CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-22083 – vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
https://notcve.org/view.php?id=CVE-2025-22083
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without a vhost_scsi_clear_endpoint between them, we can hit multiple bugs found by Haoran Zhang: 1. Use-after-free when no tpgs are found: This fixes a use after free that occurs when vhost_scsi_set_endpoint is called more than once and calls after the first call do not find any tpgs to add to the vs_tpg. When vhost_scs... • https://git.kernel.org/stable/c/4f7f46d32c9875004fae1d57ae3c02cc2e6cd6a3 •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2025-22081 – fs/ntfs3: Fix a couple integer overflows on 32bit systems
https://notcve.org/view.php?id=CVE-2025-22081
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can have an integer wrapping issue. Fix it by using size_add(). In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can have an integer wrapping issue. Fix it by using size_add(). • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2025-22079 – ocfs2: validate l_tree_depth to avoid out-of-bounds access
https://notcve.org/view.php?id=CVE-2025-22079
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is limited to OCFS2_MAX_PATH_DEPTH. Add a check to prevent out-of-bounds access if l_tree_depth has an invalid value, which may occur when reading from a corrupted mounted disk [1]. In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The ... • https://git.kernel.org/stable/c/ccd979bdbce9fba8412beb3f1de68a9d0171b12c •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2025-22075 – rtnetlink: Allocate vfinfo size for VF GUIDs when supported
https://notcve.org/view.php?id=CVE-2025-22075
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0 ("net/core: Add support for getting VF GUIDs") added support for getting VF port and node GUIDs in netlink ifinfo messages, but their size was not taken into consideration in the function that allocates the netlink message, causing the following warning when a netlink message is filled with many VF port and node GUIDs: # echo 64 > /sys/bus/pci/devices/0000\:08\:... • https://git.kernel.org/stable/c/30aad41721e087babcf27c5192474724d555936c •
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2025-22073 – spufs: fix a leak on spufs_new_file() failure
https://notcve.org/view.php?id=CVE-2025-22073
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak on spufs_new_file() failure It's called from spufs_fill_dir(), and caller of that will do spufs_rmdir() in case of failure. That does remove everything we'd managed to create, but... the problem dentry is still negative. IOW, it needs to be explicitly dropped. In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak on spufs_new_file() failure It's called from spufs_fill_dir(), and caller of th... • https://git.kernel.org/stable/c/3f51dd91c80746a5cf76f8c4a77bfc88aa82bb9e •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-22072 – spufs: fix gang directory lifetimes
https://notcve.org/view.php?id=CVE-2025-22072
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spufs: fix gang directory lifetimes prior to "[POWERPC] spufs: Fix gang destroy leaks" we used to have a problem with gang lifetimes - creation of a gang returns opened gang directory, which normally gets removed when that gets closed, but if somebody has created a context belonging to that gang and kept it alive until the gang got closed, removal failed and we ended up with a leak. Unfortunately, it had been fixed the wrong way. Dentry of ... • https://git.kernel.org/stable/c/877907d37da9694a34adc9dc3e2ce09400148cb5 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-22071 – spufs: fix a leak in spufs_create_context()
https://notcve.org/view.php?id=CVE-2025-22071
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufs_create_context() Leak fixes back in 2008 missed one case - if we are trying to set affinity and spufs_mkdir() fails, we need to drop the reference to neighbor. • https://git.kernel.org/stable/c/58119068cb27ef7513f80aff44b62a3a8f40ef5f •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-22066 – ASoC: imx-card: Add NULL check in imx_card_probe()
https://notcve.org/view.php?id=CVE-2025-22066
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Add NULL check in imx_card_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, imx_card_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. • https://git.kernel.org/stable/c/aa736700f42fa0813e286ca2f9274ffaa25163b9 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-22063 – netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
https://notcve.org/view.php?id=CVE-2025-22063
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an IPv6 address, the function calipso_sock_setattr() is triggered. Inside this function, the following code is executed: sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL; Since sk is an IPv4 socket, pinet6 is NUL... • https://git.kernel.org/stable/c/ceba1832b1b2da0149c51de62a847c00bca1677a •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-22062 – sctp: add mutual exclusion in proc_sctp_do_udp_port()
https://notcve.org/view.php?id=CVE-2025-22062
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)... • https://git.kernel.org/stable/c/046c052b475e7119b6a30e3483e2888fc606a2f8 •