Vulnerability-Lookup

CERTFR-2025-AVI-0650

Vulnerability from certfr_avis - Published: 2025-08-01 - Updated: 2025-08-01

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 20.04 ESM
Ubuntu	Ubuntu	Ubuntu 24.04 LTS
Ubuntu	Ubuntu	Ubuntu 25.04
Ubuntu	Ubuntu	Ubuntu 18.04 ESM
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

CVE-2025-37915 (GCVE-0-2025-37915)

Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17

Title

net_sched: drr: Fix double list add in class with netem as child qdisc

Summary

In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In addition to checking for qlen being zero, this patch checks whether the class was already added to the active_list (cl_is_active) before adding to the list to cover for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/

Severity

No CVSS data available.

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/5da3aad1a13e7edb8…
https://git.kernel.org/stable/c/4b07ac06b0a712923…
https://git.kernel.org/stable/c/2968632880f179200…
https://git.kernel.org/stable/c/4f0ecf50cdf76da95…
https://git.kernel.org/stable/c/db205b92dfe0501e5…
https://git.kernel.org/stable/c/26e75716b94d6ff9b…
https://git.kernel.org/stable/c/ab2248110738d4429…
https://git.kernel.org/stable/c/f99a3fbf023e20b62…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 5da3aad1a13e7edb8ff0778a444ccf49930313e9 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 4b07ac06b0a712923255aaf2691637693fc7100d (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 2968632880f1792007eedd12eeedf7f6e2b7e9f3 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 4f0ecf50cdf76da95828578a92f130b653ac2fcf (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < db205b92dfe0501e5b92fb7cf00971d0e44ba3eb (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 26e75716b94d6ff9be5ea07d63675c4d189f30b4 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < ab2248110738d4429668140ad22f530a9ee730e1 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < f99a3fbf023e20b626be4b0f042463d598050c9a (git)
Linux	Linux	Affected: 5.0 Unaffected: 0 , < 5.0 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:17.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_drr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5da3aad1a13e7edb8ff0778a444ccf49930313e9",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "4b07ac06b0a712923255aaf2691637693fc7100d",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "2968632880f1792007eedd12eeedf7f6e2b7e9f3",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "4f0ecf50cdf76da95828578a92f130b653ac2fcf",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "db205b92dfe0501e5b92fb7cf00971d0e44ba3eb",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "26e75716b94d6ff9be5ea07d63675c4d189f30b4",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "ab2248110738d4429668140ad22f530a9ee730e1",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "f99a3fbf023e20b626be4b0f042463d598050c9a",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_drr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.294",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.182",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.138",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.294",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.238",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.182",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.138",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.90",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.28",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.6",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: drr: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard\u0027s report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc\u0027s enqueue callback reentrant.\nIn the case of drr, there won\u0027t be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nIn addition to checking for qlen being zero, this patch checks whether the\nclass was already added to the active_list (cl_is_active) before adding\nto the list to cover for the reentrant case.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:17:34.269Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5da3aad1a13e7edb8ff0778a444ccf49930313e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b07ac06b0a712923255aaf2691637693fc7100d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2968632880f1792007eedd12eeedf7f6e2b7e9f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f0ecf50cdf76da95828578a92f130b653ac2fcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/db205b92dfe0501e5b92fb7cf00971d0e44ba3eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/26e75716b94d6ff9be5ea07d63675c4d189f30b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab2248110738d4429668140ad22f530a9ee730e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f99a3fbf023e20b626be4b0f042463d598050c9a"
        }
      ],
      "title": "net_sched: drr: Fix double list add in class with netem as child qdisc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37915",
    "datePublished": "2025-05-20T15:21:46.440Z",
    "dateReserved": "2025-04-16T04:51:23.967Z",
    "dateUpdated": "2026-05-11T21:17:34.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-37923 (GCVE-0-2025-37923)

Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17

Title

tracing: Fix oob write in trace_seq_to_buffer()

Summary

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260 CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106 trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 .... ================================================================== It has been reported that trace_seq_to_buffer() tries to copy more data than PAGE_SIZE to buf. Therefore, to prevent this, we should use the smaller of trace_seq_used(&iter->seq) and PAGE_SIZE as an argument.

Severity

No CVSS data available.

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/f4b0174e9f18aaba5…
https://git.kernel.org/stable/c/665ce421041890571…
https://git.kernel.org/stable/c/1a3f9482b50b74fa9…
https://git.kernel.org/stable/c/441021e5b3c7d9bd1…
https://git.kernel.org/stable/c/056ebbddb8faf4ddf…
https://git.kernel.org/stable/c/1f27a3e93b8d674b2…
https://git.kernel.org/stable/c/c5d2b66c5ef5037b4…
https://git.kernel.org/stable/c/f5178c41bb43444a6…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < f4b0174e9f18aaba59ee6ffdaf8827a7f94eb606 (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 665ce421041890571852422487f4c613d1824ba9 (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 1a3f9482b50b74fa9421bff8ceecfefd0dc06f8f (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 441021e5b3c7d9bd1b963590652c415929f3b157 (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 056ebbddb8faf4ddf83d005454dd78fc25c2d897 (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 1f27a3e93b8d674b24b27fcdbc6f72743cd96c0d (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < c5d2b66c5ef5037b4b4360e5447605ff00ba1bd4 (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < f5178c41bb43444a6008150fe6094497135d07cb (git)
Linux	Linux	Affected: 2.6.30 Unaffected: 0 , < 2.6.30 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:21.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f4b0174e9f18aaba59ee6ffdaf8827a7f94eb606",
              "status": "affected",
              "version": "3c56819b14b00dd449bd776303e61f8532fad09f",
              "versionType": "git"
            },
            {
              "lessThan": "665ce421041890571852422487f4c613d1824ba9",
              "status": "affected",
              "version": "3c56819b14b00dd449bd776303e61f8532fad09f",
              "versionType": "git"
            },
            {
              "lessThan": "1a3f9482b50b74fa9421bff8ceecfefd0dc06f8f",
              "status": "affected",
              "version": "3c56819b14b00dd449bd776303e61f8532fad09f",
              "versionType": "git"
            },
            {
              "lessThan": "441021e5b3c7d9bd1b963590652c415929f3b157",
              "status": "affected",
              "version": "3c56819b14b00dd449bd776303e61f8532fad09f",
              "versionType": "git"
            },
            {
              "lessThan": "056ebbddb8faf4ddf83d005454dd78fc25c2d897",
              "status": "affected",
              "version": "3c56819b14b00dd449bd776303e61f8532fad09f",
              "versionType": "git"
            },
            {
              "lessThan": "1f27a3e93b8d674b24b27fcdbc6f72743cd96c0d",
              "status": "affected",
              "version": "3c56819b14b00dd449bd776303e61f8532fad09f",
              "versionType": "git"
            },
            {
              "lessThan": "c5d2b66c5ef5037b4b4360e5447605ff00ba1bd4",
              "status": "affected",
              "version": "3c56819b14b00dd449bd776303e61f8532fad09f",
              "versionType": "git"
            },
            {
              "lessThan": "f5178c41bb43444a6008150fe6094497135d07cb",
              "status": "affected",
              "version": "3c56819b14b00dd449bd776303e61f8532fad09f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.294",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.182",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.138",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.294",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.238",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.182",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.138",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.90",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.28",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.6",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix oob write in trace_seq_to_buffer()\n\nsyzbot reported this bug:\n==================================================================\nBUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]\nBUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822\nWrite of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260\n\nCPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106\n trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]\n tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822\n ....\n==================================================================\n\nIt has been reported that trace_seq_to_buffer() tries to copy more data\nthan PAGE_SIZE to buf. Therefore, to prevent this, we should use the\nsmaller of trace_seq_used(\u0026iter-\u003eseq) and PAGE_SIZE as an argument."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:17:43.384Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f4b0174e9f18aaba59ee6ffdaf8827a7f94eb606"
        },
        {
          "url": "https://git.kernel.org/stable/c/665ce421041890571852422487f4c613d1824ba9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a3f9482b50b74fa9421bff8ceecfefd0dc06f8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/441021e5b3c7d9bd1b963590652c415929f3b157"
        },
        {
          "url": "https://git.kernel.org/stable/c/056ebbddb8faf4ddf83d005454dd78fc25c2d897"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f27a3e93b8d674b24b27fcdbc6f72743cd96c0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5d2b66c5ef5037b4b4360e5447605ff00ba1bd4"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5178c41bb43444a6008150fe6094497135d07cb"
        }
      ],
      "title": "tracing: Fix oob write in trace_seq_to_buffer()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37923",
    "datePublished": "2025-05-20T15:21:51.927Z",
    "dateReserved": "2025-04-16T04:51:23.969Z",
    "dateUpdated": "2026-05-11T21:17:43.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-37927 (GCVE-0-2025-37927)

Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17

Title

iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid

Summary

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIID_LEN against a total string length doesn't take into account the lengths of individual hid and uid buffers so the check is insufficient in some cases. For example if the length of hid string is 4 and the length of the uid string is 260, the length of str will be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer which size is 256. The same applies to the hid string with length 13 and uid string with length 250. Check the length of hid and uid strings separately to prevent buffer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity

No CVSS data available.

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/2b65060c84ee4d8dc…
https://git.kernel.org/stable/c/a65ebfed65fa62797…
https://git.kernel.org/stable/c/466d9da267079a8d3…
https://git.kernel.org/stable/c/c3f37faa71f5d26dd…
https://git.kernel.org/stable/c/13d67528e1ae4486e…
https://git.kernel.org/stable/c/10d901a95f8e766e5…
https://git.kernel.org/stable/c/c8bdfc0297965bb13…
https://git.kernel.org/stable/c/8dee308e4c01dea48…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 2b65060c84ee4d8dc64fae6d2728b528e9e832e1 (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < a65ebfed65fa62797ec1f5f1dcf7adb157a2de1e (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 466d9da267079a8d3b69fa72dfa3a732e1f6dbb5 (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < c3f37faa71f5d26dd2144b3f2b14525ec8f5e41f (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 13d67528e1ae4486e9ab24b70122fab104c73c29 (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 10d901a95f8e766e5aa0bb9a983fb41271f64718 (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < c8bdfc0297965bb13fa439d36ca9c4f7c8447f0f (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 8dee308e4c01dea48fc104d37f92d5b58c50b96c (git)
Linux	Linux	Affected: 4.7 Unaffected: 0 , < 4.7 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:24.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/amd/init.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2b65060c84ee4d8dc64fae6d2728b528e9e832e1",
              "status": "affected",
              "version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
              "versionType": "git"
            },
            {
              "lessThan": "a65ebfed65fa62797ec1f5f1dcf7adb157a2de1e",
              "status": "affected",
              "version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
              "versionType": "git"
            },
            {
              "lessThan": "466d9da267079a8d3b69fa72dfa3a732e1f6dbb5",
              "status": "affected",
              "version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
              "versionType": "git"
            },
            {
              "lessThan": "c3f37faa71f5d26dd2144b3f2b14525ec8f5e41f",
              "status": "affected",
              "version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
              "versionType": "git"
            },
            {
              "lessThan": "13d67528e1ae4486e9ab24b70122fab104c73c29",
              "status": "affected",
              "version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
              "versionType": "git"
            },
            {
              "lessThan": "10d901a95f8e766e5aa0bb9a983fb41271f64718",
              "status": "affected",
              "version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
              "versionType": "git"
            },
            {
              "lessThan": "c8bdfc0297965bb13fa439d36ca9c4f7c8447f0f",
              "status": "affected",
              "version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
              "versionType": "git"
            },
            {
              "lessThan": "8dee308e4c01dea48fc104d37f92d5b58c50b96c",
              "status": "affected",
              "version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/amd/init.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.294",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.182",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.138",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.294",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.238",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.182",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.138",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.90",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.28",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.6",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid\n\nThere is a string parsing logic error which can lead to an overflow of hid\nor uid buffers. Comparing ACPIID_LEN against a total string length doesn\u0027t\ntake into account the lengths of individual hid and uid buffers so the\ncheck is insufficient in some cases. For example if the length of hid\nstring is 4 and the length of the uid string is 260, the length of str\nwill be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer\nwhich size is 256.\n\nThe same applies to the hid string with length 13 and uid string with\nlength 250.\n\nCheck the length of hid and uid strings separately to prevent\nbuffer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:17:48.029Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2b65060c84ee4d8dc64fae6d2728b528e9e832e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a65ebfed65fa62797ec1f5f1dcf7adb157a2de1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/466d9da267079a8d3b69fa72dfa3a732e1f6dbb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3f37faa71f5d26dd2144b3f2b14525ec8f5e41f"
        },
        {
          "url": "https://git.kernel.org/stable/c/13d67528e1ae4486e9ab24b70122fab104c73c29"
        },
        {
          "url": "https://git.kernel.org/stable/c/10d901a95f8e766e5aa0bb9a983fb41271f64718"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8bdfc0297965bb13fa439d36ca9c4f7c8447f0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8dee308e4c01dea48fc104d37f92d5b58c50b96c"
        }
      ],
      "title": "iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37927",
    "datePublished": "2025-05-20T15:21:53.973Z",
    "dateReserved": "2025-04-16T04:51:23.969Z",
    "dateUpdated": "2026-05-11T21:17:48.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-37930 (GCVE-0-2025-37930)

Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17

Title

drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences only ever get signaled through nouveau_fence_signal(). However, in at least one other place, nouveau_fence_done(), can signal fences, too. If that happens (race) a signaled fence remains in the pending list for a while, until it gets removed by nouveau_fence_update(). Should nouveau_fence_context_kill() run in the meantime, this would be a bug because the function would attempt to set an error code on an already signaled fence. Have nouveau_fence_context_kill() check for a fence being signaled.

Severity

No CVSS data available.

