CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-58092 – nfsd: fix legacy client tracking initialization
https://notcve.org/view.php?id=CVE-2024-58092
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix legacy client tracking initialization Get rid of the nfsd4_legacy_tracking_ops->init() call in check_for_legacy_methods(). That will be handled in the caller (nfsd4_client_tracking_init()). Otherwise, we'll wind up calling nfsd4_legacy_tracking_ops->init() twice, and the second time we'll trigger the BUG_ON() in nfsd4_init_recdir(). • https://git.kernel.org/stable/c/74fd48739d0488e39ae18b0168720f449a06690c •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-22023 – usb: xhci: Don't skip on Stopped - Length Invalid
https://notcve.org/view.php?id=CVE-2025-22023
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned when isoc ring is stopped") in v6.11, the driver didn't skip missed isochronous TDs when handling Stoppend and Stopped - Length Invalid events. Instead, it erroneously cleared the skip flag, which would cause the ring to get stuck, as future events won't match the missed TD which is never removed from the queue un... • https://git.kernel.org/stable/c/d56b0b2ab142940b06eac56dcb3ab1ab88df38a2 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-22022 – usb: xhci: Apply the link chain quirk on NEC isoc endpoints
https://notcve.org/view.php?id=CVE-2025-22022
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after some Missed Service Errors. Faulting address is immediately after a transfer ring segment and patched dynamic debug messages revealed that the MSE was received when waiting for a TD near the end of that segment: [ 1.041954] xhci_hcd: Miss service interval er... • https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231999d279c40afb21 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-22021 – netfilter: socket: Lookup orig tuple for IPv6 SNAT
https://notcve.org/view.php?id=CVE-2025-22021
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any). Then socket_match() can correctly check whether the socket was transparent. However, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this conntrack lookup, making xt_socket fail to match on the socket when the packet was SNATed. Add... • https://git.kernel.org/stable/c/eb31628e37a0a4e01fffd79dcc7f815d2357f53a •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-22020 – memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
https://notcve.org/view.php?id=CVE-2025-22020
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241 CPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1 Tainted: [E]=UNSIGNED_MODULE Hardwar... • https://git.kernel.org/stable/c/6827ca573c03385439fdfc8b512d556dc7c54fc9 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-22019 – bcachefs: bch2_ioctl_subvolume_destroy() fixes
https://notcve.org/view.php?id=CVE-2025-22019
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: bcachefs: bch2_ioctl_subvolume_destroy() fixes bch2_evict_subvolume_inodes() was getting stuck - due to incorrectly pruning the dcache. Also, fix missing permissions checks. • https://git.kernel.org/stable/c/9e6e83e1e2d01b99e70cd7812d7f758a8def9fc8 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2025-22018 – atm: Fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2025-22018
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holding_time are NULL. Because there is only for the situation where entry is NULL and holding_time exists, it can be passed when both entry and holding_time are NULL. If these are NULL, the entry will be passd to eg_cache_put() as parameter and it is referenced by entry->use code in it. ka... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22017 – devlink: fix xa_alloc_cyclic() error handling
https://notcve.org/view.php?id=CVE-2025-22017
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. Which can lead to dereference not allocated pointer (rel). Fix it by checking if err is lower than zero. This wasn't found in real usecase, only noticed. Credit to Pierre. • https://git.kernel.org/stable/c/c137743bce02b18c1537d4681aa515f7b80bf0a8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22016 – dpll: fix xa_alloc_cyclic() error handling
https://notcve.org/view.php?id=CVE-2025-22016
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. Which can lead to dereference not allocated pointer (pin). Fix it by checking if err is lower than zero. This wasn't found in real usecase, only noticed. Credit to Pierre. • https://git.kernel.org/stable/c/97f265ef7f5b526b33d6030b2a1fc69a2259bf4a •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22015 – mm/migrate: fix shmem xarray update during migration
https://notcve.org/view.php?id=CVE-2025-22015
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It ... • https://git.kernel.org/stable/c/be72d197b2281e2ee3f28017fc9be1ab17e26d16 •