CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23141 – KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
https://notcve.org/view.php?id=CVE-2025-23141
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending INIT or SIPI, can trigger accesses to guest memory. If the vCPU is in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP state will trigger a nested VM-Exit by way of ->check_nested_events(), and e... • https://git.kernel.org/stable/c/0357c8406dfa09430dd9858ebe813feb65524b6e •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37838 – HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
https://notcve.org/view.php?id=CVE-2025-37838
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function within the ssip_pn_ops structure is capable of starting the work. If we remove the module which will call ssi_protocol_remove() to make a cleanup, it will free ssi through kfree(ssi), while the work mentioned above wil... • https://git.kernel.org/stable/c/d03abc1c2b21324550fa71e12d53e7d3498e0af6 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22109 – ax25: Remove broken autobind
https://notcve.org/view.php?id=CVE-2025-22109
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25_connect() and also refcount leaks in ax25_release(). Memory leak was detected with kmemleak: ================================================================ unreferenced object 0xffff8880253cd680 (size 96): backtrace: __kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43) kmemdup_noprof (mm/util.c:136) ax25_rt_autobind (... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22079 – ocfs2: validate l_tree_depth to avoid out-of-bounds access
https://notcve.org/view.php?id=CVE-2025-22079
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is limited to OCFS2_MAX_PATH_DEPTH. Add a check to prevent out-of-bounds access if l_tree_depth has an invalid value, which may occur when reading from a corrupted mounted disk [1]. In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The ... • https://git.kernel.org/stable/c/ccd979bdbce9fba8412beb3f1de68a9d0171b12c •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22073 – spufs: fix a leak on spufs_new_file() failure
https://notcve.org/view.php?id=CVE-2025-22073
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak on spufs_new_file() failure It's called from spufs_fill_dir(), and caller of that will do spufs_rmdir() in case of failure. That does remove everything we'd managed to create, but... the problem dentry is still negative. IOW, it needs to be explicitly dropped. In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak on spufs_new_file() failure It's called from spufs_fill_dir(), and caller of th... • https://git.kernel.org/stable/c/3f51dd91c80746a5cf76f8c4a77bfc88aa82bb9e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22026 – nfsd: don't ignore the return code of svc_proc_register()
https://notcve.org/view.php?id=CVE-2025-22026
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail i... • https://git.kernel.org/stable/c/6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-22025 – nfsd: put dl_stid if fail to queue dl_recall
https://notcve.org/view.php?id=CVE-2025-22025
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the reference count of dl_stid. We expect that after the corresponding work_struct is processed, the reference count of dl_stid will be decremented through the callback function nfsd4_cb_recall_release. However, if the call to nfsd4_run_cb fails, the incremented reference count of dl_stid will not be decremented corre... • https://git.kernel.org/stable/c/b874cdef4e67e5150e07eff0eae1cbb21fb92da1 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58095 – jfs: add check read-only before txBeginAnon() call
https://notcve.org/view.php?id=CVE-2024-58095
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before txBeginAnon() call Added a read-only check before calling `txBeginAnon` in `extAlloc` and `extRecord`. This prevents modification attempts on a read-only mounted filesystem, avoiding potential errors or crashes. Call trace: txBeginAnon+0xac/0x154 extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78 jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248 __block_write_begin_int+0x580/0x166c fs/buffer.c:2128 __block_write_begin fs/... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58094 – jfs: add check read-only before truncation in jfs_truncate_nolock()
https://notcve.org/view.php?id=CVE-2024-58094
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfs_truncate_nolock() Added a check for "read-only" mode in the `jfs_truncate_nolock` function to avoid errors related to writing to a read-only filesystem. Call stack: block_write_begin() { jfs_write_failed() { jfs_truncate() { jfs_truncate_nolock() { txEnd() { ... log = JFS_SBI(tblk->sb)->log; // (log == NULL) If the `isReadOnly(ip)` condition is triggered in `jfs_truncate_nolock`, the functio... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22022 – usb: xhci: Apply the link chain quirk on NEC isoc endpoints
https://notcve.org/view.php?id=CVE-2025-22022
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after some Missed Service Errors. Faulting address is immediately after a transfer ring segment and patched dynamic debug messages revealed that the MSE was received when waiting for a TD near the end of that segment: [ 1.041954] xhci_hcd: Miss service interval er... • https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231999d279c40afb21 •