CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21890 – idpf: fix checksums set in idpf_rx_rsc()
https://notcve.org/view.php?id=CVE-2025-21890
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpf_rx_rsc() idpf_rx_rsc() uses skb_transport_offset(skb) while the transport header is not set yet. This triggers the following warning for CONFIG_DEBUG_NET=y builds. DEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb)) [ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf [ 69.261629] Modules linked in: vfat fat dummy bridge int... • https://git.kernel.org/stable/c/3a8845af66edb340ba9210bb8a0da040c7d6e590 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21889 – perf/core: Add RCU read lock protection to perf_iterate_ctx()
https://notcve.org/view.php?id=CVE-2025-21889
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Add RCU read lock protection to perf_iterate_ctx() The perf_iterate_ctx() function performs RCU list traversal but currently lacks RCU read lock protection. This causes lockdep warnings when running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y: WARNING: suspicious RCU usage kernel/events/core.c:8168 RCU-list traversed in non-reader section!! Call Trace: lockdep_rcu_suspicious ? perf_event_addr_filters_apply perf_itera... • https://git.kernel.org/stable/c/bd27568117664b8b3e259721393df420ed51f57b •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21888 – RDMA/mlx5: Fix a WARN during dereg_mr for DM type
https://notcve.org/view.php?id=CVE-2025-21888
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during dereg_mr for DM type Memory regions (MR) of type DM (device memory) do not have an associated umem. In the __mlx5_ib_dereg_mr() -> mlx5_free_priv_descs() flow, the code incorrectly takes the wrong branch, attempting to call dma_unmap_single() on a DMA address that is not mapped. This results in a WARN [1], as shown below. The issue is resolved by properly accounting for the DM type and ensuring the correct branc... • https://git.kernel.org/stable/c/f18ec422311767738ef4033b61e91cae07163b22 •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21887 – ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
https://notcve.org/view.php?id=CVE-2025-21887
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The issue was caused by dput(upper) being called before ovl_dentry_update_reval(), while upper->d_flags was still accessed in ovl_dentry_remote(). Move dput(upper) after its last use to prevent use-after-free. BUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline] BUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/over... • https://git.kernel.org/stable/c/62f29ca45f832e281fc14966ac25f6ff3bd121ca • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21885 – RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
https://notcve.org/view.php?id=CVE-2025-21885
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers While using nvme target with use_srq on, below kernel panic is noticed. [ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514) [ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI .. [ 566.393799]
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21884 – net: better track kernel sockets lifetime
https://notcve.org/view.php?id=CVE-2025-21884
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: better track kernel sockets lifetime While kernel sockets are dismantled during pernet_operations->exit(), their freeing can be delayed by any tx packets still held in qdisc or device queues, due to skb_set_owner_w() prior calls. This then trigger the following warning from ref_tracker_dir_exit() [1] To fix this, make sure that kernel sockets own a reference on net->passive. Add sk_net_refcnt_upgrade() helper, used whenever a kernel so... • https://git.kernel.org/stable/c/0cafd77dcd032d1687efaba5598cf07bce85997f •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21883 – ice: Fix deinitializing VF in error path
https://notcve.org/view.php?id=CVE-2025-21883
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix deinitializing VF in error path If ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees all VFs without removing them from snapshot PF-VF mailbox list, leading to list corruption. Reproducer: devlink dev eswitch set $PF1_PCI mode switchdev ip l s $PF1 up ip l s $PF1 promisc on sleep 1 echo 1 > /sys/class/net/$PF1/device/sriov_numvfs sleep 1 echo 1 > /sys/class/net/$PF1/device/sriov_numvfs Trace (minimized): list_add ... • https://git.kernel.org/stable/c/8cd8a6b17d275a45e3722d0215f6115b687c8c3e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21881 – uprobes: Reject the shared zeropage in uprobe_write_opcode()
https://notcve.org/view.php?id=CVE-2025-21881
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobe_write_opcode() We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3 flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff) raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffff... • https://git.kernel.org/stable/c/2b144498350860b6ee9dc57ff27a93ad488de5dc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21880 – drm/xe/userptr: fix EFAULT handling
https://notcve.org/view.php?id=CVE-2025-21880
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix EFAULT handling Currently we treat EFAULT from hmm_range_fault() as a non-fatal error when called from xe_vm_userptr_pin() with the idea that we want to avoid killing the entire vm and chucking an error, under the assumption that the user just did an unmap or something, and has no intention of actually touching that memory from the GPU. At this point we have already zapped the PTEs so any access should generate a page fa... • https://git.kernel.org/stable/c/521db22a1d70dbc596a07544a738416025b1b63c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21878 – i2c: npcm: disable interrupt enable bit before devm_request_irq
https://notcve.org/view.php?id=CVE-2025-21878
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: disable interrupt enable bit before devm_request_irq The customer reports that there is a soft lockup issue related to the i2c driver. After checking, the i2c module was doing a tx transfer and the bmc machine reboots in the middle of the i2c transaction, the i2c module keeps the status without being reset. Due to such an i2c module status, the i2c irq handler keeps getting triggered since the i2c irq handler is registered in the... • https://git.kernel.org/stable/c/56a1485b102ed1cd5a4af8e87ed794699fd1cad2 •