CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21787 – team: better TEAM_OPTION_TYPE_STRING validation
https://notcve.org/view.php?id=CVE-2025-21787
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1] BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline] BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714 string_nocheck lib/vsprintf.c:633 [inline] string+0x3ec/0x5f0 lib/vsprintf.c:714 vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843 __request_module+0x252/0x9f0 kernel/module/... • https://git.kernel.org/stable/c/3d249d4ca7d0ed6629a135ea1ea21c72286c0d80 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21786 – workqueue: Put the pwq after detaching the rescuer from the pool
https://notcve.org/view.php?id=CVE-2025-21786
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Put the pwq after detaching the rescuer from the pool The commit 68f83057b913("workqueue: Reap workers via kthread_stop() and remove detach_completion") adds code to reap the normal workers but mistakenly does not handle the rescuer and also removes the code waiting for the rescuer in put_unbound_pool(), which caused a use-after-free bug reported by Cheung Wall. To avoid the use-after-free bug, the pool’s reference must be held u... • https://git.kernel.org/stable/c/e7c16028a424dd35be1064a68fa318be4359310f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21785 – arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
https://notcve.org/view.php?id=CVE-2025-21785
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate data/instructions cache. Fix this by incrementing the index for any populated leaf (instead of any populated level). • https://git.kernel.org/stable/c/5d425c18653731af62831d30a4fa023d532657a9 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21784 – drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()
https://notcve.org/view.php?id=CVE-2025-21784
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() In function psp_init_cap_microcode(), it should bail out when failed to load firmware, otherwise it may cause invalid memory access. • https://git.kernel.org/stable/c/07dbfc6b102e25087ec345ef2c2eae21c9856f17 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21783 – gpiolib: Fix crash on error in gpiochip_get_ngpios()
https://notcve.org/view.php?id=CVE-2025-21783
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix crash on error in gpiochip_get_ngpios() The gpiochip_get_ngpios() uses chip_*() macros to print messages. However these macros rely on gpiodev to be initialised and set, which is not the case when called via bgpio_init(). In such a case the printing messages will crash on NULL pointer dereference. Replace chip_*() macros by the respective dev_*() ones to avoid such crash. • https://git.kernel.org/stable/c/55b2395e4e92adc492c6b30ac109eb78250dcd9d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21782 – orangefs: fix a oob in orangefs_debug_write
https://notcve.org/view.php?id=CVE-2025-21782
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's suggestion and made this patch. • https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21781 – batman-adv: fix panic during interface removal
https://notcve.org/view.php?id=CVE-2025-21781
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix panic during interface removal Reference counting is used to ensure that batadv_hardif_neigh_node and batadv_hard_iface are not freed before/during batadv_v_elp_throughput_metric_update work is finished. But there isn't a guarantee that the hard if will remain associated with a soft interface up until the work is finished. This fixes a crash triggered by reboot that looks like this: Call trace: batadv_v_mesh_free+0xd0/0x4dc ... • https://git.kernel.org/stable/c/c833484e5f3872a38fe232c663586069d5ad9645 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21780 – drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
https://notcve.org/view.php?id=CVE-2025-21780
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table(). • https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21779 – KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
https://notcve.org/view.php?id=CVE-2025-21779
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Advertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and only if the local API is emulated/virtualized by KVM, and explicitly reject said hypercalls if the local APIC is emulated in userspace, i.e. don't rely on userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID. Rejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if Hyper-V enlig... • https://git.kernel.org/stable/c/214ff83d4473a7757fa18a64dc7efe3b0e158486 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21778 – tracing: Do not allow mmap() of persistent ring buffer
https://notcve.org/view.php?id=CVE-2025-21778
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap() of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reserve_mem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 2862f3067 P4D 2862f3067 PUD 0 Oops: Oops: 0000 [#1] PREEMPT_RT SMP PTI CPU: 4 UID: 0 PID: 981 Comm: mmap-rb Not tainted 6.14.0-rc2-test-00003-g... • https://git.kernel.org/stable/c/9b7bdf6f6ece6ea888cc7d2f02c00b403b66a119 •