CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22123 – f2fs: fix to avoid accessing uninitialized curseg
https://notcve.org/view.php?id=CVE-2025-22123
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid accessing uninitialized curseg syzbot reports a f2fs bug as below: F2FS-fs (loop3): Stopped filesystem due to reason: 7 kworker/u8:7: attempt to access beyond end of device BUG: unable to handle page fault for address: ffffed1604ea3dfa RIP: 0010:get_ckpt_valid_blocks fs/f2fs/segment.h:361 [inline] RIP: 0010:has_curseg_enough_space fs/f2fs/segment.h:570 [inline] RIP: 0010:__get_secs_required fs/f2fs/segment.h:620 [i... • https://git.kernel.org/stable/c/8b10d3653735e117bc1954ade80d75ad7b46b801 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22122 – block: fix adding folio to bio
https://notcve.org/view.php?id=CVE-2025-22122
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio can't be held in 'unsigned int', cause warning in bio_add_folio_nofail() and IO failure. In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio... • https://git.kernel.org/stable/c/ed9832bc08db29874600eb066b74918fe6fc2060 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22121 – ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
https://notcve.org/view.php?id=CVE-2025-22121
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz-executor.0/15172 CPU: 3 PID: 15172 Comm: syz-executor.0 Call Trace: __dump_stack lib/dump_stack.c:82 [inline] dump_stack+0xbe/0xfd lib/dump_stack.c:123 print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400 __k... • https://git.kernel.org/stable/c/e50e5129f384ae282adebfb561189cdb19b81cee •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22120 – ext4: goto right label 'out_mmap_sem' in ext4_setattr()
https://notcve.org/view.php?id=CVE-2025-22120
16 Apr 2025 — task:fsstress state:D stack:0 pid:374 tgid:374 ppid:373 task_flags:0x440140 flags:0x00000000 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22119 – wifi: cfg80211: init wiphy_work before allocating rfkill fails
https://notcve.org/view.php?id=CVE-2025-22119
16 Apr 2025 — CPU: 0 UID: 0 PID: 5935 Comm: syz-executor550 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22118 – ice: validate queue quanta parameters to prevent OOB access
https://notcve.org/view.php?id=CVE-2025-22118
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration. In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration. Ensure end_qid does not overflow by validating start_qid and num_queues. • https://git.kernel.org/stable/c/015307754a19832dd665295f6c123289b0f37ba6 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22117 – ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()
https://notcve.org/view.php?id=CVE-2025-22117
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in function ice_vc_fdir_parse_raw() by verifying if it does not exceed the VIRTCHNL_MAX_SIZE_RAW_PACKET value. In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in functi... • https://git.kernel.org/stable/c/99f419df8a5c5e1a58822203989f77712d01d410 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22116 – idpf: check error for register_netdev() on init
https://notcve.org/view.php?id=CVE-2025-22116
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from register_netdev(), which will cause WARN_ON() on attempt to unregister it, if there was one, and there is no info for the user that the creation of the netdev failed. In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from regis... • https://git.kernel.org/stable/c/0fe45467a1041ea3657a7fa3a791c84c104fbd34 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22115 – btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
https://notcve.org/view.php?id=CVE-2025-22115
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after btrfs_make_block_group() adds it to the space_info with btrfs_add_bg_to_space_info(), but before creation is completely completed in btrfs_create_pending_block_groups(). ... • https://git.kernel.org/stable/c/0657b20c5a76c938612f8409735a8830d257866e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22114 – btrfs: don't clobber ret in btrfs_validate_super()
https://notcve.org/view.php?id=CVE-2025-22114
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't clobber ret in btrfs_validate_super() Commit 2a9bb78cfd36 ("btrfs: validate system chunk array at btrfs_validate_super()") introduces a call to validate_sys_chunk_array() in btrfs_validate_super(), which clobbers the value of ret set earlier. In the Linux kernel, the following vulnerability has been resolved: btrfs: don't clobber ret in btrfs_validate_super() Commit 2a9bb78cfd36 ("btrfs: validate system chunk arra... • https://git.kernel.org/stable/c/2a9bb78cfd367fdeff74f15b1e98969912292d9e •