CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21814 – ptp: Ensure info->enable callback is always set
https://notcve.org/view.php?id=CVE-2025-21814
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c. Instead use a dummy callback if no better was specified by the driver. In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always... • https://git.kernel.org/stable/c/d94ba80ebbea17f036cecb104398fbcd788aa742 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21813 – timers/migration: Fix off-by-one root mis-connection
https://notcve.org/view.php?id=CVE-2025-21813
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix off-by-one root mis-connection Before attaching a new root to the old root, the children counter of the new root is checked to verify that only the upcoming CPU's top group have been connected to it. However since the recently added commit b729cc1ec21a ("timers/migration: Fix another race between hotplug and idle entry/exit") this check is not valid anymore because the old root is pre-accounted as a child to the new ro... • https://git.kernel.org/stable/c/12ead225b7996252a8bc1a49b03aad57c0794880 •
CVSS: 6.6EPSS: 0%CPEs: 11EXPL: 0CVE-2025-21812 – ax25: rcu protect dev->ax25_ptr
https://notcve.org/view.php?id=CVE-2025-21812
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev->ax25_ptr syzbot found a lockdep issue [1]. We should remove ax25 RTNL dependency in ax25_setsockopt() This should also fix a variety of possible UAF in ax25. [1] WARNING: possible circular locking dependency detected 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted ------------------------------------------------------ syz.5.1818/12806 is trying to acquire lock: ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax... • https://git.kernel.org/stable/c/c433570458e49bccea5c551df628d058b3526289 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21811 – nilfs2: protect access to buffers with no active references
https://notcve.org/view.php?id=CVE-2025-21811
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfs_lookup_dirty_data_buffers(), which iterates through the buffers attached to dirty data folios/pages, accesses the attached buffers without locking the folios/pages. For data cache, nilfs_clear_folio_dirty() may be called asynchronously when the file system degenerates to read only, so nilfs_lookup_dirty_data_buffers() still has the potential to cause use after free issues whe... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21810 – driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
https://notcve.org/view.php?id=CVE-2025-21810
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() There are a potential wild pointer dereferences issue regarding APIs class_dev_iter_(init|next|exit)(), as explained by below typical usage: // All members of @iter are wild pointers. struct class_dev_iter iter; // class_dev_iter_init(@iter, @class, ...) checks parameter @class for // potential class_to_subsys() error, and it returns void type and does // not ini... • https://git.kernel.org/stable/c/7b884b7f24b42fa25e92ed724ad82f137610afaf •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21809 – rxrpc, afs: Fix peer hash locking vs RCU callback
https://notcve.org/view.php?id=CVE-2025-21809
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix peer hash locking vs RCU callback In its address list, afs now retains pointers to and refs on one or more rxrpc_peer objects. The address list is freed under RCU and at this time, it puts the refs on those peers. Now, when an rxrpc_peer object runs out of refs, it gets removed from the peer hash table and, for that, rxrpc has to take a spinlock. However, it is now being called from afs's RCU cleanup, which takes place in BH... • https://git.kernel.org/stable/c/72904d7b9bfbf2dd146254edea93958bc35bbbfe •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21808 – net: xdp: Disallow attaching device-bound programs in generic mode
https://notcve.org/view.php?id=CVE-2025-21808
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: xdp: Disallow attaching device-bound programs in generic mode Device-bound programs are used to support RX metadata kfuncs. These kfuncs are driver-specific and rely on the driver context to read the metadata. This means they can't work in generic XDP mode. However, there is no check to disallow such programs from being attached in generic mode, in which case the metadata kfuncs will be called in an invalid context, leading to crashes.... • https://git.kernel.org/stable/c/2b3486bc2d237ec345b3942b7be5deabf8c8fed1 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21807 – block: fix queue freeze vs limits lock order in sysfs store methods
https://notcve.org/view.php?id=CVE-2025-21807
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queue_attr_store() always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will also lock the queue limits with a call to queue_limits_start_update(). However, some drivers (e.g. SCSI sd) may need to issue commands to a device to obtain limit values from the hardware with the queue limits lock... • https://git.kernel.org/stable/c/0327ca9d53bfbb0918867313049bba7046900f73 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21806 – net: let net.core.dev_weight always be non-zero
https://notcve.org/view.php?id=CVE-2025-21806
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: let net.core.dev_weight always be non-zero The following problem was encountered during stability test: (NULL net_device): NAPI poll function process_backlog+0x0/0x530 \ returned 1, exceeding its budget of 0. ------------[ cut here ]------------ list_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \ next=ffff88905f746e40. WARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \ __list_add_valid_or_report+0xf3/0x130 CPU: 18 UID:... • https://git.kernel.org/stable/c/e3876605450979fe52a1a03e7eb78a89bf59e76a •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21805 – RDMA/rtrs: Add missing deinit() call
https://notcve.org/view.php?id=CVE-2025-21805
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Add missing deinit() call A warning is triggered when repeatedly connecting and disconnecting the rnbd: list_add corruption. prev->next should be next (ffff88800b13e480), but was ffff88801ecd1338. (prev=ffff88801ecd1340). WARNING: CPU: 1 PID: 36562 at lib/list_debug.c:32 __list_add_valid_or_report+0x7f/0xa0 Workqueue: ib_cm cm_work_handler [ib_cm] RIP: 0010:__list_add_valid_or_report+0x7f/0xa0 ? __list_add_valid_or_report+0x7f/0x... • https://git.kernel.org/stable/c/667db86bcbe82e789d82c2e8c8c40756ec2e1999 •