CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52560 – fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()
https://notcve.org/view.php?id=CVE-2024-52560
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the `mi_enum_attr()` function interface with an additional parameter, `struct ntfs_inode *ni`, to allow marking the inode as bad as soon as an error is detected. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the `mi_enum_attr()` function interface with an addi... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52559 – drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2024-52559
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32 values that come from the user via the submit_lookup_cmds() function. This addition could lead to an integer wrapping bug so use size_add() to prevent that. Patchwork: https://patchwork.freedesktop.org/patch/624696/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent int... • https://git.kernel.org/stable/c/198725337ef1f73b73e7dc953c6ffb0799f26ffe •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21754 – btrfs: fix assertion failure when splitting ordered extent after transaction abort
https://notcve.org/view.php?id=CVE-2025-21754
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done at btrfs_destroy_ordered_extents()), and then after that if we enter btrfs_split_ordered_extent() and the ordered extent has bytes left (meaning we have a bio that doesn't cover the whole ordered extent, see details... • https://git.kernel.org/stable/c/52b1fdca23ac0fbcad363a1a5b426bf0d56b715a •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21753 – btrfs: fix use-after-free when attempting to join an aborted transaction
https://notcve.org/view.php?id=CVE-2025-21753
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fs_info->trans_lock and without holding any extra reference count on it. This means that a concurrent task that is aborting the transaction may free the transaction before we read its 'aborted' field, leading to a use-after-free. Fix this by reading the '... • https://git.kernel.org/stable/c/871383be592ba7e819d27556591e315a0df38cee • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21752 – btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents
https://notcve.org/view.php?id=CVE-2025-21752
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Don't use btrfs_set_item_key_safe() to modify the keys in the RAID stripe-tree, as this can lead to corruption of the tree, which is caught by the checks in btrfs_set_item_key_safe(): BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12 BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030 [ snip ] item 105 key (354549760 230 2048... • https://git.kernel.org/stable/c/1c25eff52ee5a02a2c4be659a44ae972d9989742 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21750 – wifi: brcmfmac: Check the return value of of_property_read_string_index()
https://notcve.org/view.php?id=CVE-2025-21750
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random pointer to devm_kstrdup(). The crash I am getting looks like this: BUG: unable to handle page fault for address: 00007f033c669379 PF: supervisor read access in kernel mode PF: error_code(0x0001) - permissions ... • https://git.kernel.org/stable/c/af525a8b2ab85291617e79a5bb18bcdcb529e80c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21749 – net: rose: lock the socket in rose_bind()
https://notcve.org/view.php?id=CVE-2025-21749
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rose_bind() syzbot reported a soft lockup in rose_loopback_timer(), with a repro calling bind() from multiple threads. rose_bind() must lock the socket to avoid this issue. In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rose_bind() syzbot reported a soft lockup in rose_loopback_timer(), with a repro calling bind() from multiple threads. rose_bind() must lock th... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21748 – ksmbd: fix integer overflows on 32 bit systems
https://notcve.org/view.php?id=CVE-2025-21748
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipc_msg_alloc() can potentially overflow leading to memory corruption. Add bounds checking using KSMBD_IPC_MAX_PAYLOAD to avoid overflow. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipc_msg_alloc() can potentially overflow leading to memo... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21746 – Input: synaptics - fix crash when enabling pass-through port
https://notcve.org/view.php?id=CVE-2025-21746
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse instance presumably associated with the pass-through port to figure out if only 1 byte of response or entire protocol packet needs to be forwarded to the pass-through port and may crash if psmouse instance has not been... • https://git.kernel.org/stable/c/100e16959c3ca8cb7be788ed3e2c5867481f35f6 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21745 – blk-cgroup: Fix class @block_class's subsystem refcount leakage
https://notcve.org/view.php?id=CVE-2025-21745
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount leakage blkcg_fill_root_iostats() iterates over @block_class's devices by class_dev_iter_(init|next)(), but does not end iterating with class_dev_iter_exit(), so causes the class's subsystem refcount leakage. Fix by ending the iterating with class_dev_iter_exit(). In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount... • https://git.kernel.org/stable/c/ef45fe470e1e5410db4af87abc5d5055427945ac •