CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-22022 – usb: xhci: Apply the link chain quirk on NEC isoc endpoints
https://notcve.org/view.php?id=CVE-2025-22022
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after some Missed Service Errors. Faulting address is immediately after a transfer ring segment and patched dynamic debug messages revealed that the MSE was received when waiting for a TD near the end of that segment: [ 1.041954] xhci_hcd: Miss service interval er... • https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231999d279c40afb21 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-22021 – netfilter: socket: Lookup orig tuple for IPv6 SNAT
https://notcve.org/view.php?id=CVE-2025-22021
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any). Then socket_match() can correctly check whether the socket was transparent. However, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this conntrack lookup, making xt_socket fail to match on the socket when the packet was SNATed. Add... • https://git.kernel.org/stable/c/eb31628e37a0a4e01fffd79dcc7f815d2357f53a •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-22020 – memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
https://notcve.org/view.php?id=CVE-2025-22020
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241 CPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1 Tainted: [E]=UNSIGNED_MODULE Hardwar... • https://git.kernel.org/stable/c/6827ca573c03385439fdfc8b512d556dc7c54fc9 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-22019 – bcachefs: bch2_ioctl_subvolume_destroy() fixes
https://notcve.org/view.php?id=CVE-2025-22019
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: bcachefs: bch2_ioctl_subvolume_destroy() fixes bch2_evict_subvolume_inodes() was getting stuck - due to incorrectly pruning the dcache. Also, fix missing permissions checks. • https://git.kernel.org/stable/c/9e6e83e1e2d01b99e70cd7812d7f758a8def9fc8 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2025-22018 – atm: Fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2025-22018
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holding_time are NULL. Because there is only for the situation where entry is NULL and holding_time exists, it can be passed when both entry and holding_time are NULL. If these are NULL, the entry will be passd to eg_cache_put() as parameter and it is referenced by entry->use code in it. ka... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22014 – soc: qcom: pdr: Fix the potential deadlock
https://notcve.org/view.php?id=CVE-2025-22014
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and call pdr_locator_new_server() which eventually sets pdr->locator_init_complete to true which process A sees and takes list lock and queries domain list but it will timeout due to deadlock as the response will queue... • https://git.kernel.org/stable/c/fbe639b44a82755d639df1c5d147c93f02ac5a0f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22010 – RDMA/hns: Fix soft lockup during bt pages loop
https://notcve.org/view.php?id=CVE-2025-22010
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated, it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... • https://git.kernel.org/stable/c/38389eaa4db192648916464b60f6086d6bbaa6de •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22008 – regulator: check that dummy regulator has been probed before using it
https://notcve.org/view.php?id=CVE-2025-22008
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed when first accessing it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regulador: comprobar que el regulador ficticio haya sido probado antes de usarlo Debido al sondeo asincrónico del controlador existe la posibilidad de que el regulador ficticio ... • https://git.kernel.org/stable/c/3a9c46af5654783f99015727ac65bc2a23e2735a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-22007 – Bluetooth: Fix error code in chan_alloc_skb_cb()
https://notcve.org/view.php?id=CVE-2025-22007
03 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chan_alloc_skb_cb() The chan_alloc_skb_cb() function is supposed to return error pointers on error. Returning NULL will lead to a NULL dereference. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chan_alloc_skb_cb() The chan_alloc_skb_cb() function is supposed to return error pointers on error. Returning NULL will lead to a NULL dereference. Several vulnerabilitie... • https://git.kernel.org/stable/c/6b8d4a6a03144c5996f98db7f8256267b0d72a3a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-22005 – ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
https://notcve.org/view.php?id=CVE-2025-22005
03 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak. Let's c... • https://git.kernel.org/stable/c/7dd73168e273938b9e9bb42ca51b0c27d807992b •