CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21700 – net: sched: Disallow replacing of child qdisc from one parent to another
https://notcve.org/view.php?id=CVE-2025-21700
13 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc tc qdisc add dev lo root handle 1:0 drr step2. a class for packet aggregation do demonstrate uaf tc class add dev lo classid 1:1 drr step3. a class for nesting tc class add dev lo classid 1:2 drr step4. a class to graft qdisc to tc cl... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21699 – gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
https://notcve.org/view.php?id=CVE-2025-21699
12 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buffer heads or iomap_folio_state structs, and we cannot mix the two. In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space wh... • https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21690 – scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
https://notcve.org/view.php?id=CVE-2025-21690
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooting from the VM side. Ratelimit the warning so it doesn't DoS the VM. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there... • https://git.kernel.org/stable/c/81d4dd05c412ba04f9f6b85b718e6da833be290c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57950 – drm/amd/display: Initialize denominator defaults to 1
https://notcve.org/view.php?id=CVE-2024-57950
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW] Variables, used as denominators and maybe not assigned to other values, should be initialized to non-zero to avoid DIVIDE_BY_ZERO, as reported by Coverity. (cherry picked from commit e2c4c6c10542ccfe4a0830bb6c9fd5b177b7bbb7) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW] Variables, used a... • https://git.kernel.org/stable/c/c9d6afb4f9c338049662d27d169fba7dd60e337d •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21672 – afs: Fix merge preference rule failure condition
https://notcve.org/view.php?id=CVE-2025-21672
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by store the error in ret and jump to done to clean up instead of returning directly. [dh: Modified Lizhi Xu's original patch to make it honour the error code from afs_split_string()] [1] WARNING: lock held when ret... • https://git.kernel.org/stable/c/22be1d90a6211c88dd093b25d1f3aa974d0d9f9d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21667 – iomap: avoid avoid truncating 64-bit offset to 32 bits
https://notcve.org/view.php?id=CVE-2025-21667
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an unsigned long. This could lead to an infinite loop when writing to an xfs filesystem. In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was i... • https://git.kernel.org/stable/c/7ca4bd6b754913910151acce00be093f03642725 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57948 – mac802154: check local interfaces before deleting sdata list
https://notcve.org/view.php?id=CVE-2024-57948
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardware device from the system. CPU0 CPU1 ==== ==== genl_family_rcv_msg_doit ieee802154_unregister_hw ieee802154_del_iface ieee802154_remove_interfaces rdev_del_virtual_intf_deprecated list_del(&sdata->list) ieee802154_if_remove list_del_rcu... • https://git.kernel.org/stable/c/0d11dc30edfc4acef0acef130bb5ca596317190a •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57946 – virtio-blk: don't keep queue frozen during system suspend
https://notcve.org/view.php?id=CVE-2024-57946
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk's PM callbacks. And the motivation is to drain inflight IOs before suspending. block layer's queue freeze looks very handy, but it is also easy to cause deadlock, such as, any attempt to call into bio_queue_enter() may run into deadlock if t... • https://git.kernel.org/stable/c/d738f3215bb4f88911ff4579780a44960c8e0ca5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57924 – fs: relax assertions on failure to encode file handles
https://notcve.org/view.php?id=CVE-2024-57924
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encod... • https://git.kernel.org/stable/c/f47c834a9131ae64bee3c462f4e610c67b0a000f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57922 – drm/amd/display: Add check for granularity in dml ceil/floor helpers
https://notcve.org/view.php?id=CVE-2024-57922
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero error in dcn_bw_ functions. [How] Add check for granularity 0. (cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granu... • https://git.kernel.org/stable/c/8a9315e6f7b2d94c65a1ba476481deddb20fc3ae •