{"vulnerability": "CVE-2025-3774", "sightings": [{"uuid": "354cd1b7-1207-48eb-827a-40441d88e84a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrrktj25ox2k", "content": "", "creation_timestamp": "2025-06-17T03:35:09.030531Z"}, {"uuid": "01e9a3f5-1d65-445d-bfa8-1a66830b8532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37743", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlqbzch2h", "content": "", "creation_timestamp": "2025-05-01T13:55:37.641903Z"}, {"uuid": "6ec3bc62-d28a-4fe8-babe-1aaa87cf2330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37740", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlqln4d2r", "content": "", "creation_timestamp": "2025-05-01T13:55:38.351148Z"}, {"uuid": "4317d2b3-c0da-4915-badb-ec386a885ce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37744", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlqpa4n2h", "content": "", "creation_timestamp": "2025-05-01T13:55:38.999758Z"}, {"uuid": "06fc3c2b-45bb-4daa-a293-130c312b37f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37741", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlqskoe2h", "content": "", "creation_timestamp": "2025-05-01T13:55:39.599368Z"}, {"uuid": "56eb464b-0ad0-4648-a5f2-0d76a82338fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37748", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlqvwxn2h", "content": "", "creation_timestamp": "2025-05-01T13:55:40.184395Z"}, {"uuid": "8dde0000-cd3d-4d4a-abce-aaec01bf6fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37742", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlqzaw42k", "content": "", "creation_timestamp": "2025-05-01T13:55:40.817789Z"}, {"uuid": "76935545-cd15-4387-bb89-299740314ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37746", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlripxj2p", "content": "", "creation_timestamp": "2025-05-01T13:55:43.352455Z"}, {"uuid": "5d64b0d3-cd93-40b8-8d85-f4a16a39275d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37745", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlrpvzv2e", "content": "", "creation_timestamp": "2025-05-01T13:55:44.597044Z"}, {"uuid": "9072721d-f94a-4ce0-91ae-632b315e8db5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37749", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hls5hmv2e", "content": "", "creation_timestamp": "2025-05-01T13:55:47.099743Z"}, {"uuid": "23c5a344-3085-4979-b552-6c763165ae0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37747", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlsefpb2p", "content": "", "creation_timestamp": "2025-05-01T13:55:48.327944Z"}, {"uuid": "1e7723c5-3aad-4547-b077-d932f29903fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37749", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14271", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37749\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef\u27a4 p *(struct pppoe_hdr *) (skb->head + skb->network_header)\n$18 = {\n type = 0x1,\n ver = 0x1,\n code = 0x0,\n sid = 0x2,\n length = 0x0,\n tag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n tail = 0x16,\n end = 0x140,\n head = 0xffff88803346f400 \"4\",\n data = 0xffff88803346f416 \":\\377\",\n truesize = 0x380,\n len = 0x0,\n data_len = 0x0,\n mac_len = 0xe,\n hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]\n\ud83d\udccf Published: 2025-05-01T12:55:55.316Z\n\ud83d\udccf Modified: 2025-05-01T12:55:55.316Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/b78f2b458f56a5a4d976c8e01c43dbf58d3ea2ca\n2. https://git.kernel.org/stable/c/fbaffe8bccf148ece8ad67eb5d7aa852cabf59c8\n3. https://git.kernel.org/stable/c/b4c836d33ca888695b2f2665f948bc1b34fbd533\n4. https://git.kernel.org/stable/c/1f6eb9fa87a781d5370c0de7794ae242f1a95ee5\n5. https://git.kernel.org/stable/c/6e8a6bf43cea4347121ab21bb1ed8d7bef7e732e\n6. https://git.kernel.org/stable/c/aabc6596ffb377c4c9c8f335124b92ea282c9821", "creation_timestamp": "2025-05-01T13:14:43.000000Z"}, {"uuid": "ed7f8c6b-492b-468c-9fda-4f62238ff4c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37743", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "ea4ba696-2acb-4ba9-9ac0-692183a12ea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37744", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "c4734227-09de-4efb-8322-bfbf7e5e059e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37745", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "6a7c9e64-bfe7-4a4c-b8ec-594c8b405d91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37746", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "eb390d20-cbde-4b00-bdc1-e53cda0cb66d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-37745", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "3542eb07-c276-4e30-8509-013cc63d33c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37747", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "f491d864-a6f9-4b54-8e1b-e9296e34fc2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-37742", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "c9c724e5-2346-4711-9662-3803c039496f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3774", "type": "published-proof-of-concept", "source": "Telegram/yixXk03Px4jmK8hy8DNQOPYwyMdQ2hxkl47WHo8gYnS6T9E", "content": "", "creation_timestamp": "2025-06-17T03:02:49.000000Z"}, {"uuid": "6f47d962-b1d6-4bd0-a2f0-f4444985896d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37748", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14272", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37748\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group\n\nCurrently, mtk_iommu calls during probe iommu_device_register before\nthe hw_list from driver data is initialized. Since iommu probing issue\nfix, it leads to NULL pointer dereference in mtk_iommu_device_group when\nhw_list is accessed with list_first_entry (not null safe).\n\nSo, change the call order to ensure iommu_device_register is called\nafter the driver data are initialized.\n\ud83d\udccf Published: 2025-05-01T12:55:54.660Z\n\ud83d\udccf Modified: 2025-05-01T12:55:54.660Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/2f75cb27bef43c8692b0f5e471e5632f6a9beb99\n2. https://git.kernel.org/stable/c/6abd09bed43b8d83d461e0fb5b9a200a06aa8a27\n3. https://git.kernel.org/stable/c/a0842539e8ef9386c070156103aff888e558a60c\n4. https://git.kernel.org/stable/c/ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c\n5. https://git.kernel.org/stable/c/69f9d2d37d1207c5a73dac52a4ce1361ead707f5\n6. https://git.kernel.org/stable/c/38e8844005e6068f336a3ad45451a562a0040ca1", "creation_timestamp": "2025-05-01T13:14:44.000000Z"}, {"uuid": "2464350b-a0d0-4514-a230-75021d3ae75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37740", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14276", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37740\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add sanity check for agwidth in dbMount\n\nThe width in dmapctl of the AG is zero, it trigger a divide error when\ncalculating the control page level in dbAllocAG.\n\nTo avoid this issue, add a check for agwidth in dbAllocAG.\n\ud83d\udccf Published: 2025-05-01T12:55:49.287Z\n\ud83d\udccf Modified: 2025-05-01T12:55:49.287Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a260bf14cd347878f01f70739ba829442a474a16\n2. https://git.kernel.org/stable/c/cc0bc4cb62ce5fa0c383e3bf0765d01f46bd49ac\n3. https://git.kernel.org/stable/c/ccd97c8a4f90810f228ee40d1055148fa146dd57\n4. https://git.kernel.org/stable/c/c8c96a9e7660e5e5eea445978fe8f2e432d91c1f\n5. https://git.kernel.org/stable/c/e3f85edb03183fb06539e5b50dd2c4bb42b869f0\n6. https://git.kernel.org/stable/c/ddf2846f22e8575d6b4b6a66f2100f168b8cd73d", "creation_timestamp": "2025-05-01T13:14:50.000000Z"}, {"uuid": "ed2c5a37-3385-4ba0-9764-cafcc3430c83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37743", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14274", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37743\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid memory leak while enabling statistics\n\nDriver uses monitor destination rings for extended statistics mode and\nstandalone monitor mode. In extended statistics mode, TLVs are parsed from\nthe buffer received from the monitor destination ring and assigned to the\nppdu_info structure to update per-packet statistics. In standalone monitor\nmode, along with per-packet statistics, the packet data (payload) is\ncaptured, and the driver updates per MSDU to mac80211.