CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21939 – drm/xe/hmm: Don't dereference struct page pointers without notifier lock
https://notcve.org/view.php?id=CVE-2025-21939
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/hmm: Don't dereference struct page pointers without notifier lock The pnfs that we obtain from hmm_range_fault() point to pages that we don't have a reference on, and the guarantee that they are still in the cpu page-tables is that the notifier lock must be held and the notifier seqno is still valid. So while building the sg table and marking the pages accesses / dirty we need to hold this lock with a validated seqno. However, the lo... • https://git.kernel.org/stable/c/81e058a3e7fd8593d076b4f26f7b8bb49f1d61e3 •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21938 – mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
https://notcve.org/view.php?id=CVE-2025-21938
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr If multiple connection requests attempt to create an implicit mptcp endpoint in parallel, more than one caller may end up in mptcp_pm_nl_append_new_local_addr because none found the address in local_addr_list during their call to mptcp_pm_nl_get_local_id. In this case, the concurrent new_local_addr calls may delete the address entry created by the previous caller. The... • https://git.kernel.org/stable/c/d045b9eb95a9b611c483897a69e7285aefdc66d7 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21937 – Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
https://notcve.org/view.php?id=CVE-2025-21937
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Add check for the return value of mgmt_alloc_skb() in mgmt_remote_name() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Add check for the return value of mgmt_alloc_skb() in mgmt_remote_name() to prevent null pointer dereference. Several vulnerabilities have... • https://git.kernel.org/stable/c/ba17bb62ce415950753c19d16bb43b2bd3701158 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21936 – Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
https://notcve.org/view.php?id=CVE-2025-21936
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. Several ... • https://git.kernel.org/stable/c/e96741437ef0a5d18144e790ac894397efda0924 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21935 – rapidio: add check for rio_add_net() in rio_scan_alloc_net()
https://notcve.org/view.php?id=CVE-2025-21935
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net(). In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() shou... • https://git.kernel.org/stable/c/e6b585ca6e81badeb3d42db3cc408174f2826034 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21934 – rapidio: fix an API misues when rio_add_net() fails
https://notcve.org/view.php?id=CVE-2025-21934
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue. In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thu... • https://git.kernel.org/stable/c/e8de370188d098bb49483c287b44925957c3c9b6 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21932 – mm: abort vma_modify() on merge out of memory failure
https://notcve.org/view.php?id=CVE-2025-21932
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: abort vma_modify() on merge out of memory failure The remainder of vma_modify() relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt failing not due to the specified range being unmergeable, but rather due to an out of memory error arising when attempting to commit the merge, this assumption becomes untrue. This results in vmg->start, end b... • https://git.kernel.org/stable/c/2f1c6611b0a89afcb8641471af5f223c9caa01e0 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21931 – hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
https://notcve.org/view.php?id=CVE-2025-21931
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is n... • https://git.kernel.org/stable/c/b15c87263a69272423771118c653e9a1d0672caa •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21930 – wifi: iwlwifi: mvm: don't try to talk to a dead firmware
https://notcve.org/view.php?id=CVE-2025-21930
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't try to talk to a dead firmware This fixes: bad state = 0 WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi] Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21929 – HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()
https://notcve.org/view.php?id=CVE-2025-21929
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The function hid_ishtp_cl_deinit() is called before ishtp_hid_remove(), which can lead to accessing freed memory or resources during the removal process. Call Trace: ? ishtp_cl_send+0x168/0x220 [intel_ishtp] ? hid_output_report+0xe3/0x150 ... • https://git.kernel.org/stable/c/f645a90e8ff732c48dd9f18815baef08c44ac8a0 • CWE-416: Use After Free •