CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21735 – NFC: nci: Add bounds checking in nci_hci_create_pipe()
https://notcve.org/view.php?id=CVE-2025-21735
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, nci_hci_connect_gate(). In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory co... • https://git.kernel.org/stable/c/a1b0b9415817c14d207921582f269d03f848b69f •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21734 – misc: fastrpc: Fix copy buffer page size
https://notcve.org/view.php?id=CVE-2025-21734
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix copy buffer page size For non-registered buffer, fastrpc driver copies the buffer and pass it to the remote subsystem. There is a problem with current implementation of page size calculation which is not considering the offset in the calculation. This might lead to passing of improper and out-of-bounds page size which could result in memory issue. Calculate page start and page end using the offset adjusted address instead... • https://git.kernel.org/stable/c/02b45b47fbe84e23699bb6bdc74d4c2780e282b4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58017 – printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
https://notcve.org/view.php?id=CVE-2024-58017
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior. This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer. In the Linux kernel, the following vulnerability has been resolved: ... • https://git.kernel.org/stable/c/54c14022fa2ba427dc543455c2cf9225903a7174 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-58016 – safesetid: check size of policy writes
https://notcve.org/view.php?id=CVE-2024-58016
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handle_policy_update(), triggering a warning in kmalloc. Check the size specified for write buffers before allocating. [PM: subject tweak] In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entr... • https://git.kernel.org/stable/c/aeca4e2ca65c1aeacfbe520684e6421719d99417 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58014 – wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
https://notcve.org/view.php?id=CVE-2024-58014
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN() instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wl... • https://git.kernel.org/stable/c/0a457223cb2b9ca46bae7de387d0f4c093b0220d •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58013 – Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
https://notcve.org/view.php?id=CVE-2024-58013
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 Read of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961 CPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0 Hardwa... • https://git.kernel.org/stable/c/75e65b983c5e2ee51962bfada98a79d805f28827 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58010 – binfmt_flat: Fix integer overflow bug on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-58010
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit systems the calculation of "full_data" could be wrong. full_data = data_len + relocs * sizeof(unsigned long); In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on ... • https://git.kernel.org/stable/c/c995ee28d29d6f256c3a8a6c4e66469554374f25 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58007 – soc: qcom: socinfo: Avoid out of bounds read of serial number
https://notcve.org/view.php?id=CVE-2024-58007
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. It's always: db410c:/sys/devices/soc0$ cat serial_number 2644893864 The firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not have support for the serial_num field in the socinfo struct. There is an existing check to avoid exposing the serial number i... • https://git.kernel.org/stable/c/efb448d0a3fca01bb987dd70963da6185b81751e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-58005 – tpm: Change to kvalloc() in eventlog/acpi.c
https://notcve.org/view.php?id=CVE-2024-58005
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155... • https://git.kernel.org/stable/c/55a82ab3181be039c6440d3f2f69260ad6fe2988 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58002 – media: uvcvideo: Remove dangling pointers
https://notcve.org/view.php?id=CVE-2024-58002
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be anytime in the future. If the user closes that file descriptor, its structure will be freed, and there will be one dangling pointer per pending async control, that the driver will try to use. Clean all the dangling pointers during releas... • https://git.kernel.org/stable/c/e5225c820c057537dc780244760e2e24c7d27366 •