CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21713 – powerpc/pseries/iommu: Don't unset window if it was never set
https://notcve.org/view.php?id=CVE-2025-21713
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Don't unset window if it was never set On pSeries, when user attempts to use the same vfio container used by different iommu group, the spapr_tce_set_window() returns -EPERM and the subsequent cleanup leads to the below crash. In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Don't unset window if it was never set On pSeries, when user attempts to use the same vfi... • https://git.kernel.org/stable/c/f431a8cde7f102fce412546db6e62fdbde1131a7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21712 – md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
https://notcve.org/view.php?id=CVE-2025-21712
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct md_bitmap_stats"), following panic is reported: Oops: general protection fault, probably for non-canonical address RIP: 0010:bitmap_get_stats+0x2b/0xa0 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21711 – net/rose: prevent integer overflows in rose_setsockopt()
https://notcve.org/view.php?id=CVE-2025-21711
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsockopt() and multiplied by extra values on top of that, integer overflows may occur. In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsockopt() and multiplied b... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21710 – tcp: correct handling of extreme memory squeeze
https://notcve.org/view.php?id=CVE-2025-21710
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: correct handling of extreme memory squeeze Testing with iperf3 using the "pasta" protocol splicer has revealed a problem in the way tcp handles window advertising in extreme memory squeeze situations. ... • https://git.kernel.org/stable/c/e2142825c120d4317abf7160a0fc34b3de532586 •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21709 – kernel: be more careful about dup_mmap() failures and uprobe registering
https://notcve.org/view.php?id=CVE-2025-21709
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dup_mmap() failures and uprobe registering If a memory allocation fails during dup_mmap(), the maple tree can be left in an unsafe state for other iterators besides the exit path. In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dup_mmap() failures and uprobe registering If a memory allocation fails during dup_mmap(), the maple tree can be left in a... • https://git.kernel.org/stable/c/d2406291483775ecddaee929231a39c70c08fda2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21708 – net: usb: rtl8150: enable basic endpoint checking
https://notcve.org/view.php?id=CVE-2025-21708
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: enable basic endpoint checking Syzkaller reports [1] encountering a common issue of utilizing a wrong usb endpoint type during URB submitting stage. In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: enable basic endpoint checking Syzkaller reports [1] encountering a common issue of utilizing a wrong usb endpoint type during URB submitting stage. ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21707 – mptcp: consolidate suboption status
https://notcve.org/view.php?id=CVE-2025-21707
27 Feb 2025 — The above schema is fragile, and syzbot managed to trigger a path where a relevant bitfield is not cleared/initialized: BUG: KMSAN: uninit-value in __mptcp_expand_seq net/mptcp/options.c:1030 [inline] BUG: KMSAN: uninit-value in mptcp_expand_seq net/mptcp/protocol.h:864 [inline] BUG: KMSAN: uninit-value in ack_update_msk net/mptcp/options.c:1060 [inline] BUG: KMSAN: uninit-value in mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209 __mptcp_expand_seq net/mptcp/options.c:1030 [inline] mptcp_expand... • https://git.kernel.org/stable/c/84dfe3677a6f45b3d0dfdd564e55717a1a5e60cc •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21706 – mptcp: pm: only set fullmesh for subflow endp
https://notcve.org/view.php?id=CVE-2025-21706
27 Feb 2025 — That's what syzbot found, triggering the following warning: WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline] WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline] WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline] WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp... • https://git.kernel.org/stable/c/73c762c1f07dacba4fd1cefd15e24b419d42320d •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21705 – mptcp: handle fastopen disconnect correctly
https://notcve.org/view.php?id=CVE-2025-21705
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: handle fastopen disconnect correctly Syzbot was able to trigger a data stream corruption: WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024 Modules linked in: CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:__mptcp_clean_u... • https://git.kernel.org/stable/c/b7bb71dfb541df376c21c24451369fea83c4f327 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58000 – io_uring: prevent reg-wait speculations
https://notcve.org/view.php?id=CVE-2024-58000
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent reg-wait speculations With *ENTER_EXT_ARG_REG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the [offset, offset + sizeof(io_uring_reg_wait)) will be intepreted as the argument. In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent reg-wait speculations With *ENTER_EXT_ARG_RE... • https://git.kernel.org/stable/c/aa00f67adc2c0d6439f81b5a81ff181377c47a7e •