CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21833 – iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2025-21833
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pa... • https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21832 – block: don't revert iter for -EIOCBQUEUED
https://notcve.org/view.php?id=CVE-2025-21832
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdev_read_iter() has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero (where bigger than makes more sense), and not checking the return value of blkdev_direct_IO() before doing an iov_iter_revert(). The latter can lead to attempting to revert with a negative value, which when passed to iov_iter_revert() as an unsigned valu... • https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21831 – PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1
https://notcve.org/view.php?id=CVE-2025-21831
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 commit 9d26d3a8f1b0 ("PCI: Put PCIe ports into D3 during suspend") sets the policy that all PCIe ports are allowed to use D3. When the system is suspended if the port is not power manageable by the platform and won't be used for wakeup via a PME this sets up the policy for these ports to go into D3hot. This policy generally makes sense from an OSPM perspective but it leads to ... • https://git.kernel.org/stable/c/9d26d3a8f1b0c442339a235f9508bdad8af91043 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58085 – tomoyo: don't emit warning in tomoyo_write_control()
https://notcve.org/view.php?id=CVE-2024-58085
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line th... • https://git.kernel.org/stable/c/a01c200fa7eb59da4d2dbbb48b61f4a0d196c09f •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58083 – KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
https://notcve.org/view.php?id=CVE-2024-58083
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamping the index in kvm_get_vcpu(). If the index is "bad", the nospec clamping will generate '0', i.e. KVM will return vCPU0 instead of NULL. In practice, the bug is unlikely to cause problems, as it will only come into play if userspace or the guest is buggy or misbehaving, e.g. KVM may send interrupts to vCPU0 inst... • https://git.kernel.org/stable/c/1d487e9bf8ba66a7174c56a0029c54b1eca8f99c •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58080 – clk: qcom: dispcc-sm6350: Add missing parent_map for a clock
https://notcve.org/view.php?id=CVE-2024-58080
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: dispcc-sm6350: Add missing parent_map for a clock If a clk_rcg2 has a parent, it should also have parent_map defined, otherwise we'll get a NULL pointer dereference when calling clk_set_rate like the following: [ 3.388105] Call trace: [ 3.390664] qcom_find_src_index+0x3c/0x70 (P) [ 3.395301] qcom_find_src_index+0x1c/0x70 (L) [ 3.399934] _freq_tbl_determine_rate+0x48/0x100 [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28 [ 3.409387] ... • https://git.kernel.org/stable/c/837519775f1d3945e3d4019641f7120d58325059 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58079 – media: uvcvideo: Fix crash during unbind if gpio unit is in use
https://notcve.org/view.php?id=CVE-2024-58079
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix crash during unbind if gpio unit is in use We used the wrong device for the device managed functions. We used the usb device, when we should be using the interface device. If we unbind the driver from the usb interface, the cleanup functions are never called. In our case, the IRQ is never disabled. If an IRQ is triggered, it will try to access memory sections that are already free, causing an OOPS. • https://git.kernel.org/stable/c/2886477ff98740cc3333cf785e4de0b1ff3d7a28 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58077 – ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
https://notcve.org/view.php?id=CVE-2024-58077
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on common soc_pcm_ret(). It is used from many functions, ignoring -EINVAL is over-kill. The reason why -EINVAL was ignored was it really should only be used upon invalid parameters coming from userspace and in that case we don't want to log an error since we do not ... • https://git.kernel.org/stable/c/b65ba768302adc7ddc70811116cef80ca089af59 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58076 – clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
https://notcve.org/view.php?id=CVE-2024-58076
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-sm6350: Add missing parent_map for two clocks If a clk_rcg2 has a parent, it should also have parent_map defined, otherwise we'll get a NULL pointer dereference when calling clk_set_rate like the following: [ 3.388105] Call trace: [ 3.390664] qcom_find_src_index+0x3c/0x70 (P) [ 3.395301] qcom_find_src_index+0x1c/0x70 (L) [ 3.399934] _freq_tbl_determine_rate+0x48/0x100 [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28 [ 3.409387] ... • https://git.kernel.org/stable/c/131abae905df99f63d825e47b4df100d34f518ce •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21830 – landlock: Handle weird files
https://notcve.org/view.php?id=CVE-2025-21830
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: landlock: Handle weird files A corrupted filesystem (e.g. bcachefs) might return weird files. Instead of throwing a warning and allowing access to such file, treat them as regular files. In the Linux kernel, the following vulnerability has been resolved: landlock: Handle weird files A corrupted filesystem (e.g. bcachefs) might return weird files. Instead of throwing a warning and allowing access to such file, treat them as regular files. • https://git.kernel.org/stable/c/cb2c7d1a1776057c9a1f48ed1250d85e94d4850d •