CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22023 – usb: xhci: Don't skip on Stopped - Length Invalid
https://notcve.org/view.php?id=CVE-2025-22023
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned when isoc ring is stopped") in v6.11, the driver didn't skip missed isochronous TDs when handling Stoppend and Stopped - Length Invalid events. In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhc... • https://git.kernel.org/stable/c/d56b0b2ab142940b06eac56dcb3ab1ab88df38a2 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22022 – usb: xhci: Apply the link chain quirk on NEC isoc endpoints
https://notcve.org/view.php?id=CVE-2025-22022
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after some Missed Service Errors. ... No ne ---truncated--- In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with sta... • https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231999d279c40afb21 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22021 – netfilter: socket: Lookup orig tuple for IPv6 SNAT
https://notcve.org/view.php?id=CVE-2025-22021
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any). In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in ca... • https://git.kernel.org/stable/c/eb31628e37a0a4e01fffd79dcc7f815d2357f53a •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22020 – memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
https://notcve.org/view.php?id=CVE-2025-22020
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241 CPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1 Tainted: [E]=UNSIGNED_MODULE ... • https://git.kernel.org/stable/c/6827ca573c03385439fdfc8b512d556dc7c54fc9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22019 – bcachefs: bch2_ioctl_subvolume_destroy() fixes
https://notcve.org/view.php?id=CVE-2025-22019
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: bcachefs: bch2_ioctl_subvolume_destroy() fixes bch2_evict_subvolume_inodes() was getting stuck - due to incorrectly pruning the dcache. ... In the Linux kernel, the following vulnerability has been resolved: bcachefs: bch2_ioctl_subvolume_destroy() fixes bch2_evict_subvolume_inodes() was getting stuck - due to incorrectly pruning the dcache. • https://git.kernel.org/stable/c/9e6e83e1e2d01b99e70cd7812d7f758a8def9fc8 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22018 – atm: Fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2025-22018
16 Apr 2025 — syscall_exit_to_user_mode+0x123/0x140 [ 3.340898] do_syscall_64+0xa6/0x1a0 [ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3.341533] RIP: 0033:0x44a380 [ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00 [ ---truncated--- In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holding... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22017 – devlink: fix xa_alloc_cyclic() error handling
https://notcve.org/view.php?id=CVE-2025-22017
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. ... En el kernel de ... • https://git.kernel.org/stable/c/c137743bce02b18c1537d4681aa515f7b80bf0a8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22016 – dpll: fix xa_alloc_cyclic() error handling
https://notcve.org/view.php?id=CVE-2025-22016
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. ... En el kernel de Lin... • https://git.kernel.org/stable/c/97f265ef7f5b526b33d6030b2a1fc69a2259bf4a •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22015 – mm/migrate: fix shmem xarray update during migration
https://notcve.org/view.php?id=CVE-2025-22015
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time. In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time. ... • https://git.kernel.org/stable/c/be72d197b2281e2ee3f28017fc9be1ab17e26d16 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22014 – soc: qcom: pdr: Fix the potential deadlock
https://notcve.org/view.php?id=CVE-2025-22014
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and call pdr_locator_new_server() which eventually sets pdr->locator_init_complete to true which process A sees and takes list lock and queries domain list but it will timeout due to deadlock as the response wil... • https://git.kernel.org/stable/c/fbe639b44a82755d639df1c5d147c93f02ac5a0f •