CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58055 – usb: gadget: f_tcm: Don't free command immediately
https://notcve.org/view.php?id=CVE-2024-58055
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Don't free command immediately Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Don't free command immediately Don't prematurely free the command. • https://git.kernel.org/stable/c/cff834c16d23d614388aab1b86d19eb67b3f80c4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58053 – rxrpc: Fix handling of received connection abort
https://notcve.org/view.php?id=CVE-2024-58053
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix handling of received connection abort Fix the handling of a connection abort that we've received. Though the abort is at the connection level, it needs propagating to the calls on that connection. Whilst the propagation bit is performed, the calls aren't then woken up to go and process their termination, and as no further input is forthcoming, they just hang. Also add some tracing for the logging of connection aborts. En el kerne... • https://git.kernel.org/stable/c/248f219cb8bcbfbd7f132752d44afa2df7c241d1 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58052 – drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
https://notcve.org/view.php?id=CVE-2024-58052
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table The function atomctrl_get_smc_sclk_range_table() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to retrieve SMU_Info table, it returns NULL which is later dereferenced. Found by Linux Verification Center (linuxtesting.org) with SVACE. In practice this should never happen as this code only gets called on p... • https://git.kernel.org/stable/c/a23eefa2f4615af91ea496ca5b55c9e7c6fa934c •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58051 – ipmi: ipmb: Add check devm_kasprintf() returned value
https://notcve.org/view.php?id=CVE-2024-58051
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: Add check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipmi: ipmb: Agregar verificación del valor devuelto por devm_kasprintf() devm_kasprintf() puede devolver un puntero NULL en caso de error, pero este valor devuelto no se verifica. In the Linux kernel, the following vulnerability ... • https://git.kernel.org/stable/c/51bd6f291583684f495ea498984dfc22049d7fd2 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49733 – ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
https://notcve.org/view.php?id=CVE-2022-49733
02 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted rec... • https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21823 – batman-adv: Drop unmanaged ELP metric worker
https://notcve.org/view.php?id=CVE-2025-21823
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: Drop unmanaged ELP metric worker The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even w... • https://git.kernel.org/stable/c/c833484e5f3872a38fe232c663586069d5ad9645 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21821 – fbdev: omap: use threaded IRQ for LCD DMA
https://notcve.org/view.php?id=CVE-2025-21821
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000 Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2 Hardware name: Nokia 770 Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack fro... • https://git.kernel.org/stable/c/7bbbd311dd503653a2cc86d9226740883051dc92 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21820 – tty: xilinx_uartps: split sysrq handling
https://notcve.org/view.php?id=CVE-2025-21820
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: xilinx_uartps: split sysrq handling lockdep detects the following circular locking dependency: CPU 0 CPU 1 ========================== ============================ cdns_uart_isr() printk() uart_port_lock(port) console_lock() cdns_uart_console_write() if (!port->sysrq) uart_port_lock(port) uart_handle_break() port->sysrq = ... uart_handle_sysrq_char() printk() console_lock() The fixed commit attempts to avoid this situation by only takin... • https://git.kernel.org/stable/c/74ea66d4ca061a3cd4c0e924e51b60e924644852 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21817 – block: mark GFP_NOIO around sysfs ->store()
https://notcve.org/view.php?id=CVE-2025-21817
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs ->store() sysfs ->store is called with queue freezed, meantime we have several ->store() callbacks(update_nr_requests, wbt, scheduler) to allocate memory with GFP_KERNEL which may run into direct reclaim code path, then potential deadlock can be caused. Fix the issue by marking NOIO around sysfs ->store() In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs -... • https://git.kernel.org/stable/c/2566ce907e5d5db8a039647208e029ce559baa31 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21816 – hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
https://notcve.org/view.php?id=CVE-2025-21816
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on severa... • https://git.kernel.org/stable/c/5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94 •