CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-22072 – spufs: fix gang directory lifetimes
https://notcve.org/view.php?id=CVE-2025-22072
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spufs: fix gang directory lifetimes prior to "[POWERPC] spufs: Fix gang destroy leaks" we used to have a problem with gang lifetimes - creation of a gang returns opened gang directory, which normally gets removed when that gets closed, but if somebody has created a context belonging to that gang and kept it alive until the gang got closed, removal failed and we ended up with a leak. Unfortunately, it had been fixed the wrong way. Dentry of ... • https://git.kernel.org/stable/c/877907d37da9694a34adc9dc3e2ce09400148cb5 •
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2025-22071 – spufs: fix a leak in spufs_create_context()
https://notcve.org/view.php?id=CVE-2025-22071
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufs_create_context() Leak fixes back in 2008 missed one case - if we are trying to set affinity and spufs_mkdir() fails, we need to drop the reference to neighbor. In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufs_create_context() Leak fixes back in 2008 missed one case - if we are trying to set affinity and spufs_mkdir() fails, we need to drop the reference to neighbor. • https://git.kernel.org/stable/c/58119068cb27ef7513f80aff44b62a3a8f40ef5f •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2025-22063 – netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
https://notcve.org/view.php?id=CVE-2025-22063
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an IPv6 address, the function calipso_sock_setattr() is triggered. Inside this function, the following code is executed: sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL; Since sk is an IPv4 socket, pinet6 is NUL... • https://git.kernel.org/stable/c/ceba1832b1b2da0149c51de62a847c00bca1677a •
CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2025-22060 – net: mvpp2: Prevent parser TCAM memory corruption
https://notcve.org/view.php?id=CVE-2025-22060
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an index register that selects the row to read or write to. This means that operations must be atomic in order to, e.g., avoid spreading writes across multiple rows. Since the shadow SRAM array is used to find free ... • https://git.kernel.org/stable/c/3f518509dedc99f0b755d2ce68d24f610e3a005a •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-22057 – net: decrease cached dst counters in dst_release
https://notcve.org/view.php?id=CVE-2025-22057
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dst_release Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid accessing already freed data in case of netns dismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels are used, this fix is incomplete as the same issue will be seen for cached dsts: Unable to handle kernel paging request a... • https://git.kernel.org/stable/c/d71785ffc7e7cae3fbdc4ea8a9d05b7a1c59f7b8 •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-22053 – net: ibmveth: make veth_pool_store stop hanging
https://notcve.org/view.php?id=CVE-2025-22053
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make veth_pool_store stop hanging v2: - Created a single error handling unlock and exit in veth_pool_store - Greatly expanded commit message with previous explanatory-only text Summary: Use rtnl_mutex to synchronize veth_pool_store with itself, ibmveth_close and ibmveth_open, preventing multiple calls in a row to napi_disable. Background: Two (or more) threads could call veth_pool_store through writing to /sys/devices/vio/3000... • https://git.kernel.org/stable/c/860f242eb5340d0b0cfe243cb86b2a98f92e8b91 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-22049 – LoongArch: Increase ARCH_DMA_MINALIGN up to 16
https://notcve.org/view.php?id=CVE-2025-22049
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCH_DMA_MINALIGN up to 16 ARCH_DMA_MINALIGN is 1 by default, but some LoongArch-specific devices (such as APBDMA) require 16 bytes alignment. When the data buffer length is too small, the hardware may make an error writing cacheline. Thus, it is dangerous to allocate a small memory buffer for DMA. It's always safe to define ARCH_DMA_MINALIGN as L1_CACHE_BYTES but unnecessary (kmalloc() need small memory objects). Theref... • https://git.kernel.org/stable/c/f39af67f03b564b763b06e44cb960c10a382d54a •
CVSS: 8.5EPSS: %CPEs: 5EXPL: 0CVE-2025-22043 – ksmbd: add bounds check for durable handle context
https://notcve.org/view.php?id=CVE-2025-22043
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for durable handle context Add missing bounds check for durable handle context. • https://git.kernel.org/stable/c/8d4848c45943c9cf5e86142fd7347efa97f497db •
CVSS: 8.5EPSS: %CPEs: 6EXPL: 0CVE-2025-22042 – ksmbd: add bounds check for create lease context
https://notcve.org/view.php?id=CVE-2025-22042
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context. • https://git.kernel.org/stable/c/629dd37acc336ad778979361c351e782053ea284 •
CVSS: 7.8EPSS: %CPEs: 6EXPL: 0CVE-2025-22041 – ksmbd: fix use-after-free in ksmbd_sessions_deregister()
https://notcve.org/view.php?id=CVE-2025-22041
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. session that is freed through the global session table can be accessed again through ->sessions of connection. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() ... • https://git.kernel.org/stable/c/f0eb3f575138b816da74697bd506682574742fcd •