\n\nWhen the AP interface is enabled, only extended statistics mode is\nactivated. As part of enabling monitor rings for collecting statistics,\nthe driver subscribes to HAL_RX_MPDU_START TLV in the filter\nconfiguration. This TLV is received from the monitor destination ring, and\nkzalloc for the mon_mpdu object occurs, which is not freed, leading to a\nmemory leak. The kzalloc for the mon_mpdu object is only required while\nenabling the standalone monitor interface. This causes a memory leak while\nenabling extended statistics mode in the driver.\n\nFix this memory leak by removing the kzalloc for the mon_mpdu object in\nthe HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone\nmonitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs.\nThese TLV tags will be handled properly when enabling standalone monitor\nmode in the future.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3\n\ud83d\udccf Published: 2025-05-01T12:55:51.312Z\n\ud83d\udccf Modified: 2025-05-01T12:55:51.312Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/286bab0fc7b9db728dab8c63cadf6be9b3facf8c\n2. https://git.kernel.org/stable/c/ecfc131389923405be8e7a6f4408fd9321e4d19b", "creation_timestamp": "2025-05-01T13:14:48.000000Z"}, {"uuid": "dccb66b7-130a-4c5b-8f97-075245d25a0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37746", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14273", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37746\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nperf/dwc_pcie: fix duplicate pci_dev devices\n\nDuring platform_device_register, wrongly using struct device\npci_dev as platform_data caused a kmemdup copy of pci_dev. Worse\nstill, accessing the duplicated device leads to list corruption as its\nmutex content (e.g., list, magic) remains the same as the original.\n\ud83d\udccf Published: 2025-05-01T12:55:53.385Z\n\ud83d\udccf Modified: 2025-05-01T12:55:53.385Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9\n2. https://git.kernel.org/stable/c/7f35b429802a8065aa61e2a3f567089649f4d98e", "creation_timestamp": "2025-05-01T13:14:45.000000Z"}, {"uuid": "245432c4-ed7b-408d-b064-99a4de8faf3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37742", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14275", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37742\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of imap allocated in the diMount() function\n\nsyzbot reports that hex_dump_to_buffer is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171\nhex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171\nprint_hex_dump+0x13d/0x3e0 lib/hexdump.c:276\ndiFree+0x5ba/0x4350 fs/jfs/jfs_imap.c:876\njfs_evict_inode+0x510/0x550 fs/jfs/inode.c:156\nevict+0x723/0xd10 fs/inode.c:796\niput_final fs/inode.c:1946 [inline]\niput+0x97b/0xdb0 fs/inode.c:1972\ntxUpdateMap+0xf3e/0x1150 fs/jfs/jfs_txnmgr.c:2367\ntxLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\njfs_lazycommit+0x627/0x11d0 fs/jfs/jfs_txnmgr.c:2733\nkthread+0x6b9/0xef0 kernel/kthread.c:464\nret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nUninit was created at:\nslab_post_alloc_hook mm/slub.c:4121 [inline]\nslab_alloc_node mm/slub.c:4164 [inline]\n__kmalloc_cache_noprof+0x8e3/0xdf0 mm/slub.c:4320\nkmalloc_noprof include/linux/slab.h:901 [inline]\ndiMount+0x61/0x7f0 fs/jfs/jfs_imap.c:105\njfs_mount+0xa8e/0x11d0 fs/jfs/jfs_mount.c:176\njfs_fill_super+0xa47/0x17c0 fs/jfs/super.c:523\nget_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636\nget_tree_bdev+0x37/0x50 fs/super.c:1659\njfs_get_tree+0x34/0x40 fs/jfs/super.c:635\nvfs_get_tree+0xb1/0x5a0 fs/super.c:1814\ndo_new_mount+0x71f/0x15e0 fs/namespace.c:3560\npath_mount+0x742/0x1f10 fs/namespace.c:3887\ndo_mount fs/namespace.c:3900 [inline]\n__do_sys_mount fs/namespace.c:4111 [inline]\n__se_sys_mount+0x71f/0x800 fs/namespace.c:4088\n__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088\nx64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\n=====================================================\n\nThe reason is that imap is not properly initialized after memory\nallocation. It will cause the snprintf() function to write uninitialized\ndata into linebuf within hex_dump_to_buffer().\n\nFix this by using kzalloc instead of kmalloc to clear its content at the\nbeginning in diMount().