
CVE-2025-22042 – ksmbd: add bounds check for create lease context
https://notcve.org/view.php?id=CVE-2025-22042
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. ... Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •

CVE-2025-22041 – ksmbd: fix use-after-free in ksmbd_sessions_deregister()
https://notcve.org/view.php?id=CVE-2025-22041
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf • CWE-416: Use After Free •

CVE-2025-22040 – ksmbd: fix session use-after-free in multichannel connection
https://notcve.org/view.php?id=CVE-2025-22040
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf • CWE-416: Use After Free •

CVE-2025-22039 – ksmbd: fix overflow in dacloffset bounds check
https://notcve.org/view.php?id=CVE-2025-22039
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smb_check_perm_dacl() and smb_inherit_dacl(). In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecke... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •

CVE-2025-22038 – ksmbd: validate zero num_subauth before sub_auth is accessed
https://notcve.org/view.php?id=CVE-2025-22038
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read. In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •

CVE-2025-22037 – ksmbd: fix null pointer dereference in alloc_preauth_hash()
https://notcve.org/view.php?id=CVE-2025-22037
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •

CVE-2025-22036 – exfat: fix random stack corruption after get_block
https://notcve.org/view.php?id=CVE-2025-22036
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the following race condition situation. In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such... • https://git.kernel.org/stable/c/11a347fb6cef62ce47e84b97c45f2b2497c7593b •

CVE-2025-22035 – tracing: Fix use-after-free in print_graph_function_flags during tracer switching
https://notcve.org/view.php?id=CVE-2025-22035
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. ... Additionally, clean up the unnecessary 'iter->private = NULL' during each 'cat trace' when using wakeup and irqsoff tracers. [1] https://lore.kernel.org/all/20231112150030.84609-1-ryncsn@gmail.com/ In the Linux kernel, the following vulnerability has... • https://git.kernel.org/stable/c/05319d707732c728eb721ac616a50e7978eb499a • CWE-416: Use After Free •

CVE-2025-22034 – mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs
https://notcve.org/view.php?id=CVE-2025-22034
16 Apr 2025 —

CVE-2025-22033 – arm64: Don't call NULL in do_compat_alignment_fixup()
https://notcve.org/view.php?id=CVE-2025-22033
16 Apr 2025 — Without this patch, the kernel panics: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000006 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000 [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000 Internal error: Oops: 0000000086000006 [#1] SMP Modules linked in: ... • https://git.kernel.org/stable/c/3fc24ef32d3b9368f4c103dcd21d6a3f959b4870 •