5.3
CVE-2025-4445 - D-Link DIR-605L wake_on_lan command injection
A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerabiβ¦
5.5
CVE-2025-37887 - pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
In the Linux kernel, the following vulnerability has been resolved: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result If the FW doesn't support the PDS_CORE_CMD_FW_CONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev infoβ¦
5.5
CVE-2025-37886 - pds_core: make wait_context part of q_info
In the Linux kernel, the following vulnerability has been resolved: pds_core: make wait_context part of q_info Make the wait_context a full part of the q_info struct rather than a stack variable that goes away after pdsc_adminq_post() is done so that the context is still available after the wait β¦
7.8
CVE-2025-37885 - KVM: x86: Reset IRTE to host control if *new* route isn't postable
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routiβ¦
5.5
CVE-2025-37884 - bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Fix the following deadlock: CPU A _free_event() perf_kprobe_destroy() mutex_lock(&event_mutex) perf_trace_event_unreg() synchronize_rcu_tasks_trace() β¦
5.5
CVE-2025-37881 - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the β¦
5.5
CVE-2025-37857 - scsi: st: Fix array overflow in st_setup()
In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in st_setup() Change the array size to follow parms size instead of a fixed value.
5.5
CVE-2025-37856 - btrfs: harden block_group::bg_list against list_del() races
In the Linux kernel, the following vulnerability has been resolved: btrfs: harden block_group::bg_list against list_del() races As far as I can tell, these calls of list_del_init() on bg_list cannot run concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(), as they are in transacβ¦
7.8
CVE-2025-37854 - drm/amdkfd: Fix mode1 reset crash issue
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal user space to abort the processes. After process abort exit, user queues still use the GPU to access system memory bβ¦
5.5
CVE-2025-37852 - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Add error handling to propagate amdgpu_cgs_create_device() failures to the caller. When amdgpu_cgs_create_device() fails, release hwmgr and return -ENβ¦