\n\ud83d\udccf Published: 2025-05-01T12:55:50.603Z\n\ud83d\udccf Modified: 2025-05-01T12:55:50.603Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/cab1852368dd74d629ee02abdbc559218ca64dde\n2. https://git.kernel.org/stable/c/067347e00a3a7d04afed93f080c6c131e5dd15ee\n3. https://git.kernel.org/stable/c/63148ce4904faa668daffdd1d3c1199ae315ef2c\n4. https://git.kernel.org/stable/c/7057f3aab47629d38e54eae83505813cf0da1e4b\n5. https://git.kernel.org/stable/c/d0d7eca253ccd0619b3d2b683ffe32218ebca9ac\n6. https://git.kernel.org/stable/c/9629d7d66c621671d9a47afe27ca9336bfc8a9ea", "creation_timestamp": "2025-05-01T13:14:48.000000Z"}, {"uuid": "28963558-0474-4a5c-8547-001aa4060b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37747", "type": "seen", "source": "https://t.me/cvedetector/24227", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-37747 - \"Linux Perf Remote Event Reference Leak\"\", \n \"Content\": \"CVE ID : CVE-2025-37747 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nperf: Fix hang while freeing sigtrap event \n \nPerf can hang while freeing a sigtrap event if a related deferred \nsignal hadn't managed to be sent before the file got closed: \n \nperf_event_overflow() \n task_work_add(perf_pending_task) \n \nfput() \n task_work_add(____fput()) \n \ntask_work_run() \n ____fput() \n perf_release() \n perf_event_release_kernel() \n _free_event() \n perf_pending_task_sync() \n task_work_cancel() -> FAILED \n rcuwait_wait_event() \n \nOnce task_work_run() is running, the list of pending callbacks is \nremoved from the task_struct and from this point on task_work_cancel() \ncan't remove any pending and not yet started work items, hence the \ntask_work_cancel() failure and the hang on rcuwait_wait_event(). \n \nTask work could be changed to remove one work at a time, so a work \nrunning on the current task can always cancel a pending one, however \nthe wait / wake design is still subject to inverted dependencies when \nremote targets are involved, as pictured by Oleg: \n \nT1 T2 \n \nfd = perf_event_open(pid => T2->pid); fd = perf_event_open(pid => T1->pid); \nclose(fd) close(fd) \n \n perf_event_overflow() perf_event_overflow() \n task_work_add(perf_pending_task) task_work_add(perf_pending_task) \n \n fput() fput() \n task_work_add(____fput()) task_work_add(____fput()) \n \n task_work_run() task_work_run() \n ____fput() ____fput() \n perf_release() perf_release() \n perf_event_release_kernel() perf_event_release_kernel() \n _free_event() _free_event() \n perf_pending_task_sync() perf_pending_task_sync() \n rcuwait_wait_event() rcuwait_wait_event() \n \nTherefore the only option left is to acquire the event reference count \nupon queueing the perf task work and release it from the task work, just \nlike it was done before 3a5465418f5f (\"perf: Fix event leak upon exec and file release\") \nbut without the leaks it fixed. \n \nSome adjustments are necessary to make it work: \n \n* A child event might dereference its parent upon freeing. Care must be \n taken to release the parent last. \n \n* Some places assuming the event doesn't have any reference held and \n therefore can be freed right away must instead put the reference and \n let the reference counting to its job. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:25.000000Z"}, {"uuid": "040b3ca2-2dd5-44a2-b34d-8562cf460d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37743", "type": "seen", "source": "https://t.me/cvedetector/24226", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-37743 - \"Qualcomm ath12k WiFi Driver Memory Leak\"\", \n \"Content\": \"CVE ID : CVE-2025-37743 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nwifi: ath12k: Avoid memory leak while enabling statistics \n \nDriver uses monitor destination rings for extended statistics mode and \nstandalone monitor mode. In extended statistics mode, TLVs are parsed from \nthe buffer received from the monitor destination ring and assigned to the \nppdu_info structure to update per-packet statistics. In standalone monitor \nmode, along with per-packet statistics, the packet data (payload) is \ncaptured, and the driver updates per MSDU to mac80211. \n \nWhen the AP interface is enabled, only extended statistics mode is \nactivated. As part of enabling monitor rings for collecting statistics, \nthe driver subscribes to HAL_RX_MPDU_START TLV in the filter \nconfiguration. This TLV is received from the monitor destination ring, and \nkzalloc for the mon_mpdu object occurs, which is not freed, leading to a \nmemory leak. The kzalloc for the mon_mpdu object is only required while \nenabling the