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/39d6e889c0b19a2c7…
https://git.kernel.org/stable/c/2ec0f5f6d4768f292…
https://git.kernel.org/stable/c/47ca11836c35c5698…
https://git.kernel.org/stable/c/126f5c6e0cb84e5c6…
https://git.kernel.org/stable/c/b771b2017260ffc3a…
https://git.kernel.org/stable/c/0453825167ecc816e…
https://git.kernel.org/stable/c/bbe5679f30d7690a9…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: ea13e5abf807ea912ce84eef6a1946b9a38c6508 , < 39d6e889c0b19a2c79e1c74c843ea7c2d0f99c28 (git) Affected: ea13e5abf807ea912ce84eef6a1946b9a38c6508 , < 2ec0f5f6d4768f292c8406ed92fa699f184577e5 (git) Affected: ea13e5abf807ea912ce84eef6a1946b9a38c6508 , < 47ca11836c35c5698088fd87f7fb4b0ffa217e17 (git) Affected: ea13e5abf807ea912ce84eef6a1946b9a38c6508 , < 126f5c6e0cb84e5c6f7a3a856d799d85668fb38e (git) Affected: ea13e5abf807ea912ce84eef6a1946b9a38c6508 , < b771b2017260ffc3a8d4e81266619649bffcb242 (git) Affected: ea13e5abf807ea912ce84eef6a1946b9a38c6508 , < 0453825167ecc816ec15c736e52316f69db0deb9 (git) Affected: ea13e5abf807ea912ce84eef6a1946b9a38c6508 , < bbe5679f30d7690a9b6838a583b9690ea73fe0e9 (git)
Linux	Linux	Affected: 5.6 Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:29.035Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_fence.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "39d6e889c0b19a2c79e1c74c843ea7c2d0f99c28",
              "status": "affected",
              "version": "ea13e5abf807ea912ce84eef6a1946b9a38c6508",
              "versionType": "git"
            },
            {
              "lessThan": "2ec0f5f6d4768f292c8406ed92fa699f184577e5",
              "status": "affected",
              "version": "ea13e5abf807ea912ce84eef6a1946b9a38c6508",
              "versionType": "git"
            },
            {
              "lessThan": "47ca11836c35c5698088fd87f7fb4b0ffa217e17",
              "status": "affected",
              "version": "ea13e5abf807ea912ce84eef6a1946b9a38c6508",
              "versionType": "git"
            },
            {
              "lessThan": "126f5c6e0cb84e5c6f7a3a856d799d85668fb38e",
              "status": "affected",
              "version": "ea13e5abf807ea912ce84eef6a1946b9a38c6508",
              "versionType": "git"
            },
            {
              "lessThan": "b771b2017260ffc3a8d4e81266619649bffcb242",
              "status": "affected",
              "version": "ea13e5abf807ea912ce84eef6a1946b9a38c6508",
              "versionType": "git"
            },
            {
              "lessThan": "0453825167ecc816ec15c736e52316f69db0deb9",
              "status": "affected",
              "version": "ea13e5abf807ea912ce84eef6a1946b9a38c6508",
              "versionType": "git"
            },
            {
              "lessThan": "bbe5679f30d7690a9b6838a583b9690ea73fe0e9",
              "status": "affected",
              "version": "ea13e5abf807ea912ce84eef6a1946b9a38c6508",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_fence.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.182",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.138",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.238",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.182",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.138",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.90",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.28",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.6",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()\n\nNouveau is mostly designed in a way that it\u0027s expected that fences only\never get signaled through nouveau_fence_signal(). However, in at least\none other place, nouveau_fence_done(), can signal fences, too. If that\nhappens (race) a signaled fence remains in the pending list for a while,\nuntil it gets removed by nouveau_fence_update().\n\nShould nouveau_fence_context_kill() run in the meantime, this would be\na bug because the function would attempt to set an error code on an\nalready signaled fence.\n\nHave nouveau_fence_context_kill() check for a fence being signaled."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:17:51.391Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/39d6e889c0b19a2c79e1c74c843ea7c2d0f99c28"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ec0f5f6d4768f292c8406ed92fa699f184577e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/47ca11836c35c5698088fd87f7fb4b0ffa217e17"
        },
        {
          "url": "https://git.kernel.org/stable/c/126f5c6e0cb84e5c6f7a3a856d799d85668fb38e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b771b2017260ffc3a8d4e81266619649bffcb242"
        },
        {
          "url": "https://git.kernel.org/stable/c/0453825167ecc816ec15c736e52316f69db0deb9"
        },
        {
          "url": "https://git.kernel.org/stable/c/bbe5679f30d7690a9b6838a583b9690ea73fe0e9"
        }
      ],
      "title": "drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37930",
    "datePublished": "2025-05-20T15:21:55.941Z",
    "dateReserved": "2025-04-16T04:51:23.970Z",
    "dateUpdated": "2026-05-11T21:17:51.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-37932 (GCVE-0-2025-37932)

Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17

Title

sch_htb: make htb_qlen_notify() idempotent

Summary

In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life.

Severity

No CVSS data available.

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/e6b45f4de763b00dc…
https://git.kernel.org/stable/c/32ae12ce6a9f6bace…
https://git.kernel.org/stable/c/967955c9e57f8eebf…
https://git.kernel.org/stable/c/73cf6af13153d62f9…
https://git.kernel.org/stable/c/bbbf5e0f87078b715…
https://git.kernel.org/stable/c/0a188c0e197383683…
https://git.kernel.org/stable/c/a61f1b5921761fbaf…
https://git.kernel.org/stable/c/5ba8b837b522d7051…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 959466588aa7f84ccf79ae36a1d89542eaf9aaec , < e6b45f4de763b00dc1c55e685e2dd1aaf525d3c1 (git) Affected: 959466588aa7f84ccf79ae36a1d89542eaf9aaec , < 32ae12ce6a9f6bace186ca7335220ff59b6cc3cd (git) Affected: 959466588aa7f84ccf79ae36a1d89542eaf9aaec , < 967955c9e57f8eebfccc298037d4aaf3d42bc1c9 (git) Affected: 959466588aa7f84ccf79ae36a1d89542eaf9aaec , < 73cf6af13153d62f9b76eff422eea79dbc70f15e (git) Affected: 959466588aa7f84ccf79ae36a1d89542eaf9aaec , < bbbf5e0f87078b715e7a665d662a2c0e77f044ae (git) Affected: 959466588aa7f84ccf79ae36a1d89542eaf9aaec , < 0a188c0e197383683fd093ab1ea6ce9a5869a6ea (git) Affected: 959466588aa7f84ccf79ae36a1d89542eaf9aaec , < a61f1b5921761fbaf166231418bc1db301e5bf59 (git) Affected: 959466588aa7f84ccf79ae36a1d89542eaf9aaec , < 5ba8b837b522d7051ef81bacf3d95383ff8edce5 (git)
Linux	Linux	Affected: 4.14 Unaffected: 0 , < 4.14 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.241 , ≤ 5.10.* (semver) Unaffected: 5.15.190 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:30.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_htb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e6b45f4de763b00dc1c55e685e2dd1aaf525d3c1",
              "status": "affected",
              "version": "959466588aa7f84ccf79ae36a1d89542eaf9aaec",
              "versionType": "git"
            },
            {
              "lessThan": "32ae12ce6a9f6bace186ca7335220ff59b6cc3cd",
              "status": "affected",
              "version": "959466588aa7f84ccf79ae36a1d89542eaf9aaec",
              "versionType": "git"
            },
            {
              "lessThan": "967955c9e57f8eebfccc298037d4aaf3d42bc1c9",
              "status": "affected",
              "version": "959466588aa7f84ccf79ae36a1d89542eaf9aaec",
              "versionType": "git"
            },
            {
              "lessThan": "73cf6af13153d62f9b76eff422eea79dbc70f15e",
              "status": "affected",
              "version": "959466588aa7f84ccf79ae36a1d89542eaf9aaec",
              "versionType": "git"
            },
            {
              "lessThan": "bbbf5e0f87078b715e7a665d662a2c0e77f044ae",
              "status": "affected",
              "version": "959466588aa7f84ccf79ae36a1d89542eaf9aaec",
              "versionType": "git"
            },
            {
              "lessThan": "0a188c0e197383683fd093ab1ea6ce9a5869a6ea",
              "status": "affected",
              "version": "959466588aa7f84ccf79ae36a1d89542eaf9aaec",
              "versionType": "git"
            },
            {
              "lessThan": "a61f1b5921761fbaf166231418bc1db301e5bf59",
              "status": "affected",
              "version": "959466588aa7f84ccf79ae36a1d89542eaf9aaec",
              "versionType": "git"
            },
            {
              "lessThan": "5ba8b837b522d7051ef81bacf3d95383ff8edce5",
              "status": "affected",
              "version": "959466588aa7f84ccf79ae36a1d89542eaf9aaec",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_htb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.294",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.138",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.294",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.138",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.90",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.28",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.6",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_htb: make htb_qlen_notify() idempotent\n\nhtb_qlen_notify() always deactivates the HTB class and in fact could\ntrigger a warning if it is already deactivated. Therefore, it is not\nidempotent and not friendly to its callers, like fq_codel_dequeue().\n\nLet\u0027s make it idempotent to ease qdisc_tree_reduce_backlog() callers\u0027\nlife."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:17:53.987Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e6b45f4de763b00dc1c55e685e2dd1aaf525d3c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/32ae12ce6a9f6bace186ca7335220ff59b6cc3cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/967955c9e57f8eebfccc298037d4aaf3d42bc1c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/73cf6af13153d62f9b76eff422eea79dbc70f15e"
        },
        {
          "url": "https://git.kernel.org/stable/c/bbbf5e0f87078b715e7a665d662a2c0e77f044ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a188c0e197383683fd093ab1ea6ce9a5869a6ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/a61f1b5921761fbaf166231418bc1db301e5bf59"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ba8b837b522d7051ef81bacf3d95383ff8edce5"
        }
      ],
      "title": "sch_htb: make htb_qlen_notify() idempotent",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37932",
    "datePublished": "2025-05-20T15:21:57.469Z",
    "dateReserved": "2025-04-16T04:51:23.970Z",
    "dateUpdated": "2026-05-11T21:17:53.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-37940 (GCVE-0-2025-37940)

