CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21671 – zram: fix potential UAF of zram table
https://notcve.org/view.php?id=CVE-2025-21671
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an failed and uninitialized device. In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which wi... • https://git.kernel.org/stable/c/ac3b5366b9b7c9d97b606532ceab43d2329a22f3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21670 – vsock/bpf: return early if transport is not assigned
https://notcve.org/view.php?id=CVE-2025-21670
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace: BUG: kernel NULL pointer dereference, address: 00000000000000a0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 12faf8067 P4D 12faf8067 P... • https://git.kernel.org/stable/c/634f1a7110b439c65fd8a809171c1d2d28bcea6f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21669 – vsock/virtio: discard packets if the transport changes
https://notcve.org/view.php?id=CVE-2025-21669
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access vsk->transport. A possible scenario is described by Hyunwoo Kim in the attached link, where after a first connect() interrupted by a signal, and a second connect() failed, we can find `vsk->transport` at NULL, leadi... • https://git.kernel.org/stable/c/c0cfa2d8a788fcf45df5bf4070ab2474c88d543a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21668 – pmdomain: imx8mp-blk-ctrl: add missing loop break condition
https://notcve.org/view.php?id=CVE-2025-21668
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loop until an out-of-bounds exception occurs. pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : dev_pm_domain_detach+0x8/0x48 lr : imx8mp_blk_ctrl_shutdown+0x58/0x90 sp : ffffffc084f8bbf0 x29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000 x26: ffffffc081658d78 x25: 0000000000000001 x24: fffff... • https://git.kernel.org/stable/c/556f5cf9568af772d494cff24ffaa7ea41e1ab40 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21667 – iomap: avoid avoid truncating 64-bit offset to 32 bits
https://notcve.org/view.php?id=CVE-2025-21667
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an unsigned long. This could lead to an infinite loop when writing to an xfs filesystem. In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was i... • https://git.kernel.org/stable/c/7ca4bd6b754913910151acce00be093f03642725 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21666 – vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
https://notcve.org/view.php?id=CVE-2025-21666
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport (see attached links), but we shouldn't. Previous commits should have solved the real problems, but we may have more in the future, so to avoid null-ptr-deref, we can return 0 (no space, no data available) but with a warning. This way the code should continue... • https://git.kernel.org/stable/c/c0cfa2d8a788fcf45df5bf4070ab2474c88d543a •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21665 – filemap: avoid truncating 64-bit offset to 32 bits
https://notcve.org/view.php?id=CVE-2025-21665
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop when writing to an xfs filesystem. In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading... • https://git.kernel.org/stable/c/54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57948 – mac802154: check local interfaces before deleting sdata list
https://notcve.org/view.php?id=CVE-2024-57948
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardware device from the system. CPU0 CPU1 ==== ==== genl_family_rcv_msg_doit ieee802154_unregister_hw ieee802154_del_iface ieee802154_remove_interfaces rdev_del_virtual_intf_deprecated list_del(&sdata->list) ieee802154_if_remove list_del_rcu... • https://git.kernel.org/stable/c/80aee0bc0dbe253b6692d33e64455dc742fc52f1 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57947 – netfilter: nf_set_pipapo: fix initial map fill
https://notcve.org/view.php?id=CVE-2024-57947
23 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result and the fill map are swapped, so if we have a set where f->bsize of the first element is smaller than m->bsize_max, those one-bits are leaked into future rounds result map. This makes pipapo find an incorrect match... • https://git.kernel.org/stable/c/3c4287f62044a90e73a561aa05fc46e62da173da •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57946 – virtio-blk: don't keep queue frozen during system suspend
https://notcve.org/view.php?id=CVE-2024-57946
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk's PM callbacks. And the motivation is to drain inflight IOs before suspending. block layer's queue freeze looks very handy, but it is also easy to cause deadlock, such as, any attempt to call into bio_queue_enter() may run into deadlock if t... • https://git.kernel.org/stable/c/d738f3215bb4f88911ff4579780a44960c8e0ca5 •