CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21964 – cifs: Fix integer overflow while processing acregmax mount option
https://notcve.org/view.php?id=CVE-2025-21964
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/5780464614f6abe6026f00cf5a0777aa453ba450 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21963 – cifs: Fix integer overflow while processing acdirmax mount option
https://notcve.org/view.php?id=CVE-2025-21963
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/4c9f948142a550af416a2bfb5e56d29ce29e92cf •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-21959 – netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
https://notcve.org/view.php?id=CVE-2025-21959
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Since commit b36e4523d4d5 ("netfilter: nf_conncount: fix garbage collection confirm race"), `cpu` and `jiffies32` were introduced to the struct nf_conncount_tuple. The commit made nf_conncount_add() initialize `conn->cpu` and `conn->jiffies32` when allocating the struct. In contrast, count_tree() was not changed to initialize them. By commit 34848d5c896e ("... • https://git.kernel.org/stable/c/b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21957 – scsi: qla1280: Fix kernel oops when debug level > 2
https://notcve.org/view.php?id=CVE-2025-21957
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. I think its clear from the code that the intention here is sg_dma_len(s) not length of sg_next(s) when printing the debug info. • https://git.kernel.org/stable/c/24602e2664c515a4f2950d7b52c3d5997463418c •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21956 – drm/amd/display: Assign normalized_pix_clk when color depth = 14
https://notcve.org/view.php?id=CVE-2025-21956
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign normalized_pix_clk when color depth = 14 [WHY & HOW] A warning message "WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397 calculate_phy_pix_clks+0xef/0x100 [amdgpu]" occurs because the display_color_depth == COLOR_DEPTH_141414 is not handled. This is observed in Radeon RX 6600 XT. It is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests. Also fixes the indentation in get_norm_pix_clk. • https://git.kernel.org/stable/c/dc831b38680c47d07e425871a9852109183895cf •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-21955 – ksmbd: prevent connection release during oplock break notification
https://notcve.org/view.php?id=CVE-2025-21955
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent connection release during oplock break notification ksmbd_work could be freed when after connection release. Increment r_count of ksmbd_conn to indicate that requests are not finished yet and to not release the connection. • https://git.kernel.org/stable/c/09aeab68033161cb54f194da93e51a11aee6144b •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-21951 – bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
https://notcve.org/view.php?id=CVE-2025-21951
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock There are multiple places from where the recovery work gets scheduled asynchronously. Also, there are multiple places where the caller waits synchronously for the recovery to be completed. One such place is during the PM shutdown() callback. If the device is not alive during recovery_work, it will try to reset the device using pci_reset_function(). This function int... • https://git.kernel.org/stable/c/7389337f0a78ea099c47f0af08f64f20c52ab4ba •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-21950 – drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
https://notcve.org/view.php?id=CVE-2025-21950
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl In the "pmcmd_ioctl" function, three memory objects allocated by kmalloc are initialized by "hcall_get_cpu_state", which are then copied to user space. The initializer is indeed implemented in "acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of information leakage due to uninitialized bytes. • https://git.kernel.org/stable/c/3d679d5aec648f50e645702929890b9611998a0b •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-21949 – LoongArch: Set hugetlb mmap base address aligned with pmd size
https://notcve.org/view.php?id=CVE-2025-21949
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set hugetlb mmap base address aligned with pmd size With ltp test case "testcases/bin/hugefork02", there is a dmesg error report message such as: kernel BUG at mm/hugetlb.c:5550! Oops - BUG[#1]: CPU: 0 UID: 0 PID: 1517 Comm: hugefork02 Not tainted 6.14.0-rc2+ #241 Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 pc 90000000004eaf1c ra 9000000000485538 tp 900000010edbc000 sp 900000010edbf940 a0 900000010edbfb00 a1 9... • https://git.kernel.org/stable/c/242b34f48a377afe4b285b472bd0f17744fca8e8 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-21948 – HID: appleir: Fix potential NULL dereference at raw event handle
https://notcve.org/view.php?id=CVE-2025-21948
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: appleir: Fix potential NULL dereference at raw event handle Syzkaller reports a NULL pointer dereference issue in input_event(). BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline] BUG: KASAN: null-ptr-deref ... • https://git.kernel.org/stable/c/9a4a5574ce427c364d81746fc7fb82d86b5f1a7e •