CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21919 – sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
https://notcve.org/view.php?id=CVE-2025-21919
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. • https://git.kernel.org/stable/c/fdaba61ef8a268d4136d0a113d153f7a89eb9984 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21918 – usb: typec: ucsi: Fix NULL pointer access
https://notcve.org/view.php?id=CVE-2025-21918
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. • https://git.kernel.org/stable/c/b9aa02ca39a49740926c2c450a1505a4a0f8954a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21917 – usb: renesas_usbhs: Flush the notify_hotplug_work
https://notcve.org/view.php?id=CVE-2025-21917
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Flush the notify_hotplug_work When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Flush the notify_hotplug_work When performing continuous unbind/bind oper... • https://git.kernel.org/stable/c/bc57381e634782009b1cb2e86b18013699ada576 •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2025-21916 – usb: atm: cxacru: fix a flaw in existing endpoint checks
https://notcve.org/view.php?id=CVE-2025-21916
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. • https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21915 – cdx: Fix possible UAF error in driver_override_show()
https://notcve.org/view.php?id=CVE-2025-21915
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_ove... • https://git.kernel.org/stable/c/2959ab247061e67485d83b6af8feb3761ec08cb9 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21914 – slimbus: messaging: Free transaction ID in delayed interrupt scenario
https://notcve.org/view.php?id=CVE-2025-21914
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slim_do_transfer() returns timeout error but the transaction ID (TID) is not freed. In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slim_do_transfer() returns timeout error but the tra... • https://git.kernel.org/stable/c/afbdcc7c384b0d446da08b1e0901dc176b41b9e0 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21913 – x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
https://notcve.org/view.php?id=CVE-2025-21913
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Xen doesn't offer MSR_FAM10H_MMIO_CONF_BASE to all guests. In the Linux kernel, the following vulnerability has been resolved: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Xen doesn't offer MSR_FAM10H_MMIO_CONF_BASE to all guests. ... • https://git.kernel.org/stable/c/3fac3734c43a2e21fefeb72124d8bd31dff3956f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21912 – gpio: rcar: Use raw_spinlock to protect register access
https://notcve.org/view.php?id=CVE-2025-21912
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: rcar: Use raw_spinlock to protect register access Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access. • https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21911 – drm/imagination: avoid deadlock on fence release
https://notcve.org/view.php?id=CVE-2025-21911
01 Apr 2025 — Fixes deadlock issues such as the following: [ 607.400437] ============================================ [ 607.405755] WARNING: possible recursive locking detected [ 607.415500] -------------------------------------------- [ 607.420817] weston:zfq0/24149 is trying to acquire lock: [ 607.426131] ffff000017d041a0 (reservation_ww_class_mutex){+.+.}-{3:3}, at: pvr_gem_object_vunmap+0x40/0xc0 [powervr] [ 607.436728] but task is already holding lock: [ 607.442554] ffff000017d105a0 (reservation_ww_class_mutex){+.+.... • https://git.kernel.org/stable/c/eaf01ee5ba28b97f96a3d3eec4c5fbfb37ee4cde •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21910 – wifi: cfg80211: regulatory: improve invalid hints checking
https://notcve.org/view.php?id=CVE-2025-21910
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue [1] that occurs when erroneous symbols sent from userspace get through into user_alpha2[] via regulatory_hint_user() call. ... Prevent this by enhancing is_an_alpha2() to ensure that incoming symbols are latin letters and nothing else. • https://git.kernel.org/stable/c/09d989d179d0c679043556dda77c51b41a2dae7e •