CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22060 – net: mvpp2: Prevent parser TCAM memory corruption
https://notcve.org/view.php?id=CVE-2025-22060
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an index register that selects the row to read or write to. This means that operations must be atomic in order to, e.g., avoid spreading writes across multiple rows. Since the shadow SRAM array is used to find free ... • https://git.kernel.org/stable/c/3f518509dedc99f0b755d2ce68d24f610e3a005a •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22058 – udp: Fix memory accounting leak.
https://notcve.org/view.php?id=CVE-2025-22058
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spiked to 524,288 pages and never dropped. Moreover, the value doubled when the application was terminated. • https://git.kernel.org/stable/c/f970bd9e3a06f06df8d8ecf1f8ad2c8615cc17eb •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22057 – net: decrease cached dst counters in dst_release
https://notcve.org/view.php?id=CVE-2025-22057
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dst_release Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid accessing already freed data in case of netns dismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels are used, this fix is incomplete as the same issue will be seen for cached dsts: Unable to handle kernel paging request a... • https://git.kernel.org/stable/c/d71785ffc7e7cae3fbdc4ea8a9d05b7a1c59f7b8 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22053 – net: ibmveth: make veth_pool_store stop hanging
https://notcve.org/view.php?id=CVE-2025-22053
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make veth_pool_store stop hanging v2: - Created a single error handling unlock and exit in veth_pool_store - Greatly expanded commit message with previous explanatory-only text Summary: Use rtnl_mutex to synchronize veth_pool_store with itself, ibmveth_close and ibmveth_open, preventing multiple calls in a row to napi_disable. Background: Two (or more) threads could call veth_pool_store through writing to /sys/devices/vio/3000... • https://git.kernel.org/stable/c/860f242eb5340d0b0cfe243cb86b2a98f92e8b91 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22049 – LoongArch: Increase ARCH_DMA_MINALIGN up to 16
https://notcve.org/view.php?id=CVE-2025-22049
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCH_DMA_MINALIGN up to 16 ARCH_DMA_MINALIGN is 1 by default, but some LoongArch-specific devices (such as APBDMA) require 16 bytes alignment. When the data buffer length is too small, the hardware may make an error writing cacheline. Thus, it is dangerous to allocate a small memory buffer for DMA. It's always safe to define ARCH_DMA_MINALIGN as L1_CACHE_BYTES but unnecessary (kmalloc() need small memory objects). Theref... • https://git.kernel.org/stable/c/f39af67f03b564b763b06e44cb960c10a382d54a •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22043 – ksmbd: add bounds check for durable handle context
https://notcve.org/view.php?id=CVE-2025-22043
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for durable handle context Add missing bounds check for durable handle context. • https://git.kernel.org/stable/c/8d4848c45943c9cf5e86142fd7347efa97f497db •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22042 – ksmbd: add bounds check for create lease context
https://notcve.org/view.php?id=CVE-2025-22042
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context. • https://git.kernel.org/stable/c/629dd37acc336ad778979361c351e782053ea284 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22041 – ksmbd: fix use-after-free in ksmbd_sessions_deregister()
https://notcve.org/view.php?id=CVE-2025-22041
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. session that is freed through the global session table can be accessed again through ->sessions of connection. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() ... • https://git.kernel.org/stable/c/f0eb3f575138b816da74697bd506682574742fcd •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22040 – ksmbd: fix session use-after-free in multichannel connection
https://notcve.org/view.php?id=CVE-2025-22040
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connection is added to channel list of session. This patch check reference count of session before freeing it. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition be... • https://git.kernel.org/stable/c/596407adb9af1ee75fe7c7529607783d31b66e7f •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22039 – ksmbd: fix overflow in dacloffset bounds check
https://notcve.org/view.php?id=CVE-2025-22039
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smb_check_perm_dacl() and smb_inherit_dacl(). This could result in out-of-bounds memory access and a kernel crash when dereferencing the DACL pointer. This patch converts dacloffset to unsigned int and uses check_add_overflow() to validate access ... • https://git.kernel.org/stable/c/6a9cd9ff0fa2bcc30b2bfb8bdb161eb20e44b9dc •