CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21685 – platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race
https://notcve.org/view.php?id=CVE-2025-21685
09 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open() before setting the client ops via serdev_device_set_client_ops(). This ordering can trigger a NULL pointer dereference in the serdev controller's receive_buf handler, as it assumes serdev->ops is valid when SERPORT_ACTIVE is set. This is similar to the issue fixed in commit 5e700b384ec1 ("platform/chro... • https://git.kernel.org/stable/c/b2ed33e8d486ab2f1920131dd76fab38c8ef3550 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21684 – gpio: xilinx: Convert gpio_lock to raw spinlock
https://notcve.org/view.php?id=CVE-2025-21684
09 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: xilinx: Convert gpio_lock to raw spinlock irq_chip functions may be called in raw spinlock context. Therefore, we must also use a raw spinlock for our own internal locking. This fixes the following lockdep splat: [ 5.349336] ============================= [ 5.353349] [ BUG: Invalid wait context ] [ 5.357361] 6.13.0-rc5+ #69 Tainted: G W [ 5.363031] ----------------------------- [ 5.367045] kworker/u17:1/44 is trying to lock: [ 5.371587... • https://git.kernel.org/stable/c/a32c7caea292c4d1e417eae6e5a348d187546acf •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57949 – irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
https://notcve.org/view.php?id=CVE-2024-57949
09 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard() irq_put_desc_unlock() <--- Warns because interrupts are enabled This was broken in... • https://git.kernel.org/stable/c/2458f2362f695584bd824c922caa07ffc4fe0d5c •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52925 – netfilter: nf_tables: don't fail inserts if duplicate has expired
https://notcve.org/view.php?id=CVE-2023-52925
05 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044interval_overlap_0 Expected: 0-2 . 0-3, got: W: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1 Insertion must ignore duplicate but expired entries. Moreover, there is a strange asymmetry in nft_pipapo_activate: It refetches the current element, whereas the other ->activate callbacks (bitmap, hash, rhash, rbtree... • https://git.kernel.org/stable/c/bd156ce9553dcaf2d6ee2c825d1a5a1718e86524 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52924 – netfilter: nf_tables: don't skip expired elements during walk
https://notcve.org/view.php?id=CVE-2023-52924
05 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map ("1.2.3.4 : jump foo") 2. timeouts are enabled In this case, following sequence is problematic: 1. element E in set S refers to chain C 2. userspace requests removal of set S 3. kernel does a set walk to decrement chain->use count for all elements from pre... • https://git.kernel.org/stable/c/9d0982927e79049675cb6c6c04a0ebb3dad5a434 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21683 – bpf: Fix bpf_sk_select_reuseport() memory leak
https://notcve.org/view.php?id=CVE-2025-21683
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF set before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb does not imply a non-refcounted socket. Drop sk's reference in both error paths. unreferenced object 0xffff888101911800 (size 2048): comm "test_progs", pid 44109, jiffies 429... • https://git.kernel.org/stable/c/64d85290d79c0677edb5a8ee2295b36c022fa5df •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21682 – eth: bnxt: always recalculate features after XDP clearing, fix null-deref
https://notcve.org/view.php?id=CVE-2025-21682
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: always recalculate features after XDP clearing, fix null-deref Recalculate features when XDP is detached. Before: # ip li set dev eth0 xdp obj xdp_dummy.bpf.o sec xdp # ip li set dev eth0 xdp off # ethtool -k eth0 | grep gro rx-gro-hw: off [requested on] After: # ip li set dev eth0 xdp obj xdp_dummy.bpf.o sec xdp # ip li set dev eth0 xdp off # ethtool -k eth0 | grep gro rx-gro-hw: on The fact that HW-GRO doesn't get re-enabled au... • https://git.kernel.org/stable/c/1054aee82321483dceabbb9b9e5d6512e8fe684b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21681 – openvswitch: fix lockup on tx to unregistering netdev with carrier
https://notcve.org/view.php?id=CVE-2025-21681
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: do_output -> ovs_vport_send -> dev_queue_xmit -> __dev_queue_xmit -> netdev_core_pick_tx -> skb_tx_hash When device is unregistering, the 'dev->real_num_tx_queues' goes to zero and the 'while (unlikely(hash >= qcount))' loop inside the 'skb_tx_hash' becomes infinite, locking up the core fore... • https://git.kernel.org/stable/c/644b3051b06ba465bc7401bfae9b14963cbc8c1c •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21680 – pktgen: Avoid out-of-bounds access in get_imix_entries
https://notcve.org/view.php?id=CVE-2025-21680
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24 index 20 is out of range for type 'imix_pkt [20]' CPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21679 – btrfs: add the missing error handling inside get_canonical_dev_path
https://notcve.org/view.php?id=CVE-2025-21679
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to get the final device path. But d_path() can return error, and in that case the next strscpy() call will trigger an invalid memory access. Add back the missing error handling for d_path(). In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical... • https://git.kernel.org/stable/c/5d261f60b5c82ba1e4b5555252e1c90c43d96015 •