CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21993 – iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
https://notcve.org/view.php?id=CVE-2025-21993
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this causes the shift exponent to become negative, triggering a UBSAN warning. As the concept of a subnet mask does not apply to IPv6, the value is set to ~0 to suppress the warning message. In the Linux kernel, the f... • https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21992 – HID: ignore non-functional sensor in HP 5MP Camera
https://notcve.org/view.php?id=CVE-2025-21992
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:... • https://git.kernel.org/stable/c/9acdb0059fb6b82158e15adae91e629cb5974564 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21985 – drm/amd/display: Fix out-of-bound accesses
https://notcve.org/view.php?id=CVE-2025-21985
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAX_HPO_DP2_ENCODERS. Similiarly, disp_cfg_stream_location can be used as an array index which should be 0..5, so the ASSERT's conditions should be less without equal. In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/36793d90d76f667d26c6dd025571481ee0c96abc •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21969 – Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
https://notcve.org/view.php?id=CVE-2025-21969
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper layer. Add hci dev lock to the hci receive data work queue to synchronize the two. [1] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954 Read of size 8 at addr ffff8880271a4000 by task kworker/u9... • https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21957 – scsi: qla1280: Fix kernel oops when debug level > 2
https://notcve.org/view.php?id=CVE-2025-21957
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. I think its clear from the code that the intention here is sg_dma_len(s) not length of sg_next(s) when printing the debug info. In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 ... • https://git.kernel.org/stable/c/24602e2664c515a4f2950d7b52c3d5997463418c •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21956 – drm/amd/display: Assign normalized_pix_clk when color depth = 14
https://notcve.org/view.php?id=CVE-2025-21956
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign normalized_pix_clk when color depth = 14 [WHY & HOW] A warning message "WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397 calculate_phy_pix_clks+0xef/0x100 [amdgpu]" occurs because the display_color_depth == COLOR_DEPTH_141414 is not handled. This is observed in Radeon RX 6600 XT. It is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests. Also fixes the indentation in get_norm_pix_clk. • https://git.kernel.org/stable/c/dc831b38680c47d07e425871a9852109183895cf •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21912 – gpio: rcar: Use raw_spinlock to protect register access
https://notcve.org/view.php?id=CVE-2025-21912
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: rcar: Use raw_spinlock to protect register access Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access. [ 4.239592] ============================= [ 4.239595] [ BUG: Invalid wait context ] [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted [ 4.239603] ----------------------------- [ 4.239606] kworker/u8:5/76 ... • https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87 •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53008 – cifs: fix potential memory leaks in session setup
https://notcve.org/view.php?id=CVE-2023-53008
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. • https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53001 – drm/drm_vma_manager: Add drm_vma_node_allow_once()
https://notcve.org/view.php?id=CVE-2023-53001
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/drm_vma_manager: Add drm_vma_node_allow_once() Currently there is no easy way for a drm driver to safely check and allow drm_vma_offset_node for a drm file just once. Allow drm drivers to call non-refcounted version of drm_vma_node_allow() so that a driver doesn't need to keep track of each drm_vma_node_allow() to call subsequent drm_vma_node_revoke() to prevent memory leak. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/67444f8ca31cdaf45e0b761241ad49b1ae04bcf9 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52992 – bpf: Skip task with pid=1 in send_signal_common()
https://notcve.org/view.php?id=CVE-2023-52992
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in send_signal_common() The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 Call Trace: