CVSS: -EPSS: %CPEs: 11EXPL: 0CVE-2025-39735 – jfs: fix slab-out-of-bounds read in ea_get()
https://notcve.org/view.php?id=CVE-2025-39735
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended attribute" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t... • https://git.kernel.org/stable/c/6e39b681d1eb16f408493bf5023788b57f68998c •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-38637 – net_sched: skbprio: Remove overly strict queue assertions
https://notcve.org/view.php?id=CVE-2025-38637
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packets in the child qdisc without actually dequeuing them when tokens are unavailable. This peek operation creates a discrepancy between the parent ... • https://git.kernel.org/stable/c/aea5f654e6b78a0c976f7a25950155932c77a53f •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-37925 – jfs: reject on-disk inodes of an unsupported type
https://notcve.org/view.php?id=CVE-2025-37925
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:clear_inode+0x168/0x190 Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 ... • https://git.kernel.org/stable/c/79ac5a46c5c1c17476fbf84b4d4600d6d565defd •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-37785 – ext4: fix OOB read when checking dotdot dir
https://notcve.org/view.php?id=CVE-2025-37785
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted directory is removed). ext4_empty_dir() assumes every ext4 directory contains at least '.' and '..' as directory entries in the first data block. It first loads the '.' dir entry, performs sanity checks by calling ext4_check_dir_entry() ... • https://git.kernel.org/stable/c/ac27a0ec112a089f1a5102bc8dffc79c8c815571 •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2021-47670 – can: peak_usb: fix use after free bugs
https://notcve.org/view.php?id=CVE-2021-47670
17 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni(). Reordering the lines solves the issue. • https://git.kernel.org/stable/c/0a25e1f4f18566b750ebd3ae995af64e23111e63 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2021-47669 – can: vxcan: vxcan_xmit: fix use after free bug
https://notcve.org/view.php?id=CVE-2021-47669
17 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the canfd_frame cfd which aliases skb memory is accessed after the netif_rx_ni(). • https://git.kernel.org/stable/c/a8f820a380a2a06fc4fe1a54159067958f800929 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2021-47668 – can: dev: can_restart: fix use after free bug
https://notcve.org/view.php?id=CVE-2021-47668
17 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the netif_rx_ni() in: stats->rx_bytes += cf->len; Reordering the lines solves the issue. • https://git.kernel.org/stable/c/39549eef3587f1c1e8c65c88a2400d10fd30ea17 • CWE-416: Use After Free •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2020-36789 – can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
https://notcve.org/view.php?id=CVE-2020-36789
17 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a hardware IRQ (which is often, but not always, the case), the 'WARN_ON(in_irq)' in net/core/skbuff.c#skb_release_head_state() might be triggered, under network congestion circumstances, together with the potential risk of a NULL pointer dereference. The root cause of this issue is the call to kfree_skb() instead of dev_... • https://git.kernel.org/stable/c/39549eef3587f1c1e8c65c88a2400d10fd30ea17 •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-23136 – thermal: int340x: Add NULL check for adev
https://notcve.org/view.php?id=CVE-2025-23136
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL"). Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe(). Note, under the same directory, int3400_thermal_probe() has such a check. [ rjw: Subject edit, added Fix... • https://git.kernel.org/stable/c/77e337c6e23e3b9d22e09ffec202a80f755a54c2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23132 – f2fs: quota: fix to avoid warning in dquot_writeback_dquots()
https://notcve.org/view.php?id=CVE-2025-23132
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix to avoid warning in dquot_writeback_dquots() F2FS-fs (dm-59): checkpoint=enable has some unwritten data. ------------[ cut here ]------------ WARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquot_writeback_dquots+0x2fc/0x308 pc : dquot_writeback_dquots+0x2fc/0x308 lr : f2fs_quota_sync+0xcc/0x1c4 Call trace: dquot_writeback_dquots+0x2fc/0x308 f2fs_quota_sync+0xcc/0x1c4 f2fs_write_checkpoint+0x3d4/0x9b0 f2fs_issue_checkpoin... • https://git.kernel.org/stable/c/af033b2aa8a874fd5737fafe90d159136527b5b4 •