CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2025-21792 – ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
https://notcve.org/view.php?id=CVE-2025-21792
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SO_BINDTODEVICE socket option, a refcount leak will occur in ax25_release(). Commit 9fd75b66b8f6 ("ax25: Fix refcount leaks caused by ax25_cb_del()") added decrement of device refcounts in ax25_release(). In order for that to work correctly the refcounts must already be incremented when the device is bound to the socket. A... • https://git.kernel.org/stable/c/9fd75b66b8f68498454d685dc4ba13192ae069b0 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21791 – vrf: use RCU protection in l3mdev_l3_out()
https://notcve.org/view.php?id=CVE-2025-21791
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendmsg() ip_push_pending_frames() ip_send_skb() ip_local_out() __ip_local_out() l3mdev_ip_out() Add rcu_read_lock() / rcu_read_unlock() pair to avoid a potential UAF. In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendms... • https://git.kernel.org/stable/c/a8e3e1a9f02094145580ea7920c6a1d9aabd5539 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21790 – vxlan: check vxlan_vnigroup_init() return value
https://notcve.org/view.php?id=CVE-2025-21790
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlan_vnigroup_init() return value vxlan_init() must check vxlan_vnigroup_init() success otherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167] CPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975... • https://git.kernel.org/stable/c/f9c4bb0b245cee35ef66f75bf409c9573d934cf9 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21789 – LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
https://notcve.org/view.php?id=CVE-2025-21789
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bit system") would cause an undefined shift and an out-of-bounds read. Commit 8bd795fedb84 ("arm64: csum: Fix OoB access in IP checksum code for negative lengths") fixes the same issue on ARM64. In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP chec... • https://git.kernel.org/stable/c/69e3a6aa6be21de6aaf38130fad97ecde34a193c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21788 – net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases
https://notcve.org/view.php?id=CVE-2025-21788
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases If the XDP program doesn't result in XDP_PASS then we leak the memory allocated by am65_cpsw_build_skb(). It is pointless to allocate SKB memory before running the XDP program as we would be wasting CPU cycles for cases other than XDP_PASS. Move the SKB allocation after evaluating the XDP program result. This fixes the memleak. A performance boost is seen for XDP_DROP test. XDP_... • https://git.kernel.org/stable/c/8acacc40f7337527ff84cd901ed2ef0a2b95b2b6 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21787 – team: better TEAM_OPTION_TYPE_STRING validation
https://notcve.org/view.php?id=CVE-2025-21787
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1] BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline] BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714 string_nocheck lib/vsprintf.c:633 [inline] string+0x3ec/0x5f0 lib/vsprintf.c:714 vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843 __request_module+0x252/0x9f0 kernel/module/... • https://git.kernel.org/stable/c/3d249d4ca7d0ed6629a135ea1ea21c72286c0d80 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21786 – workqueue: Put the pwq after detaching the rescuer from the pool
https://notcve.org/view.php?id=CVE-2025-21786
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Put the pwq after detaching the rescuer from the pool The commit 68f83057b913("workqueue: Reap workers via kthread_stop() and remove detach_completion") adds code to reap the normal workers but mistakenly does not handle the rescuer and also removes the code waiting for the rescuer in put_unbound_pool(), which caused a use-after-free bug reported by Cheung Wall. To avoid the use-after-free bug, the pool’s reference must be held u... • https://git.kernel.org/stable/c/68f83057b913467a999e1bf9e0da6a119668f769 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21785 – arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
https://notcve.org/view.php?id=CVE-2025-21785
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate data/instructions cache. Fix this by incrementing the index for any populated leaf (instead of any populated level). In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to ca... • https://git.kernel.org/stable/c/5d425c18653731af62831d30a4fa023d532657a9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21784 – drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()
https://notcve.org/view.php?id=CVE-2025-21784
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() In function psp_init_cap_microcode(), it should bail out when failed to load firmware, otherwise it may cause invalid memory access. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() In function psp_init_cap_microcode(), it should bail out when failed to load firmware, otherwise it... • https://git.kernel.org/stable/c/07dbfc6b102e25087ec345ef2c2eae21c9856f17 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21783 – gpiolib: Fix crash on error in gpiochip_get_ngpios()
https://notcve.org/view.php?id=CVE-2025-21783
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix crash on error in gpiochip_get_ngpios() The gpiochip_get_ngpios() uses chip_*() macros to print messages. However these macros rely on gpiodev to be initialised and set, which is not the case when called via bgpio_init(). In such a case the printing messages will crash on NULL pointer dereference. Replace chip_*() macros by the respective dev_*() ones to avoid such crash. In the Linux kernel, the following vulnerability has bee... • https://git.kernel.org/stable/c/55b2395e4e92adc492c6b30ac109eb78250dcd9d •