CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-37860 – sfc: fix NULL dereferences in ef100_process_design_param()
https://notcve.org/view.php?id=CVE-2025-37860
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_set_tso_max_size() or _segs() at this point. Move those netif calls to ef100_probe_netdev(), and also replace netif_err within the design params code with pci_err. • https://git.kernel.org/stable/c/98ff4c7c8ac7f5339aac6114105395fea19f992e •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-37785 – ext4: fix OOB read when checking dotdot dir
https://notcve.org/view.php?id=CVE-2025-37785
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted directory is removed). ext4_empty_dir() assumes every ext4 directory contains at least '.' and '..' as directory entries in the first data block. It first loads the '.' dir entry, performs sanity checks by calling ext4_check_dir_entry() ... • https://git.kernel.org/stable/c/ac27a0ec112a089f1a5102bc8dffc79c8c815571 •
CVSS: 3.3EPSS: %CPEs: 3EXPL: 0CVE-2021-47671 – can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path
https://notcve.org/view.php?id=CVE-2021-47671
17 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the function directly returns without calling netif_rx(skb). This means that the skb previously allocated by alloc_can_err_skb() is not freed. In other terms, this is a memory leak. This patch simply removes the return statement in the error branch and let the function continue. Issue was found with GCC -fanalyzer, please f... • https://git.kernel.org/stable/c/8537257874e949a59c834cecfd5a063e11b64b0b • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2021-47670 – can: peak_usb: fix use after free bugs
https://notcve.org/view.php?id=CVE-2021-47670
17 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni(). Reordering the lines solves the issue. • https://git.kernel.org/stable/c/0a25e1f4f18566b750ebd3ae995af64e23111e63 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2021-47669 – can: vxcan: vxcan_xmit: fix use after free bug
https://notcve.org/view.php?id=CVE-2021-47669
17 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the canfd_frame cfd which aliases skb memory is accessed after the netif_rx_ni(). • https://git.kernel.org/stable/c/a8f820a380a2a06fc4fe1a54159067958f800929 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2021-47668 – can: dev: can_restart: fix use after free bug
https://notcve.org/view.php?id=CVE-2021-47668
17 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the netif_rx_ni() in: stats->rx_bytes += cf->len; Reordering the lines solves the issue. • https://git.kernel.org/stable/c/39549eef3587f1c1e8c65c88a2400d10fd30ea17 • CWE-416: Use After Free •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2020-36789 – can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
https://notcve.org/view.php?id=CVE-2020-36789
17 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a hardware IRQ (which is often, but not always, the case), the 'WARN_ON(in_irq)' in net/core/skbuff.c#skb_release_head_state() might be triggered, under network congestion circumstances, together with the potential risk of a NULL pointer dereference. The root cause of this issue is the call to kfree_skb() instead of dev_... • https://git.kernel.org/stable/c/39549eef3587f1c1e8c65c88a2400d10fd30ea17 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-23138 – watch_queue: fix pipe accounting mismatch
https://notcve.org/view.php?id=CVE-2025-23138
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_has_watch_queue()) test in pipe_resize_ring(). This means that when the pipe is ultimately freed, we decrement user->pipe_bufs by something other than what than we had charged to it, potentially leading to an underflow. This in turn c... • https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8 •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-23136 – thermal: int340x: Add NULL check for adev
https://notcve.org/view.php?id=CVE-2025-23136
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL"). Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe(). Note, under the same directory, int3400_thermal_probe() has such a check. [ rjw: Subject edit, added Fix... • https://git.kernel.org/stable/c/77e337c6e23e3b9d22e09ffec202a80f755a54c2 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-23133 – wifi: ath11k: update channel list in reg notifier instead reg worker
https://notcve.org/view.php?id=CVE-2025-23133
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: update channel list in reg notifier instead reg worker Currently when ath11k gets a new channel list, it will be processed according to the following steps: 1. update new channel list to cfg80211 and queue reg_work. 2. cfg80211 handles new channel list during reg_work. 3. update cfg80211's handled channel list to firmware by ath11k_reg_update_chan_list(). But ath11k will immediately execute step 3 after reg_work is just queued... • https://git.kernel.org/stable/c/f45cb6b29cd36514e13f7519770873d8c0457008 •