5.5
CVE-2025-37949 - xenbus: Use kref to track req lifetime
In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace: โฆ
9.8
CVE-2025-44885 -
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function.
5.5
CVE-2025-37945 - net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Those who call dsa_switch_suspend() and dsa_switch_resume() from their device PM ops: qca8k-8xxx, bcm_sf2, โฆ
5.5
CVE-2025-37918 - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() A NULL pointer dereference can occur in skb_dequeue() when processing a QCA firmware crash dump on WCN7851 (0489:e0f3). [ 93.672166] Bluetooth: hci0: ACL memdump โฆ
7.0
CVE-2025-37915 - net_sched: drr: Fix double list add in class with netem as child qdisc
In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drโฆ
7.5
CVE-2024-53359 -
An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request.
9.8
CVE-2025-44886 -
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function.
5.5
CVE-2025-37972 - Input: mtk-pmic-keys - fix possible null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node wilโฆ
5.5
CVE-2025-37964 - x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the new CR3 is set and the CPU should be getting TLB flushes for the new mm. But should_flush_tlb() โฆ
5.5
CVE-2025-37960 - memblock: Accept allocated memory before use in memblock_double_array()
In the Linux kernel, the following vulnerability has been resolved: memblock: Accept allocated memory before use in memblock_double_array() When increasing the array size in memblock_double_array() and the slab is not yet available, a call to memblock_find_in_range() is used to reserve/allocate mโฆ