CVSS: 9.8EPSS: %CPEs: 5EXPL: 0CVE-2025-21855 – ibmvnic: Don't reference skb after sending to VIOS
https://notcve.org/view.php?id=CVE-2025-21855
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the tx_bytes stat was incremented by the length of the skb. It is invalid to access the skb memory after sending the buffer to the VIOS because, at any point after sending, the VIOS can trigger an interrupt to free this memory. A race between reading skb->len and freeing the skb is possible (especially during LPM) and will res... • https://git.kernel.org/stable/c/032c5e82847a2214c3196a90f0aeba0ce252de58 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-21854 – sockmap, vsock: For connectible sockets allow only connected
https://notcve.org/view.php?id=CVE-2025-21854
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsock_proto::psock_update_sk_prot(). However, there is an edge case where an unconnected (connectible) socket may lose its previously assigned transport. This is handled with a NULL check in the vsock/BPF recv path. Another design detail is that listening vsocks are not supposed to have any transport as... • https://git.kernel.org/stable/c/634f1a7110b439c65fd8a809171c1d2d28bcea6f •
CVSS: 9.8EPSS: %CPEs: 4EXPL: 0CVE-2025-21853 – bpf: avoid holding freeze_mutex during mmap operation
https://notcve.org/view.php?id=CVE-2025-21853
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freeze_mutex for entire duration of all the mm and VMA manipulations, which is completely unnecessary. This can potentially also lead to deadlocks, as reported by syzbot in [0]. So, instead, hold freeze_mutex only during... • https://git.kernel.org/stable/c/fc9702273e2edb90400a34b3be76f7b08fa3344b •
CVSS: 9.8EPSS: %CPEs: 5EXPL: 0CVE-2025-21848 – nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
https://notcve.org/view.php?id=CVE-2025-21848
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. • https://git.kernel.org/stable/c/ff3d43f7568c82b335d7df2d40a31447c3fce10c •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-21847 – ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
https://notcve.org/view.php?id=CVE-2025-21847
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as it is done in sof_set_stream_data_offset() function. Assuming that it is not NULL if sps->stream is NULL is incorrect and can lead to NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of ... • https://git.kernel.org/stable/c/090349a9feba3ceee3997d31d68ffe54e5b57acb •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-21846 – acct: perform last write from workqueue
https://notcve.org/view.php?id=CVE-2025-21846
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current-... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2025-21844 – smb: client: Add check for next_buffer in receive_encrypted_standard()
https://notcve.org/view.php?id=CVE-2025-21844
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encryp... • https://git.kernel.org/stable/c/9f528a8e68327117837b5e28b096f52af4c26a05 •
CVSS: 6.3EPSS: %CPEs: 4EXPL: 0CVE-2024-58089 – btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
https://notcve.org/view.php?id=CVE-2024-58089
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): chec... • https://git.kernel.org/stable/c/d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2024-58088 – bpf: Fix deadlock when freeing cgroup storage
https://notcve.org/view.php?id=CVE-2024-58088
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]") first introduced deadlock prevention for fentry/fexit programs attaching on bpf_task_storage helpers. That commit also employed the logic in map free path in its v6 version. Later bpf_cgrp_storage was first introduced in c4bcfb38a95e ("bpf: Implement cgroup storage available to non-cgroup-att... • https://git.kernel.org/stable/c/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2024-58087 – ksmbd: fix racy issue from session lookup and expire
https://notcve.org/view.php?id=CVE-2024-58087
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. • https://git.kernel.org/stable/c/2107ab40629aeabbec369cf34b8cf0f288c3eb1b •