CVSS: 9.8EPSS: %CPEs: 5EXPL: 0CVE-2025-21855 – ibmvnic: Don't reference skb after sending to VIOS
https://notcve.org/view.php?id=CVE-2025-21855
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the tx_bytes stat was incremented by the length of the skb. It is invalid to access the skb memory after sending the buffer to the VIOS because, at any point after sending, the VIOS can trigger an interrupt to free this memory. A race between reading skb->len and freeing the skb is possible (especially during LPM) and will res... • https://git.kernel.org/stable/c/032c5e82847a2214c3196a90f0aeba0ce252de58 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-21854 – sockmap, vsock: For connectible sockets allow only connected
https://notcve.org/view.php?id=CVE-2025-21854
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsock_proto::psock_update_sk_prot(). However, there is an edge case where an unconnected (connectible) socket may lose its previously assigned transport. This is handled with a NULL check in the vsock/BPF recv path. Another design detail is that listening vsocks are not supposed to have any transport as... • https://git.kernel.org/stable/c/634f1a7110b439c65fd8a809171c1d2d28bcea6f •
CVSS: 9.8EPSS: %CPEs: 4EXPL: 0CVE-2025-21853 – bpf: avoid holding freeze_mutex during mmap operation
https://notcve.org/view.php?id=CVE-2025-21853
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freeze_mutex for entire duration of all the mm and VMA manipulations, which is completely unnecessary. This can potentially also lead to deadlocks, as reported by syzbot in [0]. So, instead, hold freeze_mutex only during... • https://git.kernel.org/stable/c/fc9702273e2edb90400a34b3be76f7b08fa3344b •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2025-21852 – net: Add rx_skb of kfree_skb to raw_tp_null_args[].
https://notcve.org/view.php?id=CVE-2025-21852
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Yan Zhai reported a BPF prog could trigger a null-ptr-deref [0] in trace_kfree_skb if the prog does not check if rx_sk is NULL. Commit c53795d48ee8 ("net: add rx_sk to trace_kfree_skb") added rx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL. Let's add kfree_skb to raw_tp_null_args[] to let the BPF verifier validate such a prog and prevent the issue. Now we fail to load suc... • https://git.kernel.org/stable/c/c53795d48ee8f385c6a9e394651e7ee914baaeba •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2025-21851 – bpf: Fix softlockup in arena_map_free on 64k page kernel
https://notcve.org/view.php?id=CVE-2025-21851
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() wi... • https://git.kernel.org/stable/c/317460317a02a1af512697e6e964298dedd8a163 •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2025-21849 – drm/i915/gt: Use spin_lock_irqsave() in interruptible context
https://notcve.org/view.php?id=CVE-2025-21849
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Use spin_lock_irqsave() in interruptible context spin_lock/unlock() functions used in interrupt contexts could result in a deadlock, as seen in GitLab issue #13399, which occurs when interrupt comes in while holding a lock. Try to remedy the problem by saving irq state before spin lock acquisition. v2: add irqs' state save/restore calls to all locks/unlocks in signal_irq_work() execution (Maciej) v3: use with spin_lock_irqsave(... • https://git.kernel.org/stable/c/2f2cc53b5fe7022f3ae602eb24573d52f8740959 •
CVSS: 9.8EPSS: %CPEs: 5EXPL: 0CVE-2025-21848 – nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
https://notcve.org/view.php?id=CVE-2025-21848
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. • https://git.kernel.org/stable/c/ff3d43f7568c82b335d7df2d40a31447c3fce10c •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-21847 – ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
https://notcve.org/view.php?id=CVE-2025-21847
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as it is done in sof_set_stream_data_offset() function. Assuming that it is not NULL if sps->stream is NULL is incorrect and can lead to NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of ... • https://git.kernel.org/stable/c/090349a9feba3ceee3997d31d68ffe54e5b57acb •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-21846 – acct: perform last write from workqueue
https://notcve.org/view.php?id=CVE-2025-21846
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current-... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 8.3EPSS: %CPEs: 3EXPL: 0CVE-2025-21845 – mtd: spi-nor: sst: Fix SST write failure
https://notcve.org/view.php?id=CVE-2025-21845
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operation to `sst_nor_write_data()`")' introduced a bug where only one byte of data is written, regardless of the number of bytes passed to sst_nor_write_data(), causing a kernel crash during the write operation. Ensure the correct number of bytes are written as passed to sst_nor_write_data(). Call trace: [ 57.400180] ------------[ cut... • https://git.kernel.org/stable/c/18bcb4aa54eab75dce41e5c176a1c2bff94f0f79 •