CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57953 – rtc: tps6594: Fix integer overflow on 32bit systems
https://notcve.org/view.php?id=CVE-2024-57953
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594_rtc_set_offset() tmp = offset * TICKS_PER_HOUR; The "tmp" variable is an s64 but "offset" is a long in the (-277774)-277774 range. On 32bit systems a long can hold numbers up to approximately two billion. The number of TICKS_PER_HOUR is really large, (32768 * 3600) or roughly a hundred million. When you start multiplying by a hundred million it doesn... • https://git.kernel.org/stable/c/9f67c1e63976d3403f0b250b03ffe959c890f9db •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21704 – usb: cdc-acm: Check control transfer buffer size before access
https://notcve.org/view.php?id=CVE-2025-21704
22 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification, we can't calculate an expected_size. Log an error and discard the notification instead of reading lengths from memory outside the received data, which can lead to memory corruption when the expected_size decreases between fragments, causing `expected_size - acm->nb_index` to wrap. This issue has been present sinc... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21703 – netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
https://notcve.org/view.php?id=CVE-2025-21703
18 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it would miss the opportunity to call cops->qlen_notify(), in the case of DRR, it resulted in UAF since DRR uses ->qlen_notify() to maintain its active list. In the Linux kernel, the following vulnerability has... • https://git.kernel.org/stable/c/10df49cfca73dfbbdb6c4150d859f7e8926ae427 • CWE-416: Use After Free •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21702 – pfifo_tail_enqueue: Drop new packet when sch->limit == 0
https://notcve.org/view.php?id=CVE-2025-21702
18 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifo_tail_enqueue() enqueue new packet and increase scheduler's qlen by one. Finally, pfifo_tail_enqueue() return `NET_XMIT_CN` status code. Weird behaviour: In case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() o... • https://git.kernel.org/stable/c/57dbb2d83d100ea601c54fe129bfde0678db5dee •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21701 – net: avoid race between device unregistration and ethnl ops
https://notcve.org/view.php?id=CVE-2025-21701
13 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120 CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771 RIP: 0010:__mutex_lock+0xc8a/0x1120 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21700 – net: sched: Disallow replacing of child qdisc from one parent to another
https://notcve.org/view.php?id=CVE-2025-21700
13 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc tc qdisc add dev lo root handle 1:0 drr step2. a class for packet aggregation do demonstrate uaf tc class add dev lo classid 1:1 drr step3. a class for nesting tc class add dev lo classid 1:2 drr step4. a class to graft qdisc to tc cl... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21699 – gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
https://notcve.org/view.php?id=CVE-2025-21699
12 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buffer heads or iomap_folio_state structs, and we cannot mix the two. In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space wh... • https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57952 – Revert "libfs: fix infinite directory reads for offset dir"
https://notcve.org/view.php?id=CVE-2024-57952
12 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator (based on mtree_alloc_cyclic) stores the next offset value to return in octx->next_offset. This mechanism typically returns values that increase monotonically over time. Eventually, though, the newly allocated offset value wraps back to a low number (say, 2) which is smaller than other already- allocated offset values. Yu Kuai
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21692 – net: sched: fix ets qdisc OOB Indexing
https://notcve.org/view.php?id=CVE-2025-21692
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21691 – cachestat: fix page cache statistics permission checking
https://notcve.org/view.php?id=CVE-2025-21691
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb ("cachestat: implement cachestat syscall"), it was meant to be a much more convenient (and performant) version of mincore() that didn't need mapping things into the user virtual address space in order to work. But it ended up missing the "check for writability or ownership" fix for mincore(), done in commit 134fca9063... • https://git.kernel.org/stable/c/cf264e1329fb0307e044f7675849f9f38b44c11a •