CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2024-58096 – wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode
https://notcve.org/view.php?id=CVE-2024-58096
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode ath11k_hal_srng_* should be used with srng->lock to protect srng data. For ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(), they use ath11k_hal_srng_* for many times but never call srng->lock. So when running (full) monitor mode, warning will occur: RIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k] Call Trace: ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2024-58095 – jfs: add check read-only before txBeginAnon() call
https://notcve.org/view.php?id=CVE-2024-58095
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before txBeginAnon() call Added a read-only check before calling `txBeginAnon` in `extAlloc` and `extRecord`. This prevents modification attempts on a read-only mounted filesystem, avoiding potential errors or crashes. Call trace: txBeginAnon+0xac/0x154 extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78 jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248 __block_write_begin_int+0x580/0x166c fs/buffer.c:2128 __block_write_begin fs/... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2024-58094 – jfs: add check read-only before truncation in jfs_truncate_nolock()
https://notcve.org/view.php?id=CVE-2024-58094
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfs_truncate_nolock() Added a check for "read-only" mode in the `jfs_truncate_nolock` function to avoid errors related to writing to a read-only filesystem. Call stack: block_write_begin() { jfs_write_failed() { jfs_truncate() { jfs_truncate_nolock() { txEnd() { ... log = JFS_SBI(tblk->sb)->log; // (log == NULL) If the `isReadOnly(ip)` condition is triggered in `jfs_truncate_nolock`, the functio... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2024-58093 – PCI/ASPM: Fix link state exit during switch upstream function removal
https://notcve.org/view.php?id=CVE-2024-58093
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f ("PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free"), we would free the ASPM link only after the last function on the bus pertaining to the given link was removed. That was too late. If function 0 is removed before sibling function, link->downstream would point to free'd memory after. After above change, we freed the ASPM parent l... • https://git.kernel.org/stable/c/456d8aa37d0f56fc9e985e812496e861dcd6f2f2 •
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2023-53034 – ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
https://notcve.org/view.php?id=CVE-2023-53034
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000 [ 23.734158] ================================================================================ [ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_... • https://git.kernel.org/stable/c/1e2fd202f8593985cdadca32e0c322f98e7fe7cb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-58092 – nfsd: fix legacy client tracking initialization
https://notcve.org/view.php?id=CVE-2024-58092
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix legacy client tracking initialization Get rid of the nfsd4_legacy_tracking_ops->init() call in check_for_legacy_methods(). That will be handled in the caller (nfsd4_client_tracking_init()). Otherwise, we'll wind up calling nfsd4_legacy_tracking_ops->init() twice, and the second time we'll trigger the BUG_ON() in nfsd4_init_recdir(). In the Linux kernel, the following vulnerability has been resolved: nfsd: fix legacy client trackin... • https://git.kernel.org/stable/c/74fd48739d0488e39ae18b0168720f449a06690c •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22023 – usb: xhci: Don't skip on Stopped - Length Invalid
https://notcve.org/view.php?id=CVE-2025-22023
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned when isoc ring is stopped") in v6.11, the driver didn't skip missed isochronous TDs when handling Stoppend and Stopped - Length Invalid events. Instead, it erroneously cleared the skip flag, which would cause the ring to get stuck, as future events won't match the missed TD which is never removed from the queue un... • https://git.kernel.org/stable/c/d56b0b2ab142940b06eac56dcb3ab1ab88df38a2 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22022 – usb: xhci: Apply the link chain quirk on NEC isoc endpoints
https://notcve.org/view.php?id=CVE-2025-22022
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after some Missed Service Errors. Faulting address is immediately after a transfer ring segment and patched dynamic debug messages revealed that the MSE was received when waiting for a TD near the end of that segment: [ 1.041954] xhci_hcd: Miss service interval er... • https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231999d279c40afb21 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22021 – netfilter: socket: Lookup orig tuple for IPv6 SNAT
https://notcve.org/view.php?id=CVE-2025-22021
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any). Then socket_match() can correctly check whether the socket was transparent. However, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this conntrack lookup, making xt_socket fail to match on the socket when the packet was SNATed. Add... • https://git.kernel.org/stable/c/eb31628e37a0a4e01fffd79dcc7f815d2357f53a •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22020 – memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
https://notcve.org/view.php?id=CVE-2025-22020
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241 CPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1 Tainted: [E]=UNSIGNED_MODULE Hardwar... • https://git.kernel.org/stable/c/6827ca573c03385439fdfc8b512d556dc7c54fc9 •