CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-22071 – spufs: fix a leak in spufs_create_context()
https://notcve.org/view.php?id=CVE-2025-22071
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufs_create_context() Leak fixes back in 2008 missed one case - if we are trying to set affinity and spufs_mkdir() fails, we need to drop the reference to neighbor. • https://git.kernel.org/stable/c/58119068cb27ef7513f80aff44b62a3a8f40ef5f •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-22060 – net: mvpp2: Prevent parser TCAM memory corruption
https://notcve.org/view.php?id=CVE-2025-22060
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an index register that selects the row to read or write to. This means that operations must be atomic in order to, e.g., avoid spreading writes across multiple rows. Since the shadow SRAM array is used to find free ... • https://git.kernel.org/stable/c/3f518509dedc99f0b755d2ce68d24f610e3a005a •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-22053 – net: ibmveth: make veth_pool_store stop hanging
https://notcve.org/view.php?id=CVE-2025-22053
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make veth_pool_store stop hanging v2: - Created a single error handling unlock and exit in veth_pool_store - Greatly expanded commit message with previous explanatory-only text Summary: Use rtnl_mutex to synchronize veth_pool_store with itself, ibmveth_close and ibmveth_open, preventing multiple calls in a row to napi_disable. Background: Two (or more) threads could call veth_pool_store through writing to /sys/devices/vio/3000... • https://git.kernel.org/stable/c/860f242eb5340d0b0cfe243cb86b2a98f92e8b91 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-22049 – LoongArch: Increase ARCH_DMA_MINALIGN up to 16
https://notcve.org/view.php?id=CVE-2025-22049
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCH_DMA_MINALIGN up to 16 ARCH_DMA_MINALIGN is 1 by default, but some LoongArch-specific devices (such as APBDMA) require 16 bytes alignment. When the data buffer length is too small, the hardware may make an error writing cacheline. Thus, it is dangerous to allocate a small memory buffer for DMA. It's always safe to define ARCH_DMA_MINALIGN as L1_CACHE_BYTES but unnecessary (kmalloc() need small memory objects). Theref... • https://git.kernel.org/stable/c/f39af67f03b564b763b06e44cb960c10a382d54a •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-22043 – ksmbd: add bounds check for durable handle context
https://notcve.org/view.php?id=CVE-2025-22043
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for durable handle context Add missing bounds check for durable handle context. • https://git.kernel.org/stable/c/8d4848c45943c9cf5e86142fd7347efa97f497db •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-22042 – ksmbd: add bounds check for create lease context
https://notcve.org/view.php?id=CVE-2025-22042
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context. • https://git.kernel.org/stable/c/629dd37acc336ad778979361c351e782053ea284 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-22041 – ksmbd: fix use-after-free in ksmbd_sessions_deregister()
https://notcve.org/view.php?id=CVE-2025-22041
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. session that is freed through the global session table can be accessed again through ->sessions of connection. • https://git.kernel.org/stable/c/f0eb3f575138b816da74697bd506682574742fcd •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-22040 – ksmbd: fix session use-after-free in multichannel connection
https://notcve.org/view.php?id=CVE-2025-22040
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connection is added to channel list of session. This patch check reference count of session before freeing it. • https://git.kernel.org/stable/c/596407adb9af1ee75fe7c7529607783d31b66e7f •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-22039 – ksmbd: fix overflow in dacloffset bounds check
https://notcve.org/view.php?id=CVE-2025-22039
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smb_check_perm_dacl() and smb_inherit_dacl(). This could result in out-of-bounds memory access and a kernel crash when dereferencing the DACL pointer. This patch converts dacloffset to unsigned int and uses check_add_overflow() to validate access ... • https://git.kernel.org/stable/c/6a9cd9ff0fa2bcc30b2bfb8bdb161eb20e44b9dc •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-22038 – ksmbd: validate zero num_subauth before sub_auth is accessed
https://notcve.org/view.php?id=CVE-2025-22038
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure num_subauth != 0 before sub_auth is accessed. • https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc •