CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21692 – net: sched: fix ets qdisc OOB Indexing
https://notcve.org/view.php?id=CVE-2025-21692
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21691 – cachestat: fix page cache statistics permission checking
https://notcve.org/view.php?id=CVE-2025-21691
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb ("cachestat: implement cachestat syscall"), it was meant to be a much more convenient (and performant) version of mincore() that didn't need mapping things into the user virtual address space in order to work. But it ended up missing the "check for writability or ownership" fix for mincore(), done in commit 134fca9063... • https://git.kernel.org/stable/c/cf264e1329fb0307e044f7675849f9f38b44c11a •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21690 – scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
https://notcve.org/view.php?id=CVE-2025-21690
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooting from the VM side. Ratelimit the warning so it doesn't DoS the VM. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there... • https://git.kernel.org/stable/c/81d4dd05c412ba04f9f6b85b718e6da833be290c •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21689 – USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
https://notcve.org/view.php?id=CVE-2025-21689
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); break; } The condition doesn't account for the valid range of the serial->port buffer, which is from 0 to serial->num_ports - 1. When newport is... • https://git.kernel.org/stable/c/f7a33e608d9ae022b7f49307921627e34e9484ed •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21688 – drm/v3d: Assign job pointer to NULL before signaling the fence
https://notcve.org/view.php?id=CVE-2025-21688
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion"), we introduced a change to assign the job pointer to NULL after completing a job, indicating job completion. However, this approach created a race condition between the DRM scheduler workqueue and the IRQ execution thread. As soon as the fence is signaled in the IRQ execution thread, a new... • https://git.kernel.org/stable/c/14e0a874488e79086340ba8e2d238cb9596b68a8 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21687 – vfio/platform: check the bounds of read/write syscalls
https://notcve.org/view.php?id=CVE-2025-21687
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device. In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be us... • https://git.kernel.org/stable/c/6e3f264560099869f68830cb14b3b3e71e5ac76a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57950 – drm/amd/display: Initialize denominator defaults to 1
https://notcve.org/view.php?id=CVE-2024-57950
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW] Variables, used as denominators and maybe not assigned to other values, should be initialized to non-zero to avoid DIVIDE_BY_ZERO, as reported by Coverity. (cherry picked from commit e2c4c6c10542ccfe4a0830bb6c9fd5b177b7bbb7) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW] Variables, used a... • https://git.kernel.org/stable/c/c9d6afb4f9c338049662d27d169fba7dd60e337d •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21685 – platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race
https://notcve.org/view.php?id=CVE-2025-21685
09 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open() before setting the client ops via serdev_device_set_client_ops(). This ordering can trigger a NULL pointer dereference in the serdev controller's receive_buf handler, as it assumes serdev->ops is valid when SERPORT_ACTIVE is set. This is similar to the issue fixed in commit 5e700b384ec1 ("platform/chro... • https://git.kernel.org/stable/c/b2ed33e8d486ab2f1920131dd76fab38c8ef3550 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21684 – gpio: xilinx: Convert gpio_lock to raw spinlock
https://notcve.org/view.php?id=CVE-2025-21684
09 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: xilinx: Convert gpio_lock to raw spinlock irq_chip functions may be called in raw spinlock context. Therefore, we must also use a raw spinlock for our own internal locking. This fixes the following lockdep splat: [ 5.349336] ============================= [ 5.353349] [ BUG: Invalid wait context ] [ 5.357361] 6.13.0-rc5+ #69 Tainted: G W [ 5.363031] ----------------------------- [ 5.367045] kworker/u17:1/44 is trying to lock: [ 5.371587... • https://git.kernel.org/stable/c/a32c7caea292c4d1e417eae6e5a348d187546acf •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57949 – irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
https://notcve.org/view.php?id=CVE-2024-57949
09 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard() irq_put_desc_unlock() <--- Warns because interrupts are enabled This was broken in... • https://git.kernel.org/stable/c/2458f2362f695584bd824c922caa07ffc4fe0d5c •