USN-7515-2: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers;...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : kernel-rt (RHSA-2025:7676)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7676 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

CVE-2025-37889

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Consistently treat platformmax as control value This reverts commit 9bdd10d57a88 "ASoC: ops: Shift tested values in sndsocputvolsw by +min", and makes some additional related updates. There are two ways the platformmax...

CVE-2023-53145 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdioremove due to race condition In btsdioprobe, the data-work is bound with btsdiowork. It will be started in btsdiosendframe. If the btsdioremove runs with a unfinished work, there...

CVE-2025-37852

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpucgscreatedevice errors in amdpowerplaycreate Add error handling to propagate amdgpucgscreatedevice failures to the caller. When amdgpucgscreatedevice fails, release hwmgr and return -ENOMEM to prevent nul...

CVE-2025-37878 perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...

CVE-2025-37867 RDMA/core: Silence oversized kvmalloc() warning

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Silence oversized kvmalloc warning syzkaller triggered an oversized kvmalloc warning. Silence it by adding GFPNOWARN. syzkaller log: WARNING: CPU: 7 PID: 518 at mm/util.c:665 kvmallocnodenoprof+0x175/0x180 CPU: 7 UID: ...

CVE-2025-37864 net: dsa: clean up FDB, MDB, VLAN entries on unbind

In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d "net: dsa: delete dsalegacyfdbadd and dsalegacyfdbdel", DSA is written given the assumption that higher layers have...

CVE-2025-37859

The CVE-2025-37859 issue affects the Linux kernel page_pool subsystem. The root cause was a bug where page_pool_release_retry() could wake up the kworker repeatedly when inflight became negative, causing an infinite reschedule loop and flooding logs. The published fix mitigates this by not resche...

CVE-2025-37855 drm/amd/display: Guard Possible Null Pointer Dereference

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Guard Possible Null Pointer Dereference WHY In some situations, dc-respool may be null. HOW Check if pointer is null before dereference...

CVE-2025-37841 pm: cpupower: bench: Prevent NULL dereference on malloc failure

In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference...

CVE-2025-37837

CVE-2025-37837 addresses warnings in the Linux kernel: iommu/tegra241-cmdqv dmam_free_coherent() warnings during SMMU rollback and a memory-usage warning (128 pages) from free_contig_range, traced to devres-managed LVCMDQ resources freed by devm_action_release. The fix removes the unwind path in ...

CVE-2025-37828

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcdmcqabort A race can occur between the MCQ completion path and the abort handler: once a request completes, blkmqfreerequest sets rq-mqhctx to NULL, meaning the subsequent ufshcdmcqreqtohwq...

CVE-2025-37825

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmetenableport When trying to enable a port that has no transport configured yet, nvmetenableport uses NVMFTRTYPEMAX 255 to query the transports array, causing an out-of-bounds access: 106.0586...

CVE-2025-37809

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typecpartnerunlinkdevice can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. The same mutex protect...

CVE-2025-37818 LoongArch: Return NULL from huge_pte_offset() for invalid PMD

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Return NULL from hugepteoffset for invalid PMD LoongArch's hugepteoffset currently returns a pointer to a PMD slot even if the underlying entry points to invalidptetable indicating no mapping. Callers like...

CVE-2025-37809

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typecpartnerunlinkdevice can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. The same mutex protect...

CVE-2025-37807

CVE-2025-37807 is a Linux kernel issue in the BPF percpu hashmap path where a percpu pointer is stored at an 8-byte aligned location only if the key_size rounds up to 8; otherwise a 4-byte aligned location is used, causing kmemleak to miss the pointer and report a leak. The root cause is an align...

CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 size 32: backtrace crc 0: pcpuallocnoprof+0x730/0xeb0 bpfmapallocpercpu+0x69/0xc0...