip data using dev_get_drvdata(dev->parent) to fix NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Amd Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() A NULL pointer dereference can occur in skb_dequeue() when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pds_core: remove write-after-free of client_id A use-after-free error popped up in stress testing: [Mon Apr 21 21:21:33 2025] BUG:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases. Rated high severity (CVSS 7.0).

Buffer Overflow Linux Linux Kernel +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations On Adva boards, SMA sysfs store/get operations can call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab->obj_exts always When memory allocation profiling is disabled at runtime or due to an error,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Intel Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd ublk_cancel_cmd() calls io_uring_cmd_done() to complete. Rated medium severity (CVSS 4.7).

Linux Race Condition Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance device refcount when destroying devices Using device_find_child() to lookup the proper SCMI device to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfs_iget() [BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Ubuntu +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs On Qualcomm chipsets not all GPIOs are wakeup capable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Qualcomm Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommu_copy_struct_from_user() In the review for iommu_copy_struct_to_user() helper, Matt pointed out that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Oracle +5
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries get_stubs_size assumes that there must always be at least. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Linux Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix error handling path in bnxt_init_chip() WARN_ON() is triggered in __flush_work() if bnxt_init_chip() fails because we. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: use sock_gen_put() when sk_state is TCP_TIME_WAIT It is possible for a pointer of type struct inet_timewait_sock to be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux +4
NVD
Prev Page 27 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy