CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-21846 – acct: perform last write from workqueue
https://notcve.org/view.php?id=CVE-2025-21846
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current-... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 8.3EPSS: %CPEs: 3EXPL: 0CVE-2025-21845 – mtd: spi-nor: sst: Fix SST write failure
https://notcve.org/view.php?id=CVE-2025-21845
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operation to `sst_nor_write_data()`")' introduced a bug where only one byte of data is written, regardless of the number of bytes passed to sst_nor_write_data(), causing a kernel crash during the write operation. Ensure the correct number of bytes are written as passed to sst_nor_write_data(). Call trace: [ 57.400180] ------------[ cut... • https://git.kernel.org/stable/c/18bcb4aa54eab75dce41e5c176a1c2bff94f0f79 •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2025-21844 – smb: client: Add check for next_buffer in receive_encrypted_standard()
https://notcve.org/view.php?id=CVE-2025-21844
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encryp... • https://git.kernel.org/stable/c/9f528a8e68327117837b5e28b096f52af4c26a05 •
CVSS: 6.3EPSS: %CPEs: 4EXPL: 0CVE-2024-58089 – btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
https://notcve.org/view.php?id=CVE-2024-58089
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): chec... • https://git.kernel.org/stable/c/d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2024-58088 – bpf: Fix deadlock when freeing cgroup storage
https://notcve.org/view.php?id=CVE-2024-58088
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]") first introduced deadlock prevention for fentry/fexit programs attaching on bpf_task_storage helpers. That commit also employed the logic in map free path in its v6 version. Later bpf_cgrp_storage was first introduced in c4bcfb38a95e ("bpf: Implement cgroup storage available to non-cgroup-att... • https://git.kernel.org/stable/c/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2024-58087 – ksmbd: fix racy issue from session lookup and expire
https://notcve.org/view.php?id=CVE-2024-58087
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. • https://git.kernel.org/stable/c/2107ab40629aeabbec369cf34b8cf0f288c3eb1b •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21843 – drm/panthor: avoid garbage value in panthor_ioctl_dev_query()
https://notcve.org/view.php?id=CVE-2025-21843
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the uninitialized value is copied to user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize 'priorities_info' to avoid this garbage value problem. In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the unin... • https://git.kernel.org/stable/c/f70000ef23527f6d928d1175c66c5fafa968814b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21842 – amdkfd: properly free gang_ctx_bo when failed to init user queue
https://notcve.org/view.php?id=CVE-2025-21842
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: amdkfd: properly free gang_ctx_bo when failed to init user queue The destructor of a gtt bo is declared as void amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void **mem_obj); Which takes void** as the second parameter. GCC allows passing void* to the function because void* can be implicitly casted to any other types, so it can pass compiling. However, passing this void* parameter into the function's execution process(which expects ... • https://git.kernel.org/stable/c/fb91065851cd5f2735348c5f3eddeeca3d7c2973 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21841 – cpufreq/amd-pstate: Fix cpufreq_policy ref counting
https://notcve.org/view.php?id=CVE-2025-21841
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Fix cpufreq_policy ref counting amd_pstate_update_limits() takes a cpufreq_policy reference but doesn't decrement the refcount in one of the exit paths, fix that. In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Fix cpufreq_policy ref counting amd_pstate_update_limits() takes a cpufreq_policy reference but doesn't decrement the refcount in one of the exit paths, fix that. • https://git.kernel.org/stable/c/45722e777fd99ea863fe653c1838d39f678506e2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21840 – thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header
https://notcve.org/view.php?id=CVE-2025-21840
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault after commit 1773572863c4 ("thermal: netlink: Add the commands and the events for the thresholds"). The issue arises because the THERMAL_GENL_ATTR_CPU_CAPABILITY raw value was changed while intel_lpmd still us... • https://git.kernel.org/stable/c/1773572863c43a14a3e45f0591f28b7dec1ee52a •