CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57908 – iio: imu: kmx61: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57908
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx... • https://git.kernel.org/stable/c/c3a23ecc0901f624b681bbfbc4829766c5aa3070 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57907 – iio: adc: rockchip_saradc: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57907
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnerability has been resolved: iio... • https://git.kernel.org/stable/c/4e130dc7b41348b13684f0758c26cc6cf72a3449 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57906 – iio: adc: ti-ads8688: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57906
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnerability has been resolved: iio: adc... • https://git.kernel.org/stable/c/61fa5dfa5f52806f5ce37a0ba5712c271eb22f98 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57904 – iio: adc: at91: call input_free_device() on allocated iio_dev
https://notcve.org/view.php?id=CVE-2024-57904
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Curren... • https://git.kernel.org/stable/c/84882b060301c35ab7e2c1ef355b0bd06b764195 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21653 – net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
https://notcve.org/view.php?id=CVE-2025-21653
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Goog... • https://git.kernel.org/stable/c/e5dfb815181fcb186d6080ac3a091eadff2d98fe •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21651 – net: hns3: don't auto enable misc vector
https://notcve.org/view.php?id=CVE-2025-21651
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. If an interrupte is reported at this time, it will cause warning like below: [ 16.324639] Call trace: [ 16.324641] __queue_delayed_work+0xb8/0xe0 [ 16.324643] mod_delayed_work_on+0x78/0xd0 [ 16.324655] hclge_errhand_task_schedule+0x58/0x90 [hclge] [ 16.324662] hclge_misc_irq_handle+0x168/0x240 [hclge] [ 16.324666] __h... • https://git.kernel.org/stable/c/7be1b9f3e99f6213d053d16ed2438126931d8351 •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21649 – net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
https://notcve.org/view.php?id=CVE-2025-21649
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash. [ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.286600]... • https://git.kernel.org/stable/c/0bf5eb788512187b744ef7f79de835e6cbe85b9c •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21648 – netfilter: conntrack: clamp maximum hashtable size to INT_MAX
https://notcve.org/view.php?id=CVE-2025-21648
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns. In the Linux kernel, the following vulnerability has be... • https://git.kernel.org/stable/c/9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21647 – sched: sch_cake: add bounds checks to host bulk flow fairness counts
https://notcve.org/view.php?id=CVE-2025-21647
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access. To avoid any such logic errors causing out of bounds memory accesses, this commit factors out all accesses to the per-host bulk flow counters to a series of helpers that perform bounds-chec... • https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21646 – afs: Fix the maximum cell name length
https://notcve.org/view.php?id=CVE-2025-21646
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/afs/ with the name of the cell, but that fails with a warning: WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405 because procfs limits the maximum filename length to 255. However, the DNS limits the maximum lookup length and, by extensio... • https://git.kernel.org/stable/c/c3e9f888263bb4df11cbd623ceced02081cb2f9f •