5.5
CVE-2025-37855 - drm/amd/display: Guard Possible Null Pointer Dereference
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Guard Possible Null Pointer Dereference [WHY] In some situations, dc->res_pool may be null. [HOW] Check if pointer is null before dereference.
5.5
CVE-2025-37873 - eth: bnxt: fix missing ring index trim on error path
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix missing ring index trim on error path Commit under Fixes converted tx_prod to be free running but missed masking it on the Tx error path. This crashes on error conditions, for example when DMA mapping fails.
5.5
CVE-2025-37875 - igc: fix PTM cycle trigger logic
In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The iβ¦
5.5
CVE-2025-37867 - RDMA/core: Silence oversized kvmalloc() warning
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Silence oversized kvmalloc() warning syzkaller triggered an oversized kvmalloc() warning. Silence it by adding __GFP_NOWARN. syzkaller log: WARNING: CPU: 7 PID: 518 at mm/util.c:665 __kvmalloc_node_noprof+0x175/0x180β¦
8.8
CVE-2025-29509 -
Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal().
7.8
CVE-2025-37861 - scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID (0xFFFF),β¦
8.8
CVE-2025-28203 -
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.
9.8
CVE-2025-46192 -
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.
7.8
CVE-2025-37845 - tracing: fprobe events: Fix possible UAF on modules
In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved try_module_get() from __find_tracepoint_module_cb() to find_tracepoint() caller, but that inβ¦
5.5
CVE-2025-37835 - kernel: smb: client: Fix netns refcount imbalance causing leaks and use-after-free
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.