CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21705 – mptcp: handle fastopen disconnect correctly
https://notcve.org/view.php?id=CVE-2025-21705
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: handle fastopen disconnect correctly Syzbot was able to trigger a data stream corruption: WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024 Modules linked in: CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:__mptcp_clean_u... • https://git.kernel.org/stable/c/b7bb71dfb541df376c21c24451369fea83c4f327 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58000 – io_uring: prevent reg-wait speculations
https://notcve.org/view.php?id=CVE-2024-58000
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent reg-wait speculations With *ENTER_EXT_ARG_REG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the [offset, offset + sizeof(io_uring_reg_wait)) will be intepreted as the argument. In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent reg-wait speculations With *ENTER_EXT_ARG_RE... • https://git.kernel.org/stable/c/aa00f67adc2c0d6439f81b5a81ff181377c47a7e •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57999 – powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
https://notcve.org/view.php?id=CVE-2024-57999
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Power Hypervisor can possibily allocate MMIO window intersecting with Dynamic DMA Window (DDW) range, which is over 32-bit addressing. In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Power Hypervisor can possibily allocate MMIO window intersecting with Dynamic DMA Window (DDW) ra... • https://git.kernel.org/stable/c/3c33066a21903076722a2881556a92aa3cd7d359 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57998 – OPP: add index check to assert to avoid buffer overflow in _read_freq()
https://notcve.org/view.php?id=CVE-2024-57998
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed variants: dev_pm_opp_find_freq_exact_indexed() or dev_pm_opp_find_freq_ceil/floor_indexed(). In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _... • https://git.kernel.org/stable/c/142e17c1c2b48e3fb4f024e62ab6dee18f268694 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57997 – wifi: wcn36xx: fix channel survey memory allocation size
https://notcve.org/view.php?id=CVE-2024-57997
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wcn36xx: fix channel survey memory allocation size KASAN reported a memory allocation issue in wcn->chan_survey due to incorrect size calculation. In the Linux kernel, the following vulnerability has been resolved: wifi: wcn36xx: fix channel survey memory allocation size KASAN reported a memory allocation issue in wcn->chan_survey due to incorrect size calculation. • https://git.kernel.org/stable/c/29696e0aa413b9d56558731aae3806d7cff48d36 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57996 – net_sched: sch_sfq: don't allow 1 packet limit
https://notcve.org/view.php?id=CVE-2024-57996
27 Feb 2025 — This fixes the following syzkaller reported crash: UBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6 index 65535 is out of range for type 'struct sfq_head[128]' CPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x125/0x19f lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:148 [inline] __ubsan_handle_out_of_bounds+0xed/0x120 li... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57995 – wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
https://notcve.org/view.php?id=CVE-2024-57995
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12k_mac_unassign_link_vif(). ... Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12... • https://git.kernel.org/stable/c/b5068bc9180d06a5ac242b0f9263047c14f86211 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57994 – ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
https://notcve.org/view.php?id=CVE-2024-57994
27 Feb 2025 — - ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh() - skb_array_resize_multiple() to skb_array_resize_multiple_bh() [1] WARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline] WARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780 Modules linked in: CPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0 Hardware name: Google Google Compute ... • https://git.kernel.org/stable/c/ff4e538c8c3e675a15e1e49509c55951832e0451 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57993 – HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
https://notcve.org/view.php?id=CVE-2024-57993
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check syzbot has found a type mismatch between a USB pipe and the transfer endpoint, which is triggered by the hid-thrustmaster driver[1]. There is a number of similar, already fixed issues [2]. In this case as in others, implementing check for endpoint type fixes the issue. [1] https://syzkaller.appspot.com/bug?... extid=348331f63b034f89b622 In the Linux<... • https://git.kernel.org/stable/c/c49c33637802a2c6957a78119eb8be3b055dd9e9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57992 – wifi: wilc1000: unregister wiphy only if it has been registered
https://notcve.org/view.php?id=CVE-2024-57992
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers (both sdio and spi) which can lead to kernel panic, as this one for example when using SPI: Unable to handle kernel paging request at virtual address 9f000000 when read [9f000000] *pgd=00000000 Internal error: Oops: 5 [#1] ARM Modules linked in: wilc1000_spi(+) crc_itu_t crc7 wilc1000 cfg80211 bluetooth ec... • https://git.kernel.org/stable/c/fbdf0c5248dce4b55181e9aff8f1b61819ba6bd7 •