
CVE-2025-21948 – HID: appleir: Fix potential NULL dereference at raw event handle
https://notcve.org/view.php?id=CVE-2025-21948
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: appleir: Fix potential NULL dereference at raw event handle Syzkaller reports a NULL pointer dereference issue in input_event(). ... Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. ... Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Chenyuan Yang discovered that the CEC driver driver in the Li... • https://git.kernel.org/stable/c/9a4a5574ce427c364d81746fc7fb82d86b5f1a7e •

CVE-2025-21947 – ksmbd: fix type confusion via race condition when using ipc_msg_send_request
https://notcve.org/view.php?id=CVE-2025-21947
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix type confusion via race condition when using ipc_msg_send_request req->handle is allocated using ksmbd_acquire_id(&ipc_ida), based on ida_alloc. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix type confusion via race condition when using ipc_msg_send_request req->handle is allocated using ksmbd_acquire_id(&ipc_ida), based on ida_alloc. • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •

CVE-2025-21946 – ksmbd: fix out-of-bounds in parse_sec_desc()
https://notcve.org/view.php?id=CVE-2025-21946
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parse_sec_desc() If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd struct size. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parse_sec_desc() If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd struct size. ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •

CVE-2025-21945 – ksmbd: fix use-after-free in smb2_lock
https://notcve.org/view.php?id=CVE-2025-21945
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_lock If smb_lock->zero_len has value, ->llist of smb_lock is not delete and flock is old one. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_lock If smb_lock->zero_len has value, ->llist of smb_lock is not delete and flock is old one. ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf • CWE-416: Use After Free •

CVE-2025-21944 – ksmbd: fix bug on trap in smb2_lock
https://notcve.org/view.php?id=CVE-2025-21944
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix bug on trap in smb2_lock If lock count is greater than 1, flags could be old value. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix bug on trap in smb2_lock If lock count is greater than 1, flags could be old value. It should be checked with flags of smb_lock, not flags. It will cause bug-on trap from locks_free_lock in error handling routine. • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •

CVE-2025-21943 – gpio: aggregator: protect driver attr handlers against module unload
https://notcve.org/view.php?id=CVE-2025-21943
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both new_device_store and delete_device_store touch module global resources (e.g. gpio_aggregator_lock). ... ---[ end trace 0000000000000000 ]--- In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both new_device_store and delete_device_store touch module global reso... • https://git.kernel.org/stable/c/828546e24280f721350a7a0dcc92416e917b4382 •

CVE-2025-21942 – btrfs: zoned: fix extent range end unlock in cow_file_range()
https://notcve.org/view.php?id=CVE-2025-21942
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix extent range end unlock in cow_file_range() Running generic/751 on the for-next branch often results in a hang like below. ... In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix extent range end unlock in cow_file_range() Running generic/751 on the for-next branch often results in a hang like below. • https://git.kernel.org/stable/c/692cf71173bb41395c855acbbbe197d3aedfa5d4 •

CVE-2025-21941 – drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
https://notcve.org/view.php?id=CVE-2025-21941
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. ... (cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference iss... • https://git.kernel.org/stable/c/3be5262e353b8ab97c528bfc7d0dd3c820e4ba27 •

CVE-2025-21940 – drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
https://notcve.org/view.php?id=CVE-2025-21940
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530) In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when callin... • https://git.kernel.org/stable/c/629568d25fea8ece4f65073f039aeef4e240ab67 •

CVE-2025-21939 – drm/xe/hmm: Don't dereference struct page pointers without notifier lock
https://notcve.org/view.php?id=CVE-2025-21939
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/hmm: Don't dereference struct page pointers without notifier lock The pnfs that we obtain from hmm_range_fault() point to pages that we don't have a reference on, and the guarantee that they are still in the cpu page-tables is that the notifier lock must be held and the notifier seqno is still valid. ... (Matthew Auld) (cherry picked from commit ea3e66d280ce2576664a862693d1da8fd324c317) In the Linux kernel, the followin... • https://git.kernel.org/stable/c/81e058a3e7fd8593d076b4f26f7b8bb49f1d61e3 •