CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21737 – ceph: fix memory leak in ceph_mds_auth_match()
https://notcve.org/view.php?id=CVE-2025-21737
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_mds_auth_match() We now free the temporary target path substring allocation on every possible branch, instead of omitting the default branch. In some cases, a memory leak occured, which could rapidly crash the system (depending on how many file accesses were attempted). This was detected in production because it caused a continuous memory growth, eventually triggering kernel OOM and completely hard-locking the ... • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21736 – nilfs2: fix possible int overflows in nilfs_fiemap()
https://notcve.org/view.php?id=CVE-2025-21736
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix possible int overflows in nilfs_fiemap() Since nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result by being prepared to go through potentially maxblocks == INT_MAX blocks, the value in n may experience an overflow caused by left shift of blkbits. While it is extremely unlikely to occur, play it safe and cast right hand expression to wider type to mitigate the issue. Found by Linux Verification Center (linuxtesting... • https://git.kernel.org/stable/c/622daaff0a8975fb5c5b95f24f3234550ba32e92 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21735 – NFC: nci: Add bounds checking in nci_hci_create_pipe()
https://notcve.org/view.php?id=CVE-2025-21735
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, nci_hci_connect_gate(). In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory co... • https://git.kernel.org/stable/c/a1b0b9415817c14d207921582f269d03f848b69f •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21734 – misc: fastrpc: Fix copy buffer page size
https://notcve.org/view.php?id=CVE-2025-21734
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix copy buffer page size For non-registered buffer, fastrpc driver copies the buffer and pass it to the remote subsystem. There is a problem with current implementation of page size calculation which is not considering the offset in the calculation. This might lead to passing of improper and out-of-bounds page size which could result in memory issue. Calculate page start and page end using the offset adjusted address instead... • https://git.kernel.org/stable/c/02b45b47fbe84e23699bb6bdc74d4c2780e282b4 •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21733 – tracing/osnoise: Fix resetting of tracepoints
https://notcve.org/view.php?id=CVE-2025-21733
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix resetting of tracepoints If a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD disabled, but then that option is enabled and timerlat is removed, the tracepoints that were enabled on timerlat registration do not get disabled. If the option is disabled again and timelat is started, then it triggers a warning in the tracepoint code due to registering the tracepoint again without ever disabling it. Do no... • https://git.kernel.org/stable/c/e88ed227f639ebcb31ed4e5b88756b47d904584b •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21732 – RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
https://notcve.org/view.php?id=CVE-2025-21732
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can result in a CQE with an error on the UMR QP. During the __mlx5_ib_dereg_mr() flow, the following sequence of calls occurs: mlx5_revoke_mr() mlx5r_umr_revoke_mr() mlx5r_umr_post_send_wait() At this point, the lkey is freed from the hardware's perspective. However, concurrently, mlx5_ib_invalidate_range() might be tri... • https://git.kernel.org/stable/c/e6fb246ccafbdfc86e0750af021628132fdbceac •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-58019 – nvkm/gsp: correctly advance the read pointer of GSP message queue
https://notcve.org/view.php?id=CVE-2024-58019
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nvkm/gsp: correctly advance the read pointer of GSP message queue A GSP event message consists three parts: message header, RPC header, message body. GSP calculates the number of pages to write from the total size of a GSP message. This behavior can be observed from the movement of the write pointer. However, nvkm takes only the size of RPC header and message body as the message size when advancing the read pointer. When handling a two-page... • https://git.kernel.org/stable/c/5185e63b45ea39339ed83f269e2ddfafb07e70d9 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-58018 – nvkm: correctly calculate the available space of the GSP cmdq buffer
https://notcve.org/view.php?id=CVE-2024-58018
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535_gsp_cmdq_push() waits for the available page in the GSP cmdq buffer when handling a large RPC request. When it sees at least one available page in the cmdq, it quits the waiting with the amount of free buffer pages in the queue. Unfortunately, it always takes the [write pointer, buf_size) as available buffer pages before rolling back and wrongly calculates the size of... • https://git.kernel.org/stable/c/56e6c7f6d2a6b4e0aae0528c502e56825bb40598 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58017 – printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
https://notcve.org/view.php?id=CVE-2024-58017
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior. This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer. In the Linux kernel, the following vulnerability has been resolved: ... • https://git.kernel.org/stable/c/9a6d43844de2479a3ff8d674c3e2a16172e01598 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58016 – safesetid: check size of policy writes
https://notcve.org/view.php?id=CVE-2024-58016
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handle_policy_update(), triggering a warning in kmalloc. Check the size specified for write buffers before allocating. [PM: subject tweak] In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entr... • https://git.kernel.org/stable/c/a0dec65f88c8d9290dfa1d2ca1e897abe54c5881 •