Vulnerability from cvelistv5 – Published: 2025-05-20 15:58 – Updated: 2026-05-11 21:18

Title

ftrace: Add cond_resched() to ftrace_graph_set_hash()

Summary

In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced, the loop in ftrace_graph_set_hash() may take a lot of time to execute. This may trigger the softlockup watchdog. Add cond_resched() within the loop to allow the kernel to remain responsive even when processing a large number of functions. This matches the cond_resched() that is used in other locations of the code that iterates over all functions that can be traced.

Severity

No CVSS data available.

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/e5b4ae6f01d4a510d…
https://git.kernel.org/stable/c/618655d54c5f8af5d…
https://git.kernel.org/stable/c/dd38803c9088b848c…
https://git.kernel.org/stable/c/8dd7d7280357596ba…
https://git.kernel.org/stable/c/5d336ac215e5c76e4…
https://git.kernel.org/stable/c/1fce9574b9d515bcb…
https://git.kernel.org/stable/c/4429535acab750d96…
https://git.kernel.org/stable/c/72be43ff061a889c6…
https://git.kernel.org/stable/c/42ea22e754ba4f2b8…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: b9b0c831bed2682c2e3e9f5420fb6985549ef020 , < e5b4ae6f01d4a510d5725eca7254519a1093920d (git) Affected: b9b0c831bed2682c2e3e9f5420fb6985549ef020 , < 618655d54c5f8af5d57b77491d08c0f0ff77d114 (git) Affected: b9b0c831bed2682c2e3e9f5420fb6985549ef020 , < dd38803c9088b848c6b56f4f6d7efc4497bfde61 (git) Affected: b9b0c831bed2682c2e3e9f5420fb6985549ef020 , < 8dd7d7280357596ba63dfdb4c1725d9dd24bd42a (git) Affected: b9b0c831bed2682c2e3e9f5420fb6985549ef020 , < 5d336ac215e5c76e43ef4bca9ba699835e53e2fd (git) Affected: b9b0c831bed2682c2e3e9f5420fb6985549ef020 , < 1fce9574b9d515bcb8a75379a8053e18602424e3 (git) Affected: b9b0c831bed2682c2e3e9f5420fb6985549ef020 , < 4429535acab750d963fdc3dfcc9e0eee42f4d599 (git) Affected: b9b0c831bed2682c2e3e9f5420fb6985549ef020 , < 72be43ff061a889c6ee648a330a42486cafa15a6 (git) Affected: b9b0c831bed2682c2e3e9f5420fb6985549ef020 , < 42ea22e754ba4f2b86f8760ca27f6f71da2d982c (git)
Linux	Linux	Affected: 4.11 Unaffected: 0 , < 4.11 (semver) Unaffected: 5.4.293 , ≤ 5.4.* (semver) Unaffected: 5.10.237 , ≤ 5.10.* (semver) Unaffected: 5.15.181 , ≤ 5.15.* (semver) Unaffected: 6.1.135 , ≤ 6.1.* (semver) Unaffected: 6.6.88 , ≤ 6.6.* (semver) Unaffected: 6.12.24 , ≤ 6.12.* (semver) Unaffected: 6.13.12 , ≤ 6.13.* (semver) Unaffected: 6.14.3 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:35.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/ftrace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e5b4ae6f01d4a510d5725eca7254519a1093920d",
              "status": "affected",
              "version": "b9b0c831bed2682c2e3e9f5420fb6985549ef020",
              "versionType": "git"
            },
            {
              "lessThan": "618655d54c5f8af5d57b77491d08c0f0ff77d114",
              "status": "affected",
              "version": "b9b0c831bed2682c2e3e9f5420fb6985549ef020",
              "versionType": "git"
            },
            {
              "lessThan": "dd38803c9088b848c6b56f4f6d7efc4497bfde61",
              "status": "affected",
              "version": "b9b0c831bed2682c2e3e9f5420fb6985549ef020",
              "versionType": "git"
            },
            {
              "lessThan": "8dd7d7280357596ba63dfdb4c1725d9dd24bd42a",
              "status": "affected",
              "version": "b9b0c831bed2682c2e3e9f5420fb6985549ef020",
              "versionType": "git"
            },
            {
              "lessThan": "5d336ac215e5c76e43ef4bca9ba699835e53e2fd",
              "status": "affected",
              "version": "b9b0c831bed2682c2e3e9f5420fb6985549ef020",
              "versionType": "git"
            },
            {
              "lessThan": "1fce9574b9d515bcb8a75379a8053e18602424e3",
              "status": "affected",
              "version": "b9b0c831bed2682c2e3e9f5420fb6985549ef020",
              "versionType": "git"
            },
            {
              "lessThan": "4429535acab750d963fdc3dfcc9e0eee42f4d599",
              "status": "affected",
              "version": "b9b0c831bed2682c2e3e9f5420fb6985549ef020",
              "versionType": "git"
            },
            {
              "lessThan": "72be43ff061a889c6ee648a330a42486cafa15a6",
              "status": "affected",
              "version": "b9b0c831bed2682c2e3e9f5420fb6985549ef020",
              "versionType": "git"
            },
            {
              "lessThan": "42ea22e754ba4f2b86f8760ca27f6f71da2d982c",
              "status": "affected",
              "version": "b9b0c831bed2682c2e3e9f5420fb6985549ef020",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/ftrace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.135",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.293",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.135",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.88",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.24",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.12",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.3",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Add cond_resched() to ftrace_graph_set_hash()\n\nWhen the kernel contains a large number of functions that can be traced,\nthe loop in ftrace_graph_set_hash() may take a lot of time to execute.\nThis may trigger the softlockup watchdog.\n\nAdd cond_resched() within the loop to allow the kernel to remain\nresponsive even when processing a large number of functions.\n\nThis matches the cond_resched() that is used in other locations of the\ncode that iterates over all functions that can be traced."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:18:03.926Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e5b4ae6f01d4a510d5725eca7254519a1093920d"
        },
        {
          "url": "https://git.kernel.org/stable/c/618655d54c5f8af5d57b77491d08c0f0ff77d114"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd38803c9088b848c6b56f4f6d7efc4497bfde61"
        },
        {
          "url": "https://git.kernel.org/stable/c/8dd7d7280357596ba63dfdb4c1725d9dd24bd42a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d336ac215e5c76e43ef4bca9ba699835e53e2fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fce9574b9d515bcb8a75379a8053e18602424e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4429535acab750d963fdc3dfcc9e0eee42f4d599"
        },
        {
          "url": "https://git.kernel.org/stable/c/72be43ff061a889c6ee648a330a42486cafa15a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/42ea22e754ba4f2b86f8760ca27f6f71da2d982c"
        }
      ],
      "title": "ftrace: Add cond_resched() to ftrace_graph_set_hash()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37940",
    "datePublished": "2025-05-20T15:58:17.634Z",
    "dateReserved": "2025-04-16T04:51:23.971Z",
    "dateUpdated": "2026-05-11T21:18:03.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-37949 (GCVE-0-2025-37949)

