CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21956 – drm/amd/display: Assign normalized_pix_clk when color depth = 14
https://notcve.org/view.php?id=CVE-2025-21956
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign normalized_pix_clk when color depth = 14 [WHY & HOW] A warning message "WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397 calculate_phy_pix_clks+0xef/0x100 [amdgpu]" occurs because the display_color_depth == COLOR_DEPTH_141414 is not handled. This is observed in Radeon RX 6600 XT. It is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests. Also fixes the indentation in get_norm_pix_clk. • https://git.kernel.org/stable/c/dc831b38680c47d07e425871a9852109183895cf •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21951 – bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
https://notcve.org/view.php?id=CVE-2025-21951
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock There are multiple places from where the recovery work gets scheduled asynchronously. Also, there are multiple places where the caller waits synchronously for the recovery to be completed. One such place is during the PM shutdown() callback. If the device is not alive during recovery_work, it will try to reset the device using pci_reset_function(). This function int... • https://git.kernel.org/stable/c/7389337f0a78ea099c47f0af08f64f20c52ab4ba •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21950 – drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
https://notcve.org/view.php?id=CVE-2025-21950
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl In the "pmcmd_ioctl" function, three memory objects allocated by kmalloc are initialized by "hcall_get_cpu_state", which are then copied to user space. The initializer is indeed implemented in "acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of information leakage due to uninitialized bytes. In the Linux kernel, the following vulnerability has been resol... • https://git.kernel.org/stable/c/3d679d5aec648f50e645702929890b9611998a0b •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21948 – HID: appleir: Fix potential NULL dereference at raw event handle
https://notcve.org/view.php?id=CVE-2025-21948
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: appleir: Fix potential NULL dereference at raw event handle Syzkaller reports a NULL pointer dereference issue in input_event(). BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline] BUG: KASAN: null-ptr-deref ... • https://git.kernel.org/stable/c/9a4a5574ce427c364d81746fc7fb82d86b5f1a7e •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21943 – gpio: aggregator: protect driver attr handlers against module unload
https://notcve.org/view.php?id=CVE-2025-21943
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both new_device_store and delete_device_store touch module global resources (e.g. gpio_aggregator_lock). To prevent race conditions with module unload, a reference needs to be held. Add try_module_get() in these handlers. For new_device_store, this eliminates what appears to be the most dangerous scenario: if an id is allocated from gpio_aggregator_idr but platform_device_... • https://git.kernel.org/stable/c/828546e24280f721350a7a0dcc92416e917b4382 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21941 – drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
https://notcve.org/view.php?id=CVE-2025-21941
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Found by code review. (cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092) In the Linux kernel, the following vulnerability has bee... • https://git.kernel.org/stable/c/3be5262e353b8ab97c528bfc7d0dd3c820e4ba27 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21935 – rapidio: add check for rio_add_net() in rio_scan_alloc_net()
https://notcve.org/view.php?id=CVE-2025-21935
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net(). In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() shou... • https://git.kernel.org/stable/c/e6b585ca6e81badeb3d42db3cc408174f2826034 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21934 – rapidio: fix an API misues when rio_add_net() fails
https://notcve.org/view.php?id=CVE-2025-21934
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue. In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thu... • https://git.kernel.org/stable/c/e8de370188d098bb49483c287b44925957c3c9b6 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21931 – hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
https://notcve.org/view.php?id=CVE-2025-21931
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is n... • https://git.kernel.org/stable/c/b15c87263a69272423771118c653e9a1d0672caa •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21928 – HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
https://notcve.org/view.php?id=CVE-2025-21928
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()` uses `driver_d... • https://git.kernel.org/stable/c/0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6 •