CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21992 – HID: ignore non-functional sensor in HP 5MP Camera
https://notcve.org/view.php?id=CVE-2025-21992
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:... • https://git.kernel.org/stable/c/9af297aea8f76a0ad21f2de5f2cd6401a748b9c3 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2025-21991 – x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
https://notcve.org/view.php?id=CVE-2025-21991
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't ha... • https://git.kernel.org/stable/c/979e197968a1e8f09bf0d706801dba4432f85ab3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21990 – drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags
https://notcve.org/view.php?id=CVE-2025-21990
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will be NULL. Check for that before dereferencing. (cherry picked from commit 3e3fcd29b505cebed659311337ea03b7698767fc) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo-... • https://git.kernel.org/stable/c/0cce5f285d9ae81c33993f3270fe77f5e74a69ab •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21989 – drm/amd/display: fix missing .is_two_pixels_per_container
https://notcve.org/view.php?id=CVE-2025-21989
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .is_two_pixels_per_container function in dce60_tg_funcs, causes a NULL pointer dereference on PCs with old GPUs, such as R9 280X. So this fix adds missing .is_two_pixels_per_container to dce60_tg_funcs. (cherry picked from commit bd4b125eb949785c6f8a53b0494e32795421209d) In the Linux kernel, the fo... • https://git.kernel.org/stable/c/e6a901a00822659181c93c86d8bbc2a17779fddc •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21987 – drm/amdgpu: init return value in amdgpu_ttm_clear_buffer
https://notcve.org/view.php?id=CVE-2025-21987
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared returns true for all regions. Possibly closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812 (cherry picked from commit 7c62aacc3b452f73a1284198c81551035fac6d71) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitial... • https://git.kernel.org/stable/c/a68c7eaa7a8ffdec9287ba1561a668d674c20a13 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21986 – net: switchdev: Convert blocking notification chain to a raw one
https://notcve.org/view.php?id=CVE-2025-21986
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Convert blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding / removing notifiers to / from the chain and acquired for reading when traversing the chain and informing notifiers about an event. In case of the blocking switchdev notification chain, recursive notifications are possible which lea... • https://git.kernel.org/stable/c/91ac2c79e896b28a4a3a262384689ee6dfeaf083 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21985 – drm/amd/display: Fix out-of-bound accesses
https://notcve.org/view.php?id=CVE-2025-21985
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAX_HPO_DP2_ENCODERS. Similiarly, disp_cfg_stream_location can be used as an array index which should be 0..5, so the ASSERT's conditions should be less without equal. In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/36793d90d76f667d26c6dd025571481ee0c96abc •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21984 – mm: fix kernel BUG when userfaultfd_move encounters swapcache
https://notcve.org/view.php?id=CVE-2025-21984
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: fix kernel BUG when userfaultfd_move encounters swapcache userfaultfd_move() checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, move_present_pte() handles folio migration by setting: src_folio->index = linear_page_index(dst_vma, dst_addr); - If the PTE entry is a swap entry, move_swap_pte() simply copies the PTE to the new dst_addr. This approach is incorrect because, even if the PTE is a swap entry,... • https://git.kernel.org/stable/c/adef440691bab824e39c1b17382322d195e1fab0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21982 – pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw
https://notcve.org/view.php?id=CVE-2025-21982
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw devm_kasprintf() calls can return null pointers on failure. But the return values were not checked in npcm8xx_gpio_fw(). Add NULL check in npcm8xx_gpio_fw(), to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw devm_kasprintf() calls can return null pointers... • https://git.kernel.org/stable/c/acf4884a571709cad99f98aabe08b7cacd62dc80 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21981 – ice: fix memory leak in aRFS after reset
https://notcve.org/view.php?id=CVE-2025-21981
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: fix memory leak in aRFS after reset Fix aRFS (accelerated Receive Flow Steering) structures memory leak by adding a checker to verify if aRFS memory is already allocated while configuring VSI. aRFS objects are allocated in two cases: - as part of VSI initialization (at probe), and - as part of reset handling However, VSI reconfiguration executed during reset involves memory allocation one more time, without prior releasing already allo... • https://git.kernel.org/stable/c/28bf26724fdb0e02267d19e280d6717ee810a10d •