Vulnerability from cvelistv5 – Published: 2025-05-20 16:01 – Updated: 2026-05-11 21:18

Title

xenbus: Use kref to track req lifetime

Summary

In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace: <TASK> __wake_up_common_lock+0x82/0xd0 process_msg+0x18e/0x2f0 xenbus_thread+0x165/0x1c0 process_msg+0x18e is req->cb(req). req->cb is set to xs_wake_up(), a thin wrapper around wake_up(), or xenbus_dev_queue_reply(). It seems like it was xs_wake_up() in this case. It seems like req may have woken up the xs_wait_for_reply(), which kfree()ed the req. When xenbus_thread resumes, it faults on the zero-ed data. Linux Device Drivers 2nd edition states: "Normally, a wake_up call can cause an immediate reschedule to happen, meaning that other processes might run before wake_up returns." ... which would match the behaviour observed. Change to keeping two krefs on each request. One for the caller, and one for xenbus_thread. Each will kref_put() when finished, and the last will free it. This use of kref matches the description in Documentation/core-api/kref.rst

Severity

No CVSS data available.

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/0e94a246bb6d95380…
https://git.kernel.org/stable/c/f1bcac367bc95631a…
https://git.kernel.org/stable/c/4d260a5558df4650e…
https://git.kernel.org/stable/c/8b02f85e84dc6f7c1…
https://git.kernel.org/stable/c/cbfaf46b88a4c01b6…
https://git.kernel.org/stable/c/8e9c8a0393b5f85f1…
https://git.kernel.org/stable/c/2466b0f66795c3c42…
https://git.kernel.org/stable/c/1f0304dfd9d217c2f…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: fd8aa9095a95c02dcc35540a263267c29b8fda9d , < 0e94a246bb6d9538010b6c02d2b1d4717a97b2e5 (git) Affected: fd8aa9095a95c02dcc35540a263267c29b8fda9d , < f1bcac367bc95631afbb918348f30dec887d0e1b (git) Affected: fd8aa9095a95c02dcc35540a263267c29b8fda9d , < 4d260a5558df4650eb87bc41b2c9ac2d6b2ba447 (git) Affected: fd8aa9095a95c02dcc35540a263267c29b8fda9d , < 8b02f85e84dc6f7c150cef40ddb69af5a25659e5 (git) Affected: fd8aa9095a95c02dcc35540a263267c29b8fda9d , < cbfaf46b88a4c01b64c4186cdccd766c19ae644c (git) Affected: fd8aa9095a95c02dcc35540a263267c29b8fda9d , < 8e9c8a0393b5f85f1820c565ab8105660f4e8f92 (git) Affected: fd8aa9095a95c02dcc35540a263267c29b8fda9d , < 2466b0f66795c3c426cacc8998499f38031dbb59 (git) Affected: fd8aa9095a95c02dcc35540a263267c29b8fda9d , < 1f0304dfd9d217c2f8b04a9ef4b3258a66eedd27 (git)
Linux	Linux	Affected: 4.11 Unaffected: 0 , < 4.11 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.183 , ≤ 5.15.* (semver) Unaffected: 6.1.139 , ≤ 6.1.* (semver) Unaffected: 6.6.91 , ≤ 6.6.* (semver) Unaffected: 6.12.29 , ≤ 6.12.* (semver) Unaffected: 6.14.7 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:40.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/xen/xenbus/xenbus.h",
            "drivers/xen/xenbus/xenbus_comms.c",
            "drivers/xen/xenbus/xenbus_dev_frontend.c",
            "drivers/xen/xenbus/xenbus_xs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0e94a246bb6d9538010b6c02d2b1d4717a97b2e5",
              "status": "affected",
              "version": "fd8aa9095a95c02dcc35540a263267c29b8fda9d",
              "versionType": "git"
            },
            {
              "lessThan": "f1bcac367bc95631afbb918348f30dec887d0e1b",
              "status": "affected",
              "version": "fd8aa9095a95c02dcc35540a263267c29b8fda9d",
              "versionType": "git"
            },
            {
              "lessThan": "4d260a5558df4650eb87bc41b2c9ac2d6b2ba447",
              "status": "affected",
              "version": "fd8aa9095a95c02dcc35540a263267c29b8fda9d",
              "versionType": "git"
            },
            {
              "lessThan": "8b02f85e84dc6f7c150cef40ddb69af5a25659e5",
              "status": "affected",
              "version": "fd8aa9095a95c02dcc35540a263267c29b8fda9d",
              "versionType": "git"
            },
            {
              "lessThan": "cbfaf46b88a4c01b64c4186cdccd766c19ae644c",
              "status": "affected",
              "version": "fd8aa9095a95c02dcc35540a263267c29b8fda9d",
              "versionType": "git"
            },
            {
              "lessThan": "8e9c8a0393b5f85f1820c565ab8105660f4e8f92",
              "status": "affected",
              "version": "fd8aa9095a95c02dcc35540a263267c29b8fda9d",
              "versionType": "git"
            },
            {
              "lessThan": "2466b0f66795c3c426cacc8998499f38031dbb59",
              "status": "affected",
              "version": "fd8aa9095a95c02dcc35540a263267c29b8fda9d",
              "versionType": "git"
            },
            {
              "lessThan": "1f0304dfd9d217c2f8b04a9ef4b3258a66eedd27",
              "status": "affected",
              "version": "fd8aa9095a95c02dcc35540a263267c29b8fda9d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/xen/xenbus/xenbus.h",
            "drivers/xen/xenbus/xenbus_comms.c",
            "drivers/xen/xenbus/xenbus_dev_frontend.c",
            "drivers/xen/xenbus/xenbus_xs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.294",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.183",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.139",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.294",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.238",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.183",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.139",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.91",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.29",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.7",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxenbus: Use kref to track req lifetime\n\nMarek reported seeing a NULL pointer fault in the xenbus_thread\ncallstack:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: e030:__wake_up_common+0x4c/0x180\nCall Trace:\n \u003cTASK\u003e\n __wake_up_common_lock+0x82/0xd0\n process_msg+0x18e/0x2f0\n xenbus_thread+0x165/0x1c0\n\nprocess_msg+0x18e is req-\u003ecb(req).  req-\u003ecb is set to xs_wake_up(), a\nthin wrapper around wake_up(), or xenbus_dev_queue_reply().  It seems\nlike it was xs_wake_up() in this case.\n\nIt seems like req may have woken up the xs_wait_for_reply(), which\nkfree()ed the req.  When xenbus_thread resumes, it faults on the zero-ed\ndata.\n\nLinux Device Drivers 2nd edition states:\n\"Normally, a wake_up call can cause an immediate reschedule to happen,\nmeaning that other processes might run before wake_up returns.\"\n... which would match the behaviour observed.\n\nChange to keeping two krefs on each request.  One for the caller, and\none for xenbus_thread.  Each will kref_put() when finished, and the last\nwill free it.\n\nThis use of kref matches the description in\nDocumentation/core-api/kref.rst"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:18:13.156Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0e94a246bb6d9538010b6c02d2b1d4717a97b2e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1bcac367bc95631afbb918348f30dec887d0e1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d260a5558df4650eb87bc41b2c9ac2d6b2ba447"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b02f85e84dc6f7c150cef40ddb69af5a25659e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbfaf46b88a4c01b64c4186cdccd766c19ae644c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e9c8a0393b5f85f1820c565ab8105660f4e8f92"
        },
        {
          "url": "https://git.kernel.org/stable/c/2466b0f66795c3c426cacc8998499f38031dbb59"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f0304dfd9d217c2f8b04a9ef4b3258a66eedd27"
        }
      ],
      "title": "xenbus: Use kref to track req lifetime",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37949",
    "datePublished": "2025-05-20T16:01:45.242Z",
    "dateReserved": "2025-04-16T04:51:23.972Z",
    "dateUpdated": "2026-05-11T21:18:13.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-37964 (GCVE-0-2025-37964)

Vulnerability from cvelistv5 – Published: 2025-05-20 16:01 – Updated: 2026-05-23 15:58

Title

x86/mm: Eliminate window where TLB flushes may be inadvertently skipped

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the new CR3 is set and the CPU should be getting TLB flushes for the new mm. But should_flush_tlb() has a bug and suppresses the flush. Fix it by widening the window where should_flush_tlb() sends an IPI. Long Version: === History === There were a few things leading up to this. First, updating mm_cpumask() was observed to be too expensive, so it was made lazier. But being lazy caused too many unnecessary IPIs to CPUs due to the now-lazy mm_cpumask(). So code was added to cull mm_cpumask() periodically[2]. But that culling was a bit too aggressive and skipped sending TLB flushes to CPUs that need them. So here we are again. === Problem === The too-aggressive code in should_flush_tlb() strikes in this window: // Turn on IPIs for this CPU/mm combination, but only // if should_flush_tlb() agrees: cpumask_set_cpu(cpu, mm_cpumask(next)); next_tlb_gen = atomic64_read(&next->context.tlb_gen); choose_new_asid(next, next_tlb_gen, &new_asid, &need_flush); load_new_mm_cr3(need_flush); // ^ After 'need_flush' is set to false, IPIs *MUST* // be sent to this CPU and not be ignored. this_cpu_write(cpu_tlbstate.loaded_mm, next); // ^ Not until this point does should_flush_tlb() // become true! should_flush_tlb() will suppress TLB flushes between load_new_mm_cr3() and writing to 'loaded_mm', which is a window where they should not be suppressed. Whoops. === Solution === Thankfully, the fuzzy "just about to write CR3" window is already marked with loaded_mm==LOADED_MM_SWITCHING. Simply checking for that state in should_flush_tlb() is sufficient to ensure that the CPU is targeted with an IPI. This will cause more TLB flush IPIs. But the window is relatively small and I do not expect this to cause any kind of measurable performance impact. Update the comment where LOADED_MM_SWITCHING is written since it grew yet another user. Peter Z also raised a concern that should_flush_tlb() might not observe 'loaded_mm' and 'is_lazy' in the same order that switch_mm_irqs_off() writes them. Add a barrier to ensure that they are observed in the order they are written.

Severity

No CVSS data available.

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/12f703811af043d32…
https://git.kernel.org/stable/c/02ad4ce144bd27f71…
https://git.kernel.org/stable/c/d41072906abec8bb8…
https://git.kernel.org/stable/c/d87392094f96e162f…
https://git.kernel.org/stable/c/399ec9ca8fc4999e6…
https://git.kernel.org/stable/c/fea4e317f9e7e1f44…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 848b5815177582de0e1d0118725378e0fbadca20 , < 12f703811af043d32b1c8a30001b2fa04d5cd0ac (git) Affected: b47002ed65ade940839b7f439ff4a194e7d5ec28 , < 02ad4ce144bd27f71f583f667fdf3b3ba0753477 (git) Affected: a04fe3bfc71e28009e20357b79df1e8ef7c9d600 , < d41072906abec8bb8e01ed16afefbaa558908c89 (git) Affected: 3dbe889a1b829b4c07e0836ff853fe649e51ce4f , < d87392094f96e162fa5fa5a8640d70cc0952806f (git) Affected: 6db2526c1d694c91c6e05e2f186c085e9460f202 , < 399ec9ca8fc4999e676ff89a90184ec40031cf59 (git) Affected: 6db2526c1d694c91c6e05e2f186c085e9460f202 , < fea4e317f9e7e1f449ce90dedc27a2d2a95bee5a (git) Affected: d1347977661342cb09a304a17701eb2d4aa21dec (git) Affected: 5.15.179 , < 5.15.183 (semver) Affected: 6.1.129 , < 6.1.139 (semver) Affected: 6.6.79 , < 6.6.91 (semver) Affected: 6.12.16 , < 6.12.29 (semver) Affected: 6.13.4 , < 6.14 (semver)
Linux	Linux	Affected: 6.14 Unaffected: 0 , < 6.14 (semver) Unaffected: 5.15.183 , ≤ 5.15.* (semver) Unaffected: 6.1.139 , ≤ 6.1.* (semver) Unaffected: 6.6.91 , ≤ 6.6.* (semver) Unaffected: 6.12.29 , ≤ 6.12.* (semver) Unaffected: 6.14.7 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:49.771Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/tlb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "12f703811af043d32b1c8a30001b2fa04d5cd0ac",
              "status": "affected",
              "version": "848b5815177582de0e1d0118725378e0fbadca20",
              "versionType": "git"
            },
            {
              "lessThan": "02ad4ce144bd27f71f583f667fdf3b3ba0753477",
              "status": "affected",
              "version": "b47002ed65ade940839b7f439ff4a194e7d5ec28",
              "versionType": "git"
            },
            {
              "lessThan": "d41072906abec8bb8e01ed16afefbaa558908c89",
              "status": "affected",
              "version": "a04fe3bfc71e28009e20357b79df1e8ef7c9d600",
              "versionType": "git"
            },
            {
              "lessThan": "d87392094f96e162fa5fa5a8640d70cc0952806f",
              "status": "affected",
              "version": "3dbe889a1b829b4c07e0836ff853fe649e51ce4f",
              "versionType": "git"
            },
            {
              "lessThan": "399ec9ca8fc4999e676ff89a90184ec40031cf59",
              "status": "affected",
              "version": "6db2526c1d694c91c6e05e2f186c085e9460f202",
              "versionType": "git"
            },
            {
              "lessThan": "fea4e317f9e7e1f449ce90dedc27a2d2a95bee5a",
              "status": "affected",
              "version": "6db2526c1d694c91c6e05e2f186c085e9460f202",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d1347977661342cb09a304a17701eb2d4aa21dec",
              "versionType": "git"
            },
            {
              "lessThan": "5.15.183",
              "status": "affected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.139",
              "status": "affected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.91",
              "status": "affected",
              "version": "6.6.79",
              "versionType": "semver"
            },
            {
              "lessThan": "6.12.29",
              "status": "affected",
              "version": "6.12.16",
              "versionType": "semver"
            },
            {
              "lessThan": "6.14",
              "status": "affected",
              "version": "6.13.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/tlb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.183",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.139",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.183",
                  "versionStartIncluding": "5.15.179",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.139",
                  "versionStartIncluding": "6.1.129",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.91",
                  "versionStartIncluding": "6.6.79",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.29",
                  "versionStartIncluding": "6.12.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.7",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.13.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Eliminate window where TLB flushes may be inadvertently skipped\n\ntl;dr: There is a window in the mm switching code where the new CR3 is\nset and the CPU should be getting TLB flushes for the new mm.  But\nshould_flush_tlb() has a bug and suppresses the flush.  Fix it by\nwidening the window where should_flush_tlb() sends an IPI.\n\nLong Version:\n\n=== History ===\n\nThere were a few things leading up to this.\n\nFirst, updating mm_cpumask() was observed to be too expensive, so it was\nmade lazier.  But being lazy caused too many unnecessary IPIs to CPUs\ndue to the now-lazy mm_cpumask().  So code was added to cull\nmm_cpumask() periodically[2].  But that culling was a bit too aggressive\nand skipped sending TLB flushes to CPUs that need them.  So here we are\nagain.\n\n=== Problem ===\n\nThe too-aggressive code in should_flush_tlb() strikes in this window:\n\n\t// Turn on IPIs for this CPU/mm combination, but only\n\t// if should_flush_tlb() agrees:\n\tcpumask_set_cpu(cpu, mm_cpumask(next));\n\n\tnext_tlb_gen = atomic64_read(\u0026next-\u003econtext.tlb_gen);\n\tchoose_new_asid(next, next_tlb_gen, \u0026new_asid, \u0026need_flush);\n\tload_new_mm_cr3(need_flush);\n\t// ^ After \u0027need_flush\u0027 is set to false, IPIs *MUST*\n\t// be sent to this CPU and not be ignored.\n\n        this_cpu_write(cpu_tlbstate.loaded_mm, next);\n\t// ^ Not until this point does should_flush_tlb()\n\t// become true!\n\nshould_flush_tlb() will suppress TLB flushes between load_new_mm_cr3()\nand writing to \u0027loaded_mm\u0027, which is a window where they should not be\nsuppressed.  Whoops.\n\n=== Solution ===\n\nThankfully, the fuzzy \"just about to write CR3\" window is already marked\nwith loaded_mm==LOADED_MM_SWITCHING.  Simply checking for that state in\nshould_flush_tlb() is sufficient to ensure that the CPU is targeted with\nan IPI.\n\nThis will cause more TLB flush IPIs.  But the window is relatively small\nand I do not expect this to cause any kind of measurable performance\nimpact.\n\nUpdate the comment where LOADED_MM_SWITCHING is written since it grew\nyet another user.\n\nPeter Z also raised a concern that should_flush_tlb() might not observe\n\u0027loaded_mm\u0027 and \u0027is_lazy\u0027 in the same order that switch_mm_irqs_off()\nwrites them.  Add a barrier to ensure that they are observed in the\norder they are written."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:58:42.964Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/12f703811af043d32b1c8a30001b2fa04d5cd0ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/02ad4ce144bd27f71f583f667fdf3b3ba0753477"
        },
        {
          "url": "https://git.kernel.org/stable/c/d41072906abec8bb8e01ed16afefbaa558908c89"
        },
        {
          "url": "https://git.kernel.org/stable/c/d87392094f96e162fa5fa5a8640d70cc0952806f"
        },
        {
          "url": "https://git.kernel.org/stable/c/399ec9ca8fc4999e676ff89a90184ec40031cf59"
        },
        {
          "url": "https://git.kernel.org/stable/c/fea4e317f9e7e1f449ce90dedc27a2d2a95bee5a"
        }
      ],
      "title": "x86/mm: Eliminate window where TLB flushes may be inadvertently skipped",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37964",
    "datePublished": "2025-05-20T16:01:56.013Z",
    "dateReserved": "2025-04-16T04:51:23.974Z",
    "dateUpdated": "2026-05-23T15:58:42.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-37967 (GCVE-0-2025-37967)

Vulnerability from cvelistv5 – Published: 2025-05-20 16:47 – Updated: 2026-05-11 21:18

Title

usb: typec: ucsi: displayport: Fix deadlock

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it.

Severity

No CVSS data available.

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/f4bd982563c2fd41e…
https://git.kernel.org/stable/c/f32451ca4cb7dc53f…
https://git.kernel.org/stable/c/962ce9028ca6eb450…
https://git.kernel.org/stable/c/5924b324468845fc7…
https://git.kernel.org/stable/c/61fc1a8e1e10cc784…
https://git.kernel.org/stable/c/364618c89d4c57c85…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < f4bd982563c2fd41ec9ca6c517c392d759db801c (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < f32451ca4cb7dc53f2a0e2e66b84d34162747eb7 (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 962ce9028ca6eb450d5c205238a3ee27de9d214d (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 5924b324468845fc795bd76f588f51d7ab4f202d (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 61fc1a8e1e10cc784cab5829930838aaf1d37af5 (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 364618c89d4c57c85e5fc51a2446cd939bf57802 (git)
Linux	Linux	Affected: 5.2 Unaffected: 0 , < 5.2 (semver) Unaffected: 5.15.184 , ≤ 5.15.* (semver) Unaffected: 6.1.140 , ≤ 6.1.* (semver) Unaffected: 6.6.92 , ≤ 6.6.* (semver) Unaffected: 6.12.30 , ≤ 6.12.* (semver) Unaffected: 6.14.7 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:51.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/typec/ucsi/displayport.c",
            "drivers/usb/typec/ucsi/ucsi.c",
            "drivers/usb/typec/ucsi/ucsi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f4bd982563c2fd41ec9ca6c517c392d759db801c",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "f32451ca4cb7dc53f2a0e2e66b84d34162747eb7",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "962ce9028ca6eb450d5c205238a3ee27de9d214d",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "5924b324468845fc795bd76f588f51d7ab4f202d",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "61fc1a8e1e10cc784cab5829930838aaf1d37af5",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "364618c89d4c57c85e5fc51a2446cd939bf57802",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/typec/ucsi/displayport.c",
            "drivers/usb/typec/ucsi/ucsi.c",
            "drivers/usb/typec/ucsi/ucsi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.184",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.184",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.140",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.92",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.30",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.7",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: displayport: Fix deadlock\n\nThis patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock\nfunctions to the UCSI driver. ucsi_con_mutex_lock ensures the connector\nmutex is only locked if a connection is established and the partner pointer\nis valid. This resolves a deadlock scenario where\nucsi_displayport_remove_partner holds con-\u003emutex waiting for\ndp_altmode_work to complete while dp_altmode_work attempts to acquire it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:18:42.177Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f4bd982563c2fd41ec9ca6c517c392d759db801c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f32451ca4cb7dc53f2a0e2e66b84d34162747eb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/962ce9028ca6eb450d5c205238a3ee27de9d214d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5924b324468845fc795bd76f588f51d7ab4f202d"
        },
        {
          "url": "https://git.kernel.org/stable/c/61fc1a8e1e10cc784cab5829930838aaf1d37af5"
        },
        {
          "url": "https://git.kernel.org/stable/c/364618c89d4c57c85e5fc51a2446cd939bf57802"
        }
      ],
      "title": "usb: typec: ucsi: displayport: Fix deadlock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37967",
    "datePublished": "2025-05-20T16:47:15.473Z",
    "dateReserved": "2025-04-16T04:51:23.974Z",
    "dateUpdated": "2026-05-11T21:18:42.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-37969 (GCVE-0-2025-37969)

Vulnerability from cvelistv5 – Published: 2025-05-20 16:47 – Updated: 2026-05-11 21:18

Title

iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo

Summary

In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty.

Severity

No CVSS data available.

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/4db7d923a8c298788…
https://git.kernel.org/stable/c/76727a1d81afde77d…
https://git.kernel.org/stable/c/35b8c0a284983b71d…
https://git.kernel.org/stable/c/16857370b3a306635…
https://git.kernel.org/stable/c/9ce662851380fe201…
https://git.kernel.org/stable/c/dadf9116108315f2e…
https://git.kernel.org/stable/c/9ddb4cf2192c213e4…
https://git.kernel.org/stable/c/8114ef86e2058e255…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 801a6e0af0c6cedca2e99155e343ad385a50f08e , < 4db7d923a8c298788181b796f71adf6ca499f966 (git) Affected: 801a6e0af0c6cedca2e99155e343ad385a50f08e , < 76727a1d81afde77d21ea8feaeb12d34605be6f4 (git) Affected: 801a6e0af0c6cedca2e99155e343ad385a50f08e , < 35b8c0a284983b71d92d082c54b7eb655ed4194f (git) Affected: 801a6e0af0c6cedca2e99155e343ad385a50f08e , < 16857370b3a30663515956b3bd27f3def6a2cf06 (git) Affected: 801a6e0af0c6cedca2e99155e343ad385a50f08e , < 9ce662851380fe2018e36e15c0bdcb1ad177ed95 (git) Affected: 801a6e0af0c6cedca2e99155e343ad385a50f08e , < dadf9116108315f2eb14c7415c7805f392c476b4 (git) Affected: 801a6e0af0c6cedca2e99155e343ad385a50f08e , < 9ddb4cf2192c213e4dba1733bbcdc94cf6d85bf7 (git) Affected: 801a6e0af0c6cedca2e99155e343ad385a50f08e , < 8114ef86e2058e2554111b793596f17bee23fa15 (git)
Linux	Linux	Affected: 4.20 Unaffected: 0 , < 4.20 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.183 , ≤ 5.15.* (semver) Unaffected: 6.1.139 , ≤ 6.1.* (semver) Unaffected: 6.6.91 , ≤ 6.6.* (semver) Unaffected: 6.12.29 , ≤ 6.12.* (semver) Unaffected: 6.14.7 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:57:52.556Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4db7d923a8c298788181b796f71adf6ca499f966",
              "status": "affected",
              "version": "801a6e0af0c6cedca2e99155e343ad385a50f08e",
              "versionType": "git"
            },
            {
              "lessThan": "76727a1d81afde77d21ea8feaeb12d34605be6f4",
              "status": "affected",
              "version": "801a6e0af0c6cedca2e99155e343ad385a50f08e",
              "versionType": "git"
            },
            {
              "lessThan": "35b8c0a284983b71d92d082c54b7eb655ed4194f",
              "status": "affected",
              "version": "801a6e0af0c6cedca2e99155e343ad385a50f08e",
              "versionType": "git"
            },
            {
              "lessThan": "16857370b3a30663515956b3bd27f3def6a2cf06",
              "status": "affected",
              "version": "801a6e0af0c6cedca2e99155e343ad385a50f08e",
              "versionType": "git"
            },
            {
              "lessThan": "9ce662851380fe2018e36e15c0bdcb1ad177ed95",
              "status": "affected",
              "version": "801a6e0af0c6cedca2e99155e343ad385a50f08e",
              "versionType": "git"
            },
            {
              "lessThan": "dadf9116108315f2eb14c7415c7805f392c476b4",
              "status": "affected",
              "version": "801a6e0af0c6cedca2e99155e343ad385a50f08e",
              "versionType": "git"
            },
            {
              "lessThan": "9ddb4cf2192c213e4dba1733bbcdc94cf6d85bf7",
              "status": "affected",
              "version": "801a6e0af0c6cedca2e99155e343ad385a50f08e",
              "versionType": "git"
            },
            {
              "lessThan": "8114ef86e2058e2554111b793596f17bee23fa15",
              "status": "affected",
              "version": "801a6e0af0c6cedca2e99155e343ad385a50f08e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.294",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.183",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.139",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.294",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.238",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.183",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.139",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.91",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.29",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.7",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo\n\nPrevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in\ncase pattern_len is equal to zero and the device FIFO is not empty."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:18:44.467Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4db7d923a8c298788181b796f71adf6ca499f966"
        },
        {
          "url": "https://git.kernel.org/stable/c/76727a1d81afde77d21ea8feaeb12d34605be6f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/35b8c0a284983b71d92d082c54b7eb655ed4194f"
        },
        {
          "url": "https://git.kernel.org/stable/c/16857370b3a30663515956b3bd27f3def6a2cf06"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ce662851380fe2018e36e15c0bdcb1ad177ed95"
        },
        {
          "url": "https://git.kernel.org/stable/c/dadf9116108315f2eb14c7415c7805f392c476b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ddb4cf2192c213e4dba1733bbcdc94cf6d85bf7"
        },
        {
          "url": "https://git.kernel.org/stable/c/8114ef86e2058e2554111b793596f17bee23fa15"
        }
      ],
      "title": "iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37969",
    "datePublished": "2025-05-20T16:47:16.641Z",
    "dateReserved": "2025-04-16T04:51:23.975Z",
    "dateUpdated": "2026-05-11T21:18:44.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2025-AVI-0650

Solutions

CVE-2025-37915 (GCVE-0-2025-37915)

CVE-2025-37923 (GCVE-0-2025-37923)

CVE-2025-37927 (GCVE-0-2025-37927)

CVE-2025-37930 (GCVE-0-2025-37930)

CVE-2025-37932 (GCVE-0-2025-37932)

CVE-2025-37940 (GCVE-0-2025-37940)

CVE-2025-37949 (GCVE-0-2025-37949)

CVE-2025-37964 (GCVE-0-2025-37964)

CVE-2025-37967 (GCVE-0-2025-37967)

CVE-2025-37969 (GCVE-0-2025-37969)

Tags

Sightings

Nomenclature