
CVE-2025-21866 – powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
https://notcve.org/view.php?id=CVE-2025-21866
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8 Write of size 8 at addr f1000000 by task chronyd/1293 CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2 Tainted: [W]=WARN Hardware name: PowerMac3,6 7... • https://git.kernel.org/stable/c/37bc3e5fd764fb258ff4fcbb90b6d1b67fb466c1 •

CVE-2025-21865 – gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
https://notcve.org/view.php?id=CVE-2025-21865
12 Mar 2025 — Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1 Tainted: [T]=RANDSTRUCT Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: netns cleanup_net RIP: 0010:[

CVE-2025-21864 – tcp: drop secpath at the same time as we currently drop dst
https://notcve.org/view.php?id=CVE-2025-21864
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6_tunnel_net_exit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the pair of netns The xfrm_state found on spi_byaddr was not deleted at the time we delete the netns, because we still have a reference on it. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/68822bdf76f10c3dc80609d4e2cdc1e847429086 •

CVE-2025-21863 – io_uring: prevent opcode speculation
https://notcve.org/view.php?id=CVE-2025-21863
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. • https://git.kernel.org/stable/c/d3656344fea0339fb0365c8df4d2beba4e0089cd •

CVE-2025-21862 – drop_monitor: fix incorrect initialization order
https://notcve.org/view.php?id=CVE-2025-21862
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner:

CVE-2025-21861 – mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
https://notcve.org/view.php?id=CVE-2025-21861
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() If migration succeeded, we called folio_migrate_flags()->mem_cgroup_migrate() to migrate the memcg from the old to the new folio. ... /include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.090478][T14893] Modules linked in: [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd ... • https://git.kernel.org/stable/c/8763cb45ab967a92a5ee49e9c544c0f0ea90e2d6 •

CVE-2025-21860 – mm/zswap: fix inconsistency when zswap_store_page() fails
https://notcve.org/view.php?id=CVE-2025-21860
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/zswap: fix inconsistency when zswap_store_page() fails Commit b7c0ccdfbafd ("mm: zswap: support large folios in zswap_store()") skips charging any zswap entries when it failed to zswap the entire folio. ... After resolving the inconsistency, the warnings disappear. [42.hyeyoo@gmail.com: refactor zswap_store_page()] Link: https://lkml.kernel.org/r/20250131082037.2426-1-42.hyeyoo@gmail.com In the Linux kernel, the following v... • https://git.kernel.org/stable/c/b7c0ccdfbafdec98699ddb6f164beebf16f0bc45 •

CVE-2025-21859 – USB: gadget: f_midi: f_midi_complete to call queue_work
https://notcve.org/view.php?id=CVE-2025-21859
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to f_midi_transmit, causing a deadlock. In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to f_midi_transmit, causing a dead... • https://git.kernel.org/stable/c/d5daf49b58661ec4af7a55b277176efbf945ca05 •

CVE-2025-21858 – geneve: Fix use-after-free in geneve_find_dev().
https://notcve.org/view.php?id=CVE-2025-21858
12 Mar 2025 — [0]: BUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline] BUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343 Read of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441 CPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack lib/dump_stack.c:... • https://git.kernel.org/stable/c/2d07dc79fe04a43d82a346ced6bbf07bdb523f1b • CWE-416: Use After Free •

CVE-2025-21857 – net/sched: cls_api: fix error handling causing NULL dereference
https://notcve.org/view.php?id=CVE-2025-21857
12 Mar 2025 — Example trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1 RIP: 0010:tcf_action_init+0x1f8/0x2c0 Call Trace: tcf_action_init+0x1f8/0x2c0 tcf_exts_validate_ex+0x175/0x190 fl_change+0x537/0x1120 [cls_flower] In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_api: fix error handling causing NULL dereference tcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyc... • https://git.kernel.org/stable/c/80cd22c35c9001fe72bf614d29439de41933deca •