CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53035 – nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
https://notcve.org/view.php?id=CVE-2023-53035
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This can occur when the element size of the user space metadata given by the v_size member of the argument nilfs_argv structure is larger than the... • https://git.kernel.org/stable/c/a94932381e8dae4117e9129b3c1282e18aa97b05 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49933 – KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling
https://notcve.org/view.php?id=CVE-2022-49933
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling Reset the eVMCS controls in the per-CPU VP assist page during hardware disabling instead of waiting until kvm-intel's module exit. The controls are activated if and only if KVM creates a VM, i.e. don't need to be reset if hardware is never enabled. Doing the reset during hardware disabling will naturally fix a potential NULL pointer deref bug once KVM disables CPU ho... • https://git.kernel.org/stable/c/afb26bfc01db6ef4728e96314f08431934ffe833 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49932 – KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace
https://notcve.org/view.php?id=CVE-2022-49932
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace Call kvm_init() only after _all_ setup is complete, as kvm_init() exposes /dev/kvm to userspace and thus allows userspace to create VMs (and call other ioctls). E.g. KVM will encounter a NULL pointer when attempting to add a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to create a VM before vmx_init() configures said list. BUG: kernel NULL pointer d... • https://git.kernel.org/stable/c/e136e969d268b9b89329c816c002e53f60e82985 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37798 – codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
https://notcve.org/view.php?id=CVE-2025-37798
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue(). In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the c... • https://git.kernel.org/stable/c/76e3cc126bb223013a6b9a0e2a51238d1ef2e409 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37797 – net_sched: hfsc: Fix a UAF vulnerability in class handling
https://notcve.org/view.php?id=CVE-2025-37797
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qd... • https://git.kernel.org/stable/c/21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49897 – fscrypt: fix keyring memory leak on mount failure
https://notcve.org/view.php?id=CVE-2022-49897
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix keyring memory leak on mount failure Commit d7e7b9af104c ("fscrypt: stop using keyrings subsystem for fscrypt_master_key") moved the keyring destruction from __put_super() to generic_shutdown_super() so that the filesystem's block device(s) are still available. Unfortunately, this causes a memory leak in the case where a mount is attempted with the test_dummy_encryption mount option, but the mount fails after the option has alr... • https://git.kernel.org/stable/c/ccd30a476f8e864732de220bd50e6f372f5ebcab •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49856 – net: tun: call napi_schedule_prep() to ensure we own a napi
https://notcve.org/view.php?id=CVE-2022-49856
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tun: call napi_schedule_prep() to ensure we own a napi A recent patch exposed another issue in napi_get_frags() caught by syzbot [1] Before feeding packets to GRO, and calling napi_complete() we must first grab NAPI_STATE_SCHED. [1] WARNING: CPU: 0 PID: 3612 at net/core/dev.c:6076 napi_complete_done+0x45b/0x880 net/core/dev.c:6076 Modules linked in: CPU: 0 PID: 3612 Comm: syz-executor408 Not tainted 6.1.0-rc3-syzkaller-00175-g1118b2049... • https://git.kernel.org/stable/c/07d120aa33cc9d9115753d159f64d20c94458781 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49843 – drm/amdkfd: Migrate in CPU page fault use current mm
https://notcve.org/view.php?id=CVE-2022-49843
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Migrate in CPU page fault use current mm migrate_vma_setup shows below warning because we don't hold another process mm mmap_lock. We should use current vmf->vma->vm_mm instead, the caller already hold current mmap lock inside CPU page fault handler. WARNING: CPU: 10 PID: 3054 at include/linux/mmap_lock.h:155 find_vma Call Trace: walk_page_range+0x76/0x150 migrate_vma_setup+0x18a/0x640 svm_migrate_vram_to_ram+0x245/0xa10 [amdgpu... • https://git.kernel.org/stable/c/3a876060892ba52dd67d197c78b955e62657d906 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37796 – wifi: at76c50x: fix use after free access in at76_disconnect
https://notcve.org/view.php?id=CVE-2025-37796
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use after free access in at76_disconnect The memory pointed to by priv is freed at the end of at76_delete_device function (using ieee80211_free_hw). But the code then accesses the udev field of the freed object to put the USB device. This may also lead to a memory leak of the usb device. Fix this by using udev from interface. In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use afte... • https://git.kernel.org/stable/c/29e20aa6c6aff35c81d4da2e2cd516dadb569061 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37795 – wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
https://notcve.org/view.php?id=CVE-2025-37795
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() The ieee80211 skb control block key (set when skb was queued) could have been removed before ieee80211_tx_dequeue() call. ieee80211_tx_dequeue() already called ieee80211_tx_h_select_key() to get the current key, but the latter do not update the key in skb control block in case it is NULL. Because some drivers actually use this key in their TX callbacks (e.g. ath1{1,2}k... • https://git.kernel.org/stable/c/bb42f2d13ffcd0baed7547b37d05add51fcd50e1 •