CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21903 – mctp i3c: handle NULL header address
https://notcve.org/view.php?id=CVE-2025-21903
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mctp i3c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case a packet is transmitted by a different protocol. In the Linux kernel, the following vulnerability has been resolved: mctp i3c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case... • https://git.kernel.org/stable/c/c8755b29b58ec65be17bcb8c40763d2dcb1f1db5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21902 – acpi: typec: ucsi: Introduce a ->poll_cci method
https://notcve.org/view.php?id=CVE-2025-21902
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents are synced to the embedded controller and it ensures that the registers (in particular CCI) are synced back to the opregion on notifications. While there is an ACPI call that syncs the actual registers to the opr... • https://git.kernel.org/stable/c/c0ca6fd5f6ebde8fc0df8bb5c32629d1284f60d0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21901 – RDMA/bnxt_re: Add sanity checks on rdev validity
https://notcve.org/view.php?id=CVE-2025-21901
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add sanity checks on rdev validity There is a possibility that ulp_irq_stop and ulp_irq_start callbacks will be called when the device is in detached state. This can cause a crash due to NULL pointer dereference as the rdev is already freed. In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add sanity checks on rdev validity There is a possibility that ulp_irq_stop and ulp_irq_start callbacks wi... • https://git.kernel.org/stable/c/cc5b9b48d44756a87170f3901c6c2fd99e6b89b2 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21900 – NFSv4: Fix a deadlock when recovering state on a sillyrenamed file
https://notcve.org/view.php?id=CVE-2025-21900
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the application call to close(). When that happens, the call to put_nfs_open_context() can trigger a synchronous delegreturn call which deadlocks because it is not marked as privileged. Instead, ensure that the call to nfs4_ino... • https://git.kernel.org/stable/c/adb4b42d19aea91826621a8d0bac94cf2c08f8bc •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21899 – tracing: Fix bad hist from corrupting named_triggers list
https://notcve.org/view.php?id=CVE-2025-21899
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting named_triggers list The following commands causes a crash: ~# cd /sys/kernel/tracing/events/rcu/rcu_callback ~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' > trigger bash: echo: write error: Invalid argument ~# echo 'hist:name=bad:keys=common_pid' > trigger Because the following occurs: event_trigger_write() { trigger_process_regex() { event_hist_trigger_parse() { data = event_tri... • https://git.kernel.org/stable/c/067fe038e70f6e64960d26a79c4df5f1413d0f13 •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-21898 – ftrace: Avoid potential division by zero in function_stat_show()
https://notcve.org/view.php?id=CVE-2025-21898
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier. In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_s... • https://git.kernel.org/stable/c/f0629ee3922f10112584b1898491fecc74d98b3b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21897 – sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance()
https://notcve.org/view.php?id=CVE-2025-21897
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() a6250aa251ea ("sched_ext: Handle cases where pick_task_scx() is called without preceding balance_scx()") added a workaround to handle the cases where pick_task_scx() is called without prececing balance_scx() which is due to a fair class bug where pick_taks_fair() may return NULL after a true return from balance_fair(). The workaround detects when pick... • https://git.kernel.org/stable/c/a6250aa251eacaf3ebfcfe152a96a727fd483ecd •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21895 – perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list
https://notcve.org/view.php?id=CVE-2025-21895
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same perf_event_pmu_context, but not in the same order. The problem is that the order of pmu_ctx_list for the parent is impacted by the time when an event/PMU is added. While the order for a child is impacted by the event order in... • https://git.kernel.org/stable/c/bd27568117664b8b3e259721393df420ed51f57b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21894 – net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC
https://notcve.org/view.php?id=CVE-2025-21894
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Actually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only ENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash if VFs are used to test one-step timestamp, the crash log as follows. [ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0 [ 129.287769] Call trace: [ 129.290219] enetc_port_mac_wr+0x30/0xec (P) [ 129.294504... • https://git.kernel.org/stable/c/41514737ecaa603a5127cdccdc5f17ef11b9b3dc •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21893 – keys: Fix UAF in key_put()
https://notcve.org/view.php?id=CVE-2025-21893
31 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in key_put() Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so key_put() is not allowed to touch the key after that point. The most key_put() is normally allowed to do is to touch key_gc_work as that's a static global variable. However, in an effort to speed up the reclamation of quota, this is now done in key_put() once the key's usage is reduced to 0 - but now ... • https://git.kernel.org/stable/c/9578e327b2b4935a25d49e3891b8fcca9b6c10c6 • CWE-416: Use After Free •