CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21843 – drm/panthor: avoid garbage value in panthor_ioctl_dev_query()
https://notcve.org/view.php?id=CVE-2025-21843
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the uninitialized value is copied to user object when calling PANTHOR_UOBJ_SET(). In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the uninitialized value is copied to user object when calling PANTHOR_UOBJ_S... • https://git.kernel.org/stable/c/f70000ef23527f6d928d1175c66c5fafa968814b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21842 – amdkfd: properly free gang_ctx_bo when failed to init user queue
https://notcve.org/view.php?id=CVE-2025-21842
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: amdkfd: properly free gang_ctx_bo when failed to init user queue The destructor of a gtt bo is declared as void amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void **mem_obj); Which takes void** as the second parameter. In the Linux kernel, the following vulnerability has been resolved: amdkfd: properly free gang_ctx_bo when failed to init user queue The destructor of a gtt bo is declared as void amdgpu_amdkfd_free_gtt... • https://git.kernel.org/stable/c/fb91065851cd5f2735348c5f3eddeeca3d7c2973 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21841 – cpufreq/amd-pstate: Fix cpufreq_policy ref counting
https://notcve.org/view.php?id=CVE-2025-21841
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Fix cpufreq_policy ref counting amd_pstate_update_limits() takes a cpufreq_policy reference but doesn't decrement the refcount in one of the exit paths, fix that. In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Fix cpufreq_policy ref counting amd_pstate_update_limits() takes a cpufreq_policy reference but doesn't decrement the refcount in one of the exit paths, fix th... • https://git.kernel.org/stable/c/45722e777fd99ea863fe653c1838d39f678506e2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21840 – thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header
https://notcve.org/view.php?id=CVE-2025-21840
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault after commit 1773572863c4 ("thermal: netlink: Add the commands and the events for the thresholds"). ... This ensures that all existing thermal generic netlink attributes remain unaffected. [ rjw: Subjec... • https://git.kernel.org/stable/c/1773572863c43a14a3e45f0591f28b7dec1ee52a •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21839 – KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
https://notcve.org/view.php?id=CVE-2025-21839
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. ... L1's view: ==========
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21838 – usb: gadget: core: flush gadget workqueue after device removal
https://notcve.org/view.php?id=CVE-2025-21838
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. ... In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. • https://git.kernel.org/stable/c/5702f75375aa9ecf8ad3431aef3fe6ce8c8dbd15 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21837 – io_uring/uring_cmd: unconditionally copy SQEs at prep time
https://notcve.org/view.php?id=CVE-2025-21837
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/uring_cmd: unconditionally copy SQEs at prep time This isn't generally necessary, but conditions have been observed where SQE data is accessed from the original SQE after prep has been done and outside of the initial issue. In the Linux kernel, the following vulnerability has been resolved: io_uring/uring_cmd: unconditionally copy SQEs at prep time This isn't generally necessary, but conditions have been observed wher... • https://git.kernel.org/stable/c/5eff57fa9f3aae3acbcaf196af507eec58955f3b •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21836 – io_uring/kbuf: reallocate buf lists on upgrade
https://notcve.org/view.php?id=CVE-2025-21836
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. ... In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. • https://git.kernel.org/stable/c/2fcabce2d7d34f69a888146dab15b36a917f09d4 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21835 – usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
https://notcve.org/view.php?id=CVE-2025-21835
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct information, bNumEmbMIDIJack and bLength are set incorrectly in these descriptors. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correct... • https://git.kernel.org/stable/c/c8933c3f79568263c90a46f06cf80419e6c63c97 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58086 – drm/v3d: Stop active perfmon if it is being destroyed
https://notcve.org/view.php?id=CVE-2024-58086
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop active perfmon if it is being destroyed If the active performance monitor (`v3d->active_perfmon`) is being destroyed, stop it first. ... In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop active perfmon if it is being destroyed If the active performance monitor (`v3d->active_perfmon`) is being destroyed, stop it first. • https://git.kernel.org/stable/c/26a4dc29b74a137f45665089f6d3d633fcc9b662 •