CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21833 – iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2025-21833
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pa... • https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21832 – block: don't revert iter for -EIOCBQUEUED
https://notcve.org/view.php?id=CVE-2025-21832
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdev_read_iter() has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero (where bigger than makes more sense), and not checking the return value of blkdev_direct_IO() before doing an iov_iter_revert(). The latter can lead to attempting to revert with a negative value, which when passed to iov_iter_revert() as an unsigned valu... • https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58085 – tomoyo: don't emit warning in tomoyo_write_control()
https://notcve.org/view.php?id=CVE-2024-58085
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line th... • https://git.kernel.org/stable/c/a01c200fa7eb59da4d2dbbb48b61f4a0d196c09f •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58077 – ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
https://notcve.org/view.php?id=CVE-2024-58077
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on common soc_pcm_ret(). It is used from many functions, ignoring -EINVAL is over-kill. The reason why -EINVAL was ignored was it really should only be used upon invalid parameters coming from userspace and in that case we don't want to log an error since we do not ... • https://git.kernel.org/stable/c/b65ba768302adc7ddc70811116cef80ca089af59 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58063 – wifi: rtlwifi: fix memory leaks and invalid access at probe error path
https://notcve.org/view.php?id=CVE-2024-58063
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: fix memory leaks and invalid access at probe error path Deinitialize at reverse order when probe fails. When init_sw_vars fails, rtl_deinit_core should not be called, specially now that it destroys the rtl_wq workqueue. And call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be leaked. Remove pci_set_drvdata call as it will already be cleaned up by the core driver code and could lead to memory leaks too. cf. commit... • https://git.kernel.org/stable/c/0c8173385e549f95cd80c3fff5aab87b4f881d8d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58058 – ubifs: skip dumping tnc tree when zroot is null
https://notcve.org/view.php?id=CVE-2024-58058
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: skip dumping tnc tree when zroot is null Clearing slab cache will free all znode in memory and make c->zroot.znode = NULL, then dumping tnc tree will access c->zroot.znode which cause null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ubifs: skip dumping tnc tree when zroot is null Clearing slab cache will free all znode in memory and make c->zroot.znode = NULL, then dumping tnc tree will ac... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49733 – ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
https://notcve.org/view.php?id=CVE-2022-49733
02 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted rec... • https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21821 – fbdev: omap: use threaded IRQ for LCD DMA
https://notcve.org/view.php?id=CVE-2025-21821
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000 Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2 Hardware name: Nokia 770 Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack fro... • https://git.kernel.org/stable/c/7bbbd311dd503653a2cc86d9226740883051dc92 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21817 – block: mark GFP_NOIO around sysfs ->store()
https://notcve.org/view.php?id=CVE-2025-21817
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs ->store() sysfs ->store is called with queue freezed, meantime we have several ->store() callbacks(update_nr_requests, wbt, scheduler) to allocate memory with GFP_KERNEL which may run into direct reclaim code path, then potential deadlock can be caused. Fix the issue by marking NOIO around sysfs ->store() In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs -... • https://git.kernel.org/stable/c/2566ce907e5d5db8a039647208e029ce559baa31 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21814 – ptp: Ensure info->enable callback is always set
https://notcve.org/view.php?id=CVE-2025-21814
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c. Instead use a dummy callback if no better was specified by the driver. In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always... • https://git.kernel.org/stable/c/d94ba80ebbea17f036cecb104398fbcd788aa742 •