CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21714 – RDMA/mlx5: Fix implicit ODP use after free
https://notcve.org/view.php?id=CVE-2025-21714
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using __xa_cmpxchg() to make sure this is the only time we are destroying this specific mr. Without this change, we could try to invalidate this mr twice, which in turn could result in queuing a MR work destroy twice, and eventually the second work could execute after the MR was freed due to the first work, causing a user after free and tra... • https://git.kernel.org/stable/c/5256edcb98a14b11409a2d323f56a70a8b366363 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21712 – md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
https://notcve.org/view.php?id=CVE-2025-21712
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct md_bitmap_stats"), following panic is reported: Oops: general protection fault, probably for non-canonical address RIP: 0010:bitmap_get_stats+0x2b/0xa0 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21711 – net/rose: prevent integer overflows in rose_setsockopt()
https://notcve.org/view.php?id=CVE-2025-21711
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsockopt() and multiplied by extra values on top of that, integer overflows may occur. Do the safest minimum and fix these issues by checking the contents of 'opt' and returning -EINVAL if they are too large. Also, switch to unsigned int and remove useless check for negative 'opt' in ROSE_IDLE case. In the Linux kernel... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21710 – tcp: correct handling of extreme memory squeeze
https://notcve.org/view.php?id=CVE-2025-21710
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: correct handling of extreme memory squeeze Testing with iperf3 using the "pasta" protocol splicer has revealed a problem in the way tcp handles window advertising in extreme memory squeeze situations. Under memory pressure, a socket endpoint may temporarily advertise a zero-sized window, but this is not stored as part of the socket data. The reasoning behind this is that it is considered a temporary setting which shouldn't influence an... • https://git.kernel.org/stable/c/e2142825c120d4317abf7160a0fc34b3de532586 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21708 – net: usb: rtl8150: enable basic endpoint checking
https://notcve.org/view.php?id=CVE-2025-21708
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: enable basic endpoint checking Syzkaller reports [1] encountering a common issue of utilizing a wrong usb endpoint type during URB submitting stage. This, in turn, triggers a warning shown below. For now, enable simple endpoint checking (specifically, bulk and interrupt eps, testing control one is not essential) to mitigate the issue with a view to do other related cosmetic changes later, if they are necessary. [1] Syzkal... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21707 – mptcp: consolidate suboption status
https://notcve.org/view.php?id=CVE-2025-21707
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsing is not enough to ensure a consistent status, and the MPTCP code has to additionally clear some bitfiled depending on the actually parsed suboption. The above schema is fragile, and syzbot managed to trigger a pat... • https://git.kernel.org/stable/c/84dfe3677a6f45b3d0dfdd564e55717a1a5e60cc •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21706 – mptcp: pm: only set fullmesh for subflow endp
https://notcve.org/view.php?id=CVE-2025-21706
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcp_pm_nl_fullmesh() expects to change it only on 'subflow' endpoints, to recreate more or less subflows using the linked address. Unfortunately, the set_flags() hook was a bit more permissive, and allowed 'implicit' endpoints to get the 'fullmesh' flag while it is not allowed before. That's what syzbot ... • https://git.kernel.org/stable/c/73c762c1f07dacba4fd1cefd15e24b419d42320d •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21705 – mptcp: handle fastopen disconnect correctly
https://notcve.org/view.php?id=CVE-2025-21705
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: handle fastopen disconnect correctly Syzbot was able to trigger a data stream corruption: WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024 Modules linked in: CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:__mptcp_clean_una+0xdd... • https://git.kernel.org/stable/c/b7bb71dfb541df376c21c24451369fea83c4f327 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57999 – powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
https://notcve.org/view.php?id=CVE-2024-57999
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Power Hypervisor can possibily allocate MMIO window intersecting with Dynamic DMA Window (DDW) range, which is over 32-bit addressing. These MMIO pages needs to be marked as reserved so that IOMMU doesn't map DMA buffers in this range. The current code is not marking these pages correctly which is resulting in LPAR to OOPS while booting. The stack is at below BUG: Unable to ha... • https://git.kernel.org/stable/c/3c33066a21903076722a2881556a92aa3cd7d359 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57998 – OPP: add index check to assert to avoid buffer overflow in _read_freq()
https://notcve.org/view.php?id=CVE-2024-57998
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed variants: dev_pm_opp_find_freq_exact_indexed() or dev_pm_opp_find_freq_ceil/floor_indexed(). Add a secondary parameter to the assert function, unused for assert_single_clk() then add assert_clk_index() which will check for the clock in... • https://git.kernel.org/stable/c/142e17c1c2b48e3fb4f024e62ab6dee18f268694 •