CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21777 – ring-buffer: Validate the persistent meta data subbuf array
https://notcve.org/view.php?id=CVE-2025-21777
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the order of the subbuffers in how the ring buffer link list is to be created. The validator currently makes sure that all the entries are within the range of 0 and nr_subbufs. But it does not check if there are any dupli... • https://git.kernel.org/stable/c/c76883f18e59b762247ee91d3e4224231711854e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21776 – USB: hub: Ignore non-compliant devices with too many configs or interfaces
https://notcve.org/view.php?id=CVE-2025-21776
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer: Oops: general protection fault, probably for non-canonical address 0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI CPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14 Hardware name: FreeBSD BHYVE/BHYVE,... • https://git.kernel.org/stable/c/c3720b04df84b5459050ae4e03ec7d545652f897 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21775 – can: ctucanfd: handle skb allocation failure
https://notcve.org/view.php?id=CVE-2025-21775
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb allocation fails, the pointer to struct can_frame is NULL. This is actually handled everywhere inside ctucan_err_interrupt() except for the only place. Add the missed NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. • https://git.kernel.org/stable/c/2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21774 – can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated
https://notcve.org/view.php?id=CVE-2025-21774
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to bail out if skb cannot be allocated. • https://git.kernel.org/stable/c/ff60bfbaf67f219c634cfe89a52250efe8e600d0 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21773 – can: etas_es58x: fix potential NULL pointer dereference on udev->serial
https://notcve.org/view.php?id=CVE-2025-21773
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: fix potential NULL pointer dereference on udev->serial The driver assumed that es58x_dev->udev->serial could never be NULL. While this is true on commercially available devices, an attacker could spoof the device identity providing a NULL USB serial number. That would trigger a NULL pointer dereference. Add a check on es58x_dev->udev->serial before accessing it. • https://git.kernel.org/stable/c/9f06631c3f1f0f298536443df85a6837ba4c5f5c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21772 – partitions: mac: fix handling of bogus partition table
https://notcve.org/view.php?id=CVE-2025-21772
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeeded. - If the partition table claims a silly sector size like 0xfff bytes (which results in partition table entries straddling sector boundaries), bail out instead of accessing out-of-bounds memory. - We must not assume that the partition ta... • https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21771 – sched_ext: Fix incorrect autogroup migration detection
https://notcve.org/view.php?id=CVE-2025-21771
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix incorrect autogroup migration detection scx_move_task() is called from sched_move_task() and tells the BPF scheduler that cgroup migration is being committed. sched_move_task() is used by both cgroup and autogroup migrations and scx_move_task() tried to filter out autogroup migrations by testing the destination cgroup and PF_EXITING but this is not enough. In fact, without explicitly tagging the thread which is doing the cgro... • https://git.kernel.org/stable/c/8195136669661fdfe54e9a8923c33b31c92fc1da •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21770 – iommu: Fix potential memory leak in iopf_queue_remove_device()
https://notcve.org/view.php?id=CVE-2025-21770
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential memory leak in iopf_queue_remove_device() The iopf_queue_remove_device() helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the device from the queue. However, it fails to release the group structure that represents a group of iopf's awaiting for a response after responding to the hardware. This... • https://git.kernel.org/stable/c/19911232713573a2ebea84a25bd4d71d024ed86b •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21769 – ptp: vmclock: Add .owner to vmclock_miscdev_fops
https://notcve.org/view.php?id=CVE-2025-21769
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Add .owner to vmclock_miscdev_fops Without the .owner field, the module can be unloaded while /dev/vmclock0 is open, leading to an oops. • https://git.kernel.org/stable/c/20503272422693d793b84f88bf23fe4e955d3a33 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21768 – net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
https://notcve.org/view.php?id=CVE-2025-21768
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own cache, and the lwtunnel state will never be freed. Discovered by the ioam6.sh test, kmemleak was recently fixed to catch per-cpu memory leaks. I'm not sure if rpl and seg6 can actually hit this, but in principle I don... • https://git.kernel.org/stable/c/6c8702c60b88651072460f3f4026c7dfe2521d12 •