CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52928 – bpf: Skip invalid kfunc call in backtrack_insn
https://notcve.org/view.php?id=CVE-2023-52928
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrack_insn The verifier skips invalid kfunc call in check_kfunc_call(), which would be captured in fixup_kfunc_call() if such insn is not eliminated by dead code elimination. However, this can lead to the following warning in backtrack_insn(), also see [1]: ------------[ cut here ]------------ verifier backtracking bug WARNING: CPU: 6 PID: 8646 at kernel/bpf/verifier.c:2756 backtrack_insn kernel/bpf/verif... • https://git.kernel.org/stable/c/6e2fac197de2c4c041bdd8982cffb104689113f1 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-4454 – can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
https://notcve.org/view.php?id=CVE-2021-4454
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate The conclusion "j1939_session_deactivate() should be called with a session ref-count of at least 2" is incorrect. In some concurrent scenarios, j1939_session_deactivate can be called with the session ref-count less than 2. But there is not any problem because it will check the session active state before session putting in j1939_session_deactivate_locked(). Here is the concurre... • https://git.kernel.org/stable/c/7eef18c0479ba5d9f54fba30cd77c233ebca3eb1 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21892 – RDMA/mlx5: Fix the recovery flow of the UMR QP
https://notcve.org/view.php?id=CVE-2025-21892
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted by the call trace [1]. During recovery, before transitioning the QP to the RESET state, the software must wait for all outstanding WRs to complete. Failing to do so can cause the firmware to skip sending some flushed CQEs with errors and simply discard them upon the RESET, as per th... • https://git.kernel.org/stable/c/158e71bb69e368b8b33e8b7c4ac8c111da0c1ae2 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21891 – ipvlan: ensure network headers are in skb linear part
https://notcve.org/view.php?id=CVE-2025-21891
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlan_process_v6_outbound() was assuming the IPv6 network header isis present in skb->head [1] Add the needed pskb_network_may_pull() calls for both IPv4 and IPv6 handlers. [1] BUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 ipv6_addr_type include/net/ipv6.h:555 [inline] ip6_rou... • https://git.kernel.org/stable/c/2ad7bf3638411cb547f2823df08166c13ab04269 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21890 – idpf: fix checksums set in idpf_rx_rsc()
https://notcve.org/view.php?id=CVE-2025-21890
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpf_rx_rsc() idpf_rx_rsc() uses skb_transport_offset(skb) while the transport header is not set yet. This triggers the following warning for CONFIG_DEBUG_NET=y builds. DEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb)) [ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf [ 69.261629] Modules linked in: vfat fat dummy bridge int... • https://git.kernel.org/stable/c/3a8845af66edb340ba9210bb8a0da040c7d6e590 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21889 – perf/core: Add RCU read lock protection to perf_iterate_ctx()
https://notcve.org/view.php?id=CVE-2025-21889
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Add RCU read lock protection to perf_iterate_ctx() The perf_iterate_ctx() function performs RCU list traversal but currently lacks RCU read lock protection. This causes lockdep warnings when running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y: WARNING: suspicious RCU usage kernel/events/core.c:8168 RCU-list traversed in non-reader section!! Call Trace: lockdep_rcu_suspicious ? perf_event_addr_filters_apply perf_itera... • https://git.kernel.org/stable/c/bd27568117664b8b3e259721393df420ed51f57b •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21888 – RDMA/mlx5: Fix a WARN during dereg_mr for DM type
https://notcve.org/view.php?id=CVE-2025-21888
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during dereg_mr for DM type Memory regions (MR) of type DM (device memory) do not have an associated umem. In the __mlx5_ib_dereg_mr() -> mlx5_free_priv_descs() flow, the code incorrectly takes the wrong branch, attempting to call dma_unmap_single() on a DMA address that is not mapped. This results in a WARN [1], as shown below. The issue is resolved by properly accounting for the DM type and ensuring the correct branc... • https://git.kernel.org/stable/c/f18ec422311767738ef4033b61e91cae07163b22 •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21887 – ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
https://notcve.org/view.php?id=CVE-2025-21887
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The issue was caused by dput(upper) being called before ovl_dentry_update_reval(), while upper->d_flags was still accessed in ovl_dentry_remote(). Move dput(upper) after its last use to prevent use-after-free. BUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline] BUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/over... • https://git.kernel.org/stable/c/62f29ca45f832e281fc14966ac25f6ff3bd121ca • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21885 – RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
https://notcve.org/view.php?id=CVE-2025-21885
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers While using nvme target with use_srq on, below kernel panic is noticed. [ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514) [ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI .. [ 566.393799]
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21884 – net: better track kernel sockets lifetime
https://notcve.org/view.php?id=CVE-2025-21884
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: better track kernel sockets lifetime While kernel sockets are dismantled during pernet_operations->exit(), their freeing can be delayed by any tx packets still held in qdisc or device queues, due to skb_set_owner_w() prior calls. This then trigger the following warning from ref_tracker_dir_exit() [1] To fix this, make sure that kernel sockets own a reference on net->passive. Add sk_net_refcnt_upgrade() helper, used whenever a kernel so... • https://git.kernel.org/stable/c/0cafd77dcd032d1687efaba5598cf07bce85997f •