CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-23161 – PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
https://notcve.org/view.php?id=CVE-2025-23161
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this purpose. A spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be acquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in the same context as... • https://git.kernel.org/stable/c/c250262d6485ca333e9821f85b07eb383ec546b1 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23141 – KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
https://notcve.org/view.php?id=CVE-2025-23141
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending INIT or SIPI, can trigger accesses to guest memory. If the vCPU is in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP state will trigger a nested VM-Exit by way of ->check_nested_events(), and e... • https://git.kernel.org/stable/c/0357c8406dfa09430dd9858ebe813feb65524b6e •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37838 – HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
https://notcve.org/view.php?id=CVE-2025-37838
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function within the ssip_pn_ops structure is capable of starting the work. If we remove the module which will call ssi_protocol_remove() to make a cleanup, it will free ssi through kfree(ssi), while the work mentioned above wil... • https://git.kernel.org/stable/c/d03abc1c2b21324550fa71e12d53e7d3498e0af6 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22109 – ax25: Remove broken autobind
https://notcve.org/view.php?id=CVE-2025-22109
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25_connect() and also refcount leaks in ax25_release(). Memory leak was detected with kmemleak: ================================================================ unreferenced object 0xffff8880253cd680 (size 96): backtrace: __kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43) kmemdup_noprof (mm/util.c:136) ax25_rt_autobind (... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22026 – nfsd: don't ignore the return code of svc_proc_register()
https://notcve.org/view.php?id=CVE-2025-22026
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail i... • https://git.kernel.org/stable/c/6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-22025 – nfsd: put dl_stid if fail to queue dl_recall
https://notcve.org/view.php?id=CVE-2025-22025
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the reference count of dl_stid. We expect that after the corresponding work_struct is processed, the reference count of dl_stid will be decremented through the callback function nfsd4_cb_recall_release. However, if the call to nfsd4_run_cb fails, the incremented reference count of dl_stid will not be decremented corre... • https://git.kernel.org/stable/c/b874cdef4e67e5150e07eff0eae1cbb21fb92da1 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58095 – jfs: add check read-only before txBeginAnon() call
https://notcve.org/view.php?id=CVE-2024-58095
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before txBeginAnon() call Added a read-only check before calling `txBeginAnon` in `extAlloc` and `extRecord`. This prevents modification attempts on a read-only mounted filesystem, avoiding potential errors or crashes. Call trace: txBeginAnon+0xac/0x154 extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78 jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248 __block_write_begin_int+0x580/0x166c fs/buffer.c:2128 __block_write_begin fs/... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58094 – jfs: add check read-only before truncation in jfs_truncate_nolock()
https://notcve.org/view.php?id=CVE-2024-58094
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfs_truncate_nolock() Added a check for "read-only" mode in the `jfs_truncate_nolock` function to avoid errors related to writing to a read-only filesystem. Call stack: block_write_begin() { jfs_write_failed() { jfs_truncate() { jfs_truncate_nolock() { txEnd() { ... log = JFS_SBI(tblk->sb)->log; // (log == NULL) If the `isReadOnly(ip)` condition is triggered in `jfs_truncate_nolock`, the functio... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22022 – usb: xhci: Apply the link chain quirk on NEC isoc endpoints
https://notcve.org/view.php?id=CVE-2025-22022
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after some Missed Service Errors. Faulting address is immediately after a transfer ring segment and patched dynamic debug messages revealed that the MSE was received when waiting for a TD near the end of that segment: [ 1.041954] xhci_hcd: Miss service interval er... • https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231999d279c40afb21 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22018 – atm: Fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2025-22018
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holding_time are NULL. Because there is only for the situation where entry is NULL and holding_time exists, it can be passed when both entry and holding_time are NULL. If these are NULL, the entry will be passd to eg_cache_put() as parameter and it is referenced by entry->use code in it. ka... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •