CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22046 – uprobes/x86: Harden uretprobe syscall trampoline check
https://notcve.org/view.php?id=CVE-2025-22046
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: uprobes/x86: Harden uretprobe syscall trampoline check Jann reported a possible issue when trampoline_check_ip returns address near the bottom of the address space that is allowed to call into the syscall if uretprobes are not set up: https://lore.kernel.org/bpf/202502081235.5A6F352985@keescook/T/#m9d416df341b8fbc11737dacbcd29f0054413cbbf Though the mmap minimum address restrictions will typically prevent creating mappings there, let... • https://git.kernel.org/stable/c/ff474a78cef5cb5f32be52fe25b78441327a2e7c •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22045 – x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
https://notcve.org/view.php?id=CVE-2025-22045
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE entries in the pointed-to page table: collapse_pte_mapped_thp pmdp_collapse_flush flush_tlb_range The arm64 version of flush_tlb_range() has a comment describing that it can be used for page table removal, and does not use any ... • https://git.kernel.org/stable/c/016c4d92cd16f569c6485ae62b076c1a4b779536 •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-22044 – acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
https://notcve.org/view.php?id=CVE-2025-22044
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Syzkaller has reported a warning in to_nfit_bus_uuid(): "only secondary bus families can be translated". ... [iweiny: update commit message] In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Syzkaller has reported a warning in to_nfit_bus_uuid(): "only secondary bus families can be translated". • https://git.kernel.org/stable/c/6450ddbd5d8e83ea9927c7f9076a21f829699e0f •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22043 – ksmbd: add bounds check for durable handle context
https://notcve.org/view.php?id=CVE-2025-22043
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for durable handle context Add missing bounds check for durable handle context. • https://git.kernel.org/stable/c/8d4848c45943c9cf5e86142fd7347efa97f497db •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22042 – ksmbd: add bounds check for create lease context
https://notcve.org/view.php?id=CVE-2025-22042
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context. • https://git.kernel.org/stable/c/629dd37acc336ad778979361c351e782053ea284 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22041 – ksmbd: fix use-after-free in ksmbd_sessions_deregister()
https://notcve.org/view.php?id=CVE-2025-22041
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a... • https://git.kernel.org/stable/c/f0eb3f575138b816da74697bd506682574742fcd • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22040 – ksmbd: fix session use-after-free in multichannel connection
https://notcve.org/view.php?id=CVE-2025-22040
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. ... In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. • https://git.kernel.org/stable/c/596407adb9af1ee75fe7c7529607783d31b66e7f • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22039 – ksmbd: fix overflow in dacloffset bounds check
https://notcve.org/view.php?id=CVE-2025-22039
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smb_check_perm_dacl() and smb_inherit_dacl(). In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecke... • https://git.kernel.org/stable/c/6a9cd9ff0fa2bcc30b2bfb8bdb161eb20e44b9dc •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22038 – ksmbd: validate zero num_subauth before sub_auth is accessed
https://notcve.org/view.php?id=CVE-2025-22038
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read. In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read... • https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22037 – ksmbd: fix null pointer dereference in alloc_preauth_hash()
https://notcve.org/view.php?id=CVE-2025-22037
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. ... In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. • https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad •