CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21833 – iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2025-21833
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pa... • https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21832 – block: don't revert iter for -EIOCBQUEUED
https://notcve.org/view.php?id=CVE-2025-21832
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdev_read_iter() has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero (where bigger than makes more sense), and not checking the return value of blkdev_direct_IO() before doing an iov_iter_revert(). The latter can lead to attempting to revert with a negative value, which when passed to iov_iter_revert() as an unsigned valu... • https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58085 – tomoyo: don't emit warning in tomoyo_write_control()
https://notcve.org/view.php?id=CVE-2024-58085
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line th... • https://git.kernel.org/stable/c/a01c200fa7eb59da4d2dbbb48b61f4a0d196c09f •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58077 – ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
https://notcve.org/view.php?id=CVE-2024-58077
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on common soc_pcm_ret(). It is used from many functions, ignoring -EINVAL is over-kill. The reason why -EINVAL was ignored was it really should only be used upon invalid parameters coming from userspace and in that case we don't want to log an error since we do not ... • https://git.kernel.org/stable/c/b65ba768302adc7ddc70811116cef80ca089af59 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49733 – ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
https://notcve.org/view.php?id=CVE-2022-49733
02 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted rec... • https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21821 – fbdev: omap: use threaded IRQ for LCD DMA
https://notcve.org/view.php?id=CVE-2025-21821
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000 Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2 Hardware name: Nokia 770 Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack fro... • https://git.kernel.org/stable/c/7bbbd311dd503653a2cc86d9226740883051dc92 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21817 – block: mark GFP_NOIO around sysfs ->store()
https://notcve.org/view.php?id=CVE-2025-21817
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs ->store() sysfs ->store is called with queue freezed, meantime we have several ->store() callbacks(update_nr_requests, wbt, scheduler) to allocate memory with GFP_KERNEL which may run into direct reclaim code path, then potential deadlock can be caused. Fix the issue by marking NOIO around sysfs ->store() In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs -... • https://git.kernel.org/stable/c/2566ce907e5d5db8a039647208e029ce559baa31 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21782 – orangefs: fix a oob in orangefs_debug_write
https://notcve.org/view.php?id=CVE-2025-21782
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's suggestion and made this patch. In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's sugges... • https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21780 – drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
https://notcve.org/view.php?id=CVE-2025-21780
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table(). In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it... • https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21776 – USB: hub: Ignore non-compliant devices with too many configs or interfaces
https://notcve.org/view.php?id=CVE-2025-21776
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer: Oops: general protection fault, probably for non-canonical address 0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI CPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14 Hardware name: FreeBSD BHYVE/BHYVE,... • https://git.kernel.org/stable/c/c3720b04df84b5459050ae4e03ec7d545652f897 •