standalone monitor interface. This causes a memory leak while \nenabling extended statistics mode in the driver. \n \nFix this memory leak by removing the kzalloc for the mon_mpdu object in \nthe HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone \nmonitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs. \nThese TLV tags will be handled properly when enabling standalone monitor \nmode in the future. \n \nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 \nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:24.000000Z"}, {"uuid": "7a3b7b3e-048c-4458-9d47-ca59e1c7f3f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37749", "type": "seen", "source": "https://t.me/cvedetector/24222", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-37749 - Linux PPP Out-of-Bounds Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-37749 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: ppp: Add bound checking for skb data on ppp_sync_txmung \n \nEnsure we have enough data in linear buffer from skb before accessing \ninitial bytes. This prevents potential out-of-bounds accesses \nwhen processing short packets. \n \nWhen ppp_sync_txmung receives an incoming package with an empty \npayload: \n(remote) gef\u27a4 p *(struct pppoe_hdr *) (skb->head + skb->network_header) \n$18 = { \n type = 0x1, \n ver = 0x1, \n code = 0x0, \n sid = 0x2, \n length = 0x0, \n tag = 0xffff8880371cdb96 \n} \n \nfrom the skb struct (trimmed) \n tail = 0x16, \n end = 0x140, \n head = 0xffff88803346f400 \"4\", \n data = 0xffff88803346f416 \":\\377\", \n truesize = 0x380, \n len = 0x0, \n data_len = 0x0, \n mac_len = 0xe, \n hdr_len = 0x0, \n \nit is not safe to access data[2]. \n \n[pabeni@redhat.com: fixed subj typo] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:18.000000Z"}, {"uuid": "f6e2223c-d8c2-4156-81cf-f2a48df8c229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37748", "type": "seen", "source": "https://t.me/cvedetector/24221", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-37748 - Mediatek IOMMU NULL Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-37748 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \niommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group \n \nCurrently, mtk_iommu calls during probe iommu_device_register before \nthe hw_list from driver data is initialized. Since iommu probing issue \nfix, it leads to NULL pointer dereference in mtk_iommu_device_group when \nhw_list is accessed with list_first_entry (not null safe). \n \nSo, change the call order to ensure iommu_device_register is called \nafter the driver data are initialized. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:18.000000Z"}, {"uuid": "8c2b2897-59f3-4b2f-b525-fc3254f43025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37746", "type": "seen", "source": "https://t.me/cvedetector/24220", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-37746 - Linux Kernel perf dwc_pcie Duplicate Device Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-37746 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nperf/dwc_pcie: fix duplicate pci_dev devices \n \nDuring platform_device_register, wrongly using struct device \npci_dev as platform_data caused a kmemdup copy of pci_dev. Worse \nstill, accessing the duplicated device leads to list corruption as its \nmutex content (e.g., list, magic) remains the same as the original. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:17.000000Z"}, {"uuid": "44ff988e-1be2-463d-b3a4-ddfde2616883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37745", "type": "seen", "source": "https://t.me/cvedetector/24218", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-37745 - Linux kernel PM: hibernate: Deadlock in hibernate_compressor_param_set\", \n \"Content\": \"CVE ID : CVE-2025-37745 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nPM: hibernate: Avoid deadlock in hibernate_compressor_param_set() \n \nsyzbot reported a deadlock in lock_system_sleep() (see below). \n \nThe write operation to \"/sys/module/hibernate/parameters/compressor\" \nconflicts with the registration of ieee80211 device, resulting in a deadlock \nwhen attempting to acquire system_transition_mutex under param_lock. \n \nTo avoid this deadlock, change hibernate_compressor_param_set() to use \nmutex_trylock() for attempting to acquire system_transition_mutex and \nreturn -EBUSY when it fails. \n \nTask flags need not be saved or adjusted before calling \nmutex_trylock(&system_transition_mutex) because the caller is not going \nto end up waiting for this mutex and if it runs concurrently with system \nsuspend in progress, it will be frozen properly when it returns to user \nspace. \n \nsyzbot report: \n \nsyz-executor895/5833 is trying to acquire lock: \nffffffff8e0828c8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 kernel/power/main.c:56 \n \nbut task is already holding lock: \nffffffff8e07dc68 (param_lock){+.+.}-{4:4}, at: kernel_param_lock kernel/params.c:607 [inline] \nffffffff8e07dc68 (param_lock){+.+.}-{4:4}, at: param_attr_store+0xe6/0x300 kernel/params.c:586 \n \nwhich lock already depends on the new lock. \n \nthe existing dependency chain (in reverse order) is: \n \n-> #3 (param_lock){+.+.}-{4:4}: \n __mutex_lock_common kernel/locking/mutex.c:585 [inline] \n __mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730 \n ieee80211_rate_control_ops_get net/mac80211/rate.c:220 [inline] \n rate_control_alloc net/mac80211/rate.c:266 [inline] \n ieee80211_init_rate_ctrl_alg+0x18d/0x6b0 net/mac80211/rate.c:1015 \n ieee80211_register_hw+0x20cd/0x4060 net/mac80211/main.c:1531 \n mac80211_hwsim_new_radio+0x304e/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5558 \n init_mac80211_hwsim+0x432/0x8c0 drivers/net/wireless/virtual/mac80211_hwsim.c:6910 \n do_one_initcall+0x128/0x700 init/main.c:1257 \n do_initcall_level init/main.c:1319 [inline] \n do_initcalls init/main.c:1335 [inline] \n do_basic_setup init/main.c:1354 [inline] \n kernel_init_freeable+0x5c7/0x900 init/main.c:1568 \n kernel_init+0x1c/0x2b0 init/main.c:1457 \n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148 \n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 \n \n-> #2 (rtnl_mutex){+.+.}-{4:4}: \n __mutex_lock_common kernel/locking/mutex.c:585 [inline] \n __mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730 \n wg_pm_notification drivers/net/wireguard/device.c:80 [inline] \n wg_pm_notification+0x49/0x180 drivers/net/wireguard/device.c:64 \n notifier_call_chain+0xb7/0x410 kernel/notifier.c:85 \n notifier_call_chain_robust kernel/notifier.c:120 [inline] \n blocking_notifier_call_chain_robust kernel/notifier.c:345 [inline] \n blocking_notifier_call_chain_robust+0xc9/0x170 kernel/notifier.c:333 \n pm_notifier_call_chain_robust+0x27/0x60 kernel/power/main.c:102 \n snapshot_open+0x189/0x2b0 kernel/power/user.c:77 \n misc_open+0x35a/0x420 drivers/char/misc.c:179 \n chrdev_open+0x237/0x6a0 fs/char_dev.c:414 \n do_dentry_open+0x735/0x1c40 fs/open.c:956 \n vfs_open+0x82/0x3f0 fs/open.c:1086 \n do_open fs/namei.c:3830 [inline] \n path_openat+0x1e88/0x2d80 fs/namei.c:3989 \n do_filp_open+0x20c/0x470 fs/namei.c:4016 \n do_sys_openat2+0x17a/0x1e0 fs/open.c:1428 \n do_sys_open fs/open.c:1443 [inline] \n __do_sys_openat fs/open.c:1459 [inline] \n __se_sys_openat fs/open.c:1454 [inline] \n __x64_sys_openat+0x175/0x210 fs/ope[...]", "creation_timestamp": "2025-05-01T16:30:12.000000Z"}, {"uuid": "190d591d-6d2a-42eb-b046-07baf5466175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37744", "type": "seen", "source": "https://t.me/cvedetector/24217", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-37744 - Linux Kernel Ath12k WiFi Firmware Memory Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-37744 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nwifi: ath12k: fix memory leak in ath12k_pci_remove() \n \nKmemleak reported this error: \n \n unreferenced object 0xffff1c165cec3060 (size 32): \n comm \"insmod\", pid 560, jiffies 4296964570 (age 235.596s) \n backtrace: \n [<000000005434db68] __kmem_cache_alloc_node+0x1f4/0x2c0 \n [<000000001203b155] kmalloc_trace+0x40/0x88 \n [<0000000028adc9c8] _request_firmware+0xb8/0x608 \n [<00000000cad1aef7] firmware_request_nowarn+0x50/0x80 \n [<000000005011a682] local_pci_probe+0x48/0xd0 \n [<00000000077cd295] pci_device_probe+0xb4/0x200 \n [<0000000087184c94] really_probe+0x150/0x2c0 \n \nThe firmware memory was allocated in ath12k_pci_probe(), but not \nfreed in ath12k_pci_remove() in case ATH12K_FLAG_QMI_FAIL bit is \nset. So call ath12k_fw_unmap() to free the memory. \n \nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.2.0-02280-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:11.000000Z"}]}