CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21925 – llc: do not use skb_get() before dev_queue_xmit()
https://notcve.org/view.php?id=CVE-2025-21925
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: llc: do not use skb_get() before dev_queue_xmit() syzbot is able to crash hosts [1], using llc and devices not supporting IFF_TX_SKB_SHARING. In this case, e1000 driver calls eth_skb_pad(), while the skb is shared. Simply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c Note that e1000 driver might have an issue with pktgen, because it does not clear IFF_TX_SKB_SHARING, this is an orthogonal change. We need to audit other skb_get() us... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21922 – ppp: Fix KMSAN uninit-value warning with bpf
https://notcve.org/view.php?id=CVE-2025-21922
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning [1], which is caused by the ppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP filter BPF program: ''' struct bpf_program fp; pcap_t *handle; handle = pcap_open_dead(DLT_PPP_PPPD, 65535); pcap_compile(handle, &fp, "ip and outbound", 0, 0); bpf_dump(&fp, 1); ''' Its output is: ''' (000) ldh [2] ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21920 – vlan: enforce underlying device type
https://notcve.org/view.php?id=CVE-2025-21920
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. Besides the fact that it doesn't make much sense, this also causes a bug which leaks the address of a kernel function to usermode. When creating a VLAN device, we initialize GARP (garp_init_applicant) and MRP (mrp_init_applicant) for the underlying device. As part of the initialization process, we add the multicast address of each app... • https://git.kernel.org/stable/c/22bedad3ce112d5ca1eaf043d4990fa2ed698c87 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21912 – gpio: rcar: Use raw_spinlock to protect register access
https://notcve.org/view.php?id=CVE-2025-21912
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: rcar: Use raw_spinlock to protect register access Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access. [ 4.239592] ============================= [ 4.239595] [ BUG: Invalid wait context ] [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted [ 4.239603] ----------------------------- [ 4.239606] kworker/u8:5/76 ... • https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21910 – wifi: cfg80211: regulatory: improve invalid hints checking
https://notcve.org/view.php?id=CVE-2025-21910
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue [1] that occurs when erroneous symbols sent from userspace get through into user_alpha2[] via regulatory_hint_user() call. Such invalid regulatory hints should be rejected. While a sanity check from commit 47caf685a685 ("cfg80211: regulatory: reject invalid hints") looks to be enough to deter these very cases, there is a way to get around it due to 2 ... • https://git.kernel.org/stable/c/09d989d179d0c679043556dda77c51b41a2dae7e •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21909 – wifi: nl80211: reject cooked mode if it is set along with other flags
https://notcve.org/view.php?id=CVE-2025-21909
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject cooked mode if it is set along with other flags It is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE flags simultaneously on the same monitor interface from the userspace. This causes a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit set because the monitor interface is in the cooked state and it takes precedence over all other states. When the interface is then being deleted th... • https://git.kernel.org/stable/c/66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53008 – cifs: fix potential memory leaks in session setup
https://notcve.org/view.php?id=CVE-2023-53008
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. • https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53001 – drm/drm_vma_manager: Add drm_vma_node_allow_once()
https://notcve.org/view.php?id=CVE-2023-53001
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/drm_vma_manager: Add drm_vma_node_allow_once() Currently there is no easy way for a drm driver to safely check and allow drm_vma_offset_node for a drm file just once. Allow drm drivers to call non-refcounted version of drm_vma_node_allow() so that a driver doesn't need to keep track of each drm_vma_node_allow() to call subsequent drm_vma_node_revoke() to prevent memory leak. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/67444f8ca31cdaf45e0b761241ad49b1ae04bcf9 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53000 – netlink: prevent potential spectre v1 gadgets
https://notcve.org/view.php?id=CVE-2023-53000
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from __nla_validate_parse() or validate_nla() u16 type = nla_type(nla); if (type == 0 || type > maxtype) { /* error or continue */ } @type is then used as an array index and can be used as a Spectre v1 gadget. array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users. This should take care of vast majority of ... • https://git.kernel.org/stable/c/bfa83a9e03cf8d501c6272999843470afecb32ed •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52993 – x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
https://notcve.org/view.php?id=CVE-2023-52993
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fails to boot about half of the time. It triggers a NULL pointer dereference in the periodic tick code. This happens because the legacy timer interrupt (IRQ0) is resent in software which happens in soft interrupt (tasklet) context. In this context get_irq_regs() returns NULL which leads to the NULL pointer derefere... • https://git.kernel.org/stable/c/a4633adcdbc15ac51afcd0e1395de58cee27cf92 •