CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52935 – mm/khugepaged: fix ->anon_vma race
https://notcve.org/view.php?id=CVE-2023-52935
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anon_vma lock (if the VMA is associated with an anon_vma), and the mapping lock (if the VMA is associated with a mapping); and so to be able to remove page tables, we must hold all three of them. retract_page_tables() bails out if an ->anon_vma is at... • https://git.kernel.org/stable/c/f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52933 – Squashfs: fix handling and sanity checking of xattr_ids count
https://notcve.org/view.php?id=CVE-2023-52933
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these flaws cause computation overflow due to incorrect typing. In the corrupted filesystem the xattr_ids value is 4294967071, which stored in a signed variable becomes the negative number -225. Flaw 1 (64-bit systems only): The signed integer ... • https://git.kernel.org/stable/c/ff49cace7b8cf00d27665f7536a863d406963d06 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52932 – mm/swapfile: add cond_resched() in get_swap_pages()
https://notcve.org/view.php?id=CVE-2023-52932
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: add cond_resched() in get_swap_pages() The softlockup still occurs in get_swap_pages() under memory pressure. 64 CPU cores, 64GB memory, and 28 zram devices, the disksize of each zram device is 50MB with same priority as si. Use the stress-ng tool to increase memory pressure, causing the system to oom frequently. The plist_for_each_entry_safe() loops in get_swap_pages() could reach tens of thousands of times to find available s... • https://git.kernel.org/stable/c/29f0349c5c76b627fe06b87d4b13fa03a6ce8e64 • CWE-667: Improper Locking •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21891 – ipvlan: ensure network headers are in skb linear part
https://notcve.org/view.php?id=CVE-2025-21891
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlan_process_v6_outbound() was assuming the IPv6 network header isis present in skb->head [1] Add the needed pskb_network_may_pull() calls for both IPv4 and IPv6 handlers. [1] BUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 ipv6_addr_type include/net/ipv6.h:555 [inline] ip6_rou... • https://git.kernel.org/stable/c/2ad7bf3638411cb547f2823df08166c13ab04269 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21881 – uprobes: Reject the shared zeropage in uprobe_write_opcode()
https://notcve.org/view.php?id=CVE-2025-21881
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobe_write_opcode() We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3 flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff) raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffff... • https://git.kernel.org/stable/c/2b144498350860b6ee9dc57ff27a93ad488de5dc •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21877 – usbnet: gl620a: fix endpoint checking in genelink_bind()
https://notcve.org/view.php?id=CVE-2025-21877
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelink_bind() Syzbot reports [1] a warning in usb_submit_urb() triggered by inconsistencies between expected and actually present endpoints in gl620a driver. Since genelink_bind() does not properly verify whether specified eps are in fact provided by the device, in this case, an artificially manufactured one, one may get a mismatch. Fix the issue by resorting to a usbnet utility function usbnet_get... • https://git.kernel.org/stable/c/47ee3051c856cc2aa95d35d577a8cb37279d540f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58090 – sched/core: Prevent rescheduling when interrupts are disabled
https://notcve.org/view.php?id=CVE-2024-58090
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21871 – tee: optee: Fix supplicant wait loop
https://notcve.org/view.php?id=CVE-2025-21871
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix supplicant wait loop OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It becomes more complicated when there is incorrect shutdown ordering of the supplicant process vs the OP-TEE client application which can eventually lead to system hang-up waiting for the closure of the client application. Allow the client process waiting in kern... • https://git.kernel.org/stable/c/4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21866 – powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
https://notcve.org/view.php?id=CVE-2025-21866
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8 Write of size 8 at addr f1000000 by task chronyd/1293 CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2 Tainted: [W]=WARN Hardware name: PowerMac3,6 7455 0x8... • https://git.kernel.org/stable/c/37bc3e5fd764fb258ff4fcbb90b6d1b67fb466c1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21862 – drop_monitor: fix incorrect initialization order
https://notcve.org/view.php?id=CVE-2025-21862
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: