
CVE-2024-58007 – soc: qcom: socinfo: Avoid out of bounds read of serial number
https://notcve.org/view.php?id=CVE-2024-58007
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. ... • https://git.kernel.org/stable/c/efb448d0a3fca01bb987dd70963da6185b81751e • CWE-125: Out-of-bounds Read •

CVE-2024-58006 – PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
https://notcve.org/view.php?id=CVE-2024-58006
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") set_bar() was modified to support dynamically changing the backing physical address of a BAR that was already configured. In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commi... • https://git.kernel.org/stable/c/4284c88fff0efc4e418abb53d78e02dc4f099d6c •

CVE-2024-58005 – tpm: Change to kvalloc() in eventlog/acpi.c
https://notcve.org/view.php?id=CVE-2024-58005
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.... • https://git.kernel.org/stable/c/55a82ab3181be039c6440d3f2f69260ad6fe2988 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •

CVE-2024-58004 – media: intel/ipu6: remove cpu latency qos request on error
https://notcve.org/view.php?id=CVE-2024-58004
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: remove cpu latency qos request on error Fix cpu latency qos list corruption like below. ... __list_add_valid_or_report+0x83/0xa0 [ 30.634742] l7 kernel: plist_add+0xdd/0x140 [ 30.634754] l7 kernel: pm_qos_update_target+0xa0/0x1f0 [ 30.634764] l7 kernel: cpu_latency_qos_update_request+0x61/0xc0 [ 30.634773] l7 kernel: intel_dp_aux_xfer+0x4c7/0x6e0 [i915 1f824655ed04687c2b0d23dbce759fa785f6d033] In the Linux k... • https://git.kernel.org/stable/c/f50c4ca0a82003b8a542c3332fd292cf1bc355a2 •

CVE-2024-58003 – media: i2c: ds90ub9x3: Fix extra fwnode_handle_put()
https://notcve.org/view.php?id=CVE-2024-58003
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() The ub913 and ub953 drivers call fwnode_handle_put(priv->sd.fwnode) as part of their remove process, and if the driver is removed multiple times, eventually leads to put "overflow", possibly causing memory corruption or crash. In the Linux kernel, the following vulnerability has been resolved: media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() The ub913 and ub953 drivers c... • https://git.kernel.org/stable/c/905f88ccebb14e42bcd19455b0d9c0d4808f1897 •

CVE-2024-58002 – media: uvcvideo: Remove dangling pointers
https://notcve.org/view.php?id=CVE-2024-58002
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. ... A dangling pointer vulnerability was found in the Linux kernel. ... • https://git.kernel.org/stable/c/e5225c820c057537dc780244760e2e24c7d27366 • CWE-416: Use After Free •

CVE-2024-58001 – ocfs2: handle a symlink read error correctly
https://notcve.org/view.php?id=CVE-2024-58001
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". ... In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". ... Chenyuan Yan... • https://git.kernel.org/stable/c/cd3e22b206189cbb4a94229002141e1529f83746 •

CVE-2025-21731 – nbd: don't allow reconnect after disconnect
https://notcve.org/view.php?id=CVE-2025-21731
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: don't allow reconnect after disconnect Following process can cause nbd_config UAF: 1) grab nbd_config temporarily; 2) nbd_genl_disconnect() flush all recv_work() and release the initial reference: nbd_genl_disconnect nbd_disconnect_and_put nbd_disconnect flush_workqueue(nbd->recv_workq) if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...)) nbd_config_put -> due to step 1), reference is still not zero 3) nbd_genl_reconfigure() queu... • https://git.kernel.org/stable/c/b7aa3d39385dc2d95899f9e379623fef446a2acd • CWE-416: Use After Free •

CVE-2025-21730 – wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
https://notcve.org/view.php?id=CVE-2025-21730
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed If WoWLAN failed in resume flow, the rtw89_ops_add_interface() triggered without removing the interface first. ... __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed If WoWLAN failed in resume flow, the rtw89_ops_add_... • https://git.kernel.org/stable/c/68ec751b288178de7d19b71ea61648269a35b8cd •

CVE-2025-21729 – wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
https://notcve.org/view.php?id=CVE-2025-21729
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally, so cancel_hw_scan can pass the condition, but suddenly hw_scan completion unset the flag and calls ieee80211_scan_completed() that will free local->hw_scan_req. ... __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 In the Linux kernel, the following vulnerability has been resolved: wifi: ... • https://git.kernel.org/stable/c/895907779752606f6a4795abfc008509f8e38314 • CWE-416: Use After Free •