CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-23161 – PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
https://notcve.org/view.php?id=CVE-2025-23161
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this purpose. A spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be acquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in the same context as... • https://git.kernel.org/stable/c/c250262d6485ca333e9821f85b07eb383ec546b1 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23141 – KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
https://notcve.org/view.php?id=CVE-2025-23141
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending INIT or SIPI, can trigger accesses to guest memory. If the vCPU is in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP state will trigger a nested VM-Exit by way of ->check_nested_events(), and e... • https://git.kernel.org/stable/c/0357c8406dfa09430dd9858ebe813feb65524b6e •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37838 – HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
https://notcve.org/view.php?id=CVE-2025-37838
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function within the ssip_pn_ops structure is capable of starting the work. If we remove the module which will call ssi_protocol_remove() to make a cleanup, it will free ssi through kfree(ssi), while the work mentioned above wil... • https://git.kernel.org/stable/c/d03abc1c2b21324550fa71e12d53e7d3498e0af6 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22026 – nfsd: don't ignore the return code of svc_proc_register()
https://notcve.org/view.php?id=CVE-2025-22026
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail i... • https://git.kernel.org/stable/c/6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-22025 – nfsd: put dl_stid if fail to queue dl_recall
https://notcve.org/view.php?id=CVE-2025-22025
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the reference count of dl_stid. We expect that after the corresponding work_struct is processed, the reference count of dl_stid will be decremented through the callback function nfsd4_cb_recall_release. However, if the call to nfsd4_run_cb fails, the incremented reference count of dl_stid will not be decremented corre... • https://git.kernel.org/stable/c/b874cdef4e67e5150e07eff0eae1cbb21fb92da1 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22022 – usb: xhci: Apply the link chain quirk on NEC isoc endpoints
https://notcve.org/view.php?id=CVE-2025-22022
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after some Missed Service Errors. Faulting address is immediately after a transfer ring segment and patched dynamic debug messages revealed that the MSE was received when waiting for a TD near the end of that segment: [ 1.041954] xhci_hcd: Miss service interval er... • https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231999d279c40afb21 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22008 – regulator: check that dummy regulator has been probed before using it
https://notcve.org/view.php?id=CVE-2025-22008
08 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed when first accessing it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regulador: comprobar que el regulador ficticio haya sido probado antes de usarlo Debido al sondeo asincrónico del controlador existe la posibilidad de que el regulador ficticio ... • https://git.kernel.org/stable/c/3a9c46af5654783f99015727ac65bc2a23e2735a •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21993 – iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
https://notcve.org/view.php?id=CVE-2025-21993
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this causes the shift exponent to become negative, triggering a UBSAN warning. As the concept of a subnet mask does not apply to IPv6, the value is set to ~0 to suppress the warning message. In the Linux kernel, the f... • https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21992 – HID: ignore non-functional sensor in HP 5MP Camera
https://notcve.org/view.php?id=CVE-2025-21992
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:... • https://git.kernel.org/stable/c/9af297aea8f76a0ad21f2de5f2cd6401a748b9c3 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21985 – drm/amd/display: Fix out-of-bound accesses
https://notcve.org/view.php?id=CVE-2025-21985
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAX_HPO_DP2_ENCODERS. Similiarly, disp_cfg_stream_location can be used as an array index which should be 0..5, so the ASSERT's conditions should be less without equal. In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/36793d90d76f667d26c6dd025571481ee0c96abc •