CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21967 – ksmbd: fix use-after-free in ksmbd_free_work_struct
https://notcve.org/view.php?id=CVE-2025-21967
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_free_work_struct ->interim_entry of ksmbd_work could be deleted after oplock is freed. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_free_work_struct ->interim_entry of ksmbd_work could be deleted after oplock is freed. We don't need to manage it with linked list. ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21966 – dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature
https://notcve.org/view.php?id=CVE-2025-21966
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. ... Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/1d9a943898533e83f20370c0e1448d606627522e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21965 – sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()
https://notcve.org/view.php?id=CVE-2025-21965
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl() If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel crash. In the Linux kernel, the following vulnerability has been resolved: sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl() If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids range) as prev_cpu to scx_bpf_select_c... • https://git.kernel.org/stable/c/f0e1a0643a59bf1f922fa209cec86a170b784f3f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21964 – cifs: Fix integer overflow while processing acregmax mount option
https://notcve.org/view.php?id=CVE-2025-21964
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. Found by Linux Verification Center (linuxtesting.org) with SVACE. ... • https://git.kernel.org/stable/c/5780464614f6abe6026f00cf5a0777aa453ba450 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21963 – cifs: Fix integer overflow while processing acdirmax mount option
https://notcve.org/view.php?id=CVE-2025-21963
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. Found by Linux Verification Center (linuxtesting.org) with SVACE. ... • https://git.kernel.org/stable/c/4c9f948142a550af416a2bfb5e56d29ce29e92cf • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21962 – cifs: Fix integer overflow while processing closetimeo mount option
https://notcve.org/view.php?id=CVE-2025-21962
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. Found by Linux Verification Center (linuxtesting.org) with SVACE. ... • https://git.kernel.org/stable/c/1d9cad9c5873097ea141ffc5da1e7921ce765aa8 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21961 – eth: bnxt: fix truesize for mb-xdp-pass case
https://notcve.org/view.php?id=CVE-2025-21961
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_buff with xdp_update_skb_shared_info() in bnxt_xdp_build_skb(). In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_buff with xdp_update_skb_shared_info() in ... • https://git.kernel.org/stable/c/1dc4c557bfedfcdf7fc0c46795857773b7ad66e7 • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21960 – eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
https://notcve.org/view.php?id=CVE-2025-21960
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() The bnxt_rx_pkt() updates ip_summed value at the end if checksum offload is enabled. In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() The bnxt_rx_pkt() updates ip_summed value at the end if checksum offload is enabled. • https://git.kernel.org/stable/c/1dc4c557bfedfcdf7fc0c46795857773b7ad66e7 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21959 – netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
https://notcve.org/view.php?id=CVE-2025-21959
01 Apr 2025 — BUG: KMSAN: uninit-value in find_or_evict net/netfilter/nf_conncount.c:117 [inline] BUG: KMSAN: uninit-value in __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143 find_or_evict net/netfilter/nf_conncount.c:117 [inline] __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143 count_tree net/netfilter/nf_conncount.c:438 [inline] nf_conncount_count+0x82f/0x1e80 net/netfilter/nf_conncount.c:521 connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72 __nft_match_eval net/netfilter/nft_comp... • https://git.kernel.org/stable/c/b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21958 – Revert "openvswitch: switch to per-action label counting in conntrack"
https://notcve.org/view.php?id=CVE-2025-21958
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "openvswitch: switch to per-action label counting in conntrack" Currently, ovs_ct_set_labels() is only called for confirmed conntrack entries (ct) within ovs_ct_commit(). ... In the Linux kernel, the following vulnerability has been resolved: Revert "openvswitch: switch to per-action label counting in conntrack" Currently, ovs_ct_set_labels() is only called for confirmed conntrack entries (ct) within ovs_ct_commit(). • https://git.kernel.org/stable/c/fcb1aa5163b1ae4cf2864b688b08927aac51f51e •