CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21923 – HID: hid-steam: Fix use-after-free when detaching device
https://notcve.org/view.php?id=CVE-2025-21923
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must clean up the client_hdev used for intercepting hidraw access. ... In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must clean up the client_hdev used for intercepting hidraw access. • https://git.kernel.org/stable/c/e1147961b2145fa61c3078a4a797d9576cde91ab • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21922 – ppp: Fix KMSAN uninit-value warning with bpf
https://notcve.org/view.php?id=CVE-2025-21922
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning [1], which is caused by the ppp driver not initializing a 2-byte header when using socket filter. ... tag=ReproC&x=11994913980000 In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning [1], which is caused by the ppp driver not initi... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21921 – net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
https://notcve.org/view.php?id=CVE-2025-21921
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device ethnl_req_get_phydev() is used to lookup a phy_device, in the case an ethtool netlink command targets a specific phydev within a netdev's topology. In the Linux kernel, the following vulnerability has been resolved: net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device ethnl_req_get_phydev() is used to lookup a phy_device, in the case an ethtool ... • https://git.kernel.org/stable/c/c15e065b46dc4e19837275b826c1960d55564abd •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21920 – vlan: enforce underlying device type
https://notcve.org/view.php?id=CVE-2025-21920
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. ... • https://git.kernel.org/stable/c/22bedad3ce112d5ca1eaf043d4990fa2ed698c87 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21919 – sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
https://notcve.org/view.php?id=CVE-2025-21919
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. • https://git.kernel.org/stable/c/fdaba61ef8a268d4136d0a113d153f7a89eb9984 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21918 – usb: typec: ucsi: Fix NULL pointer access
https://notcve.org/view.php?id=CVE-2025-21918
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. • https://git.kernel.org/stable/c/b9aa02ca39a49740926c2c450a1505a4a0f8954a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21917 – usb: renesas_usbhs: Flush the notify_hotplug_work
https://notcve.org/view.php?id=CVE-2025-21917
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Flush the notify_hotplug_work When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Flush the notify_hotplug_work When performing continuous unbind/bind oper... • https://git.kernel.org/stable/c/bc57381e634782009b1cb2e86b18013699ada576 •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2025-21916 – usb: atm: cxacru: fix a flaw in existing endpoint checks
https://notcve.org/view.php?id=CVE-2025-21916
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. • https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21915 – cdx: Fix possible UAF error in driver_override_show()
https://notcve.org/view.php?id=CVE-2025-21915
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_ove... • https://git.kernel.org/stable/c/2959ab247061e67485d83b6af8feb3761ec08cb9 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21914 – slimbus: messaging: Free transaction ID in delayed interrupt scenario
https://notcve.org/view.php?id=CVE-2025-21914
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slim_do_transfer() returns timeout error but the transaction ID (TID) is not freed. In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slim_do_transfer() returns timeout error but the tra... • https://git.kernel.org/stable/c/afbdcc7c384b0d446da08b1e0901dc176b41b9e0 •