CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21790 – vxlan: check vxlan_vnigroup_init() return value
https://notcve.org/view.php?id=CVE-2025-21790
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlan_vnigroup_init() return value vxlan_init() must check vxlan_vnigroup_init() success otherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167] CPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975... • https://git.kernel.org/stable/c/f9c4bb0b245cee35ef66f75bf409c9573d934cf9 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21787 – team: better TEAM_OPTION_TYPE_STRING validation
https://notcve.org/view.php?id=CVE-2025-21787
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1] BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline] BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714 string_nocheck lib/vsprintf.c:633 [inline] string+0x3ec/0x5f0 lib/vsprintf.c:714 vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843 __request_module+0x252/0x9f0 kernel/module/... • https://git.kernel.org/stable/c/3d249d4ca7d0ed6629a135ea1ea21c72286c0d80 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21785 – arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
https://notcve.org/view.php?id=CVE-2025-21785
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate data/instructions cache. Fix this by incrementing the index for any populated leaf (instead of any populated level). In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to ca... • https://git.kernel.org/stable/c/5d425c18653731af62831d30a4fa023d532657a9 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21782 – orangefs: fix a oob in orangefs_debug_write
https://notcve.org/view.php?id=CVE-2025-21782
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's suggestion and made this patch. In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's sugges... • https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21781 – batman-adv: fix panic during interface removal
https://notcve.org/view.php?id=CVE-2025-21781
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix panic during interface removal Reference counting is used to ensure that batadv_hardif_neigh_node and batadv_hard_iface are not freed before/during batadv_v_elp_throughput_metric_update work is finished. But there isn't a guarantee that the hard if will remain associated with a soft interface up until the work is finished. This fixes a crash triggered by reboot that looks like this: Call trace: batadv_v_mesh_free+0xd0/0x4dc ... • https://git.kernel.org/stable/c/c833484e5f3872a38fe232c663586069d5ad9645 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21780 – drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
https://notcve.org/view.php?id=CVE-2025-21780
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table(). In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it... • https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21779 – KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
https://notcve.org/view.php?id=CVE-2025-21779
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Advertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and only if the local API is emulated/virtualized by KVM, and explicitly reject said hypercalls if the local APIC is emulated in userspace, i.e. don't rely on userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID. Rejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if Hyper-V enlig... • https://git.kernel.org/stable/c/214ff83d4473a7757fa18a64dc7efe3b0e158486 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21776 – USB: hub: Ignore non-compliant devices with too many configs or interfaces
https://notcve.org/view.php?id=CVE-2025-21776
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer: Oops: general protection fault, probably for non-canonical address 0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI CPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14 Hardware name: FreeBSD BHYVE/BHYVE,... • https://git.kernel.org/stable/c/c3720b04df84b5459050ae4e03ec7d545652f897 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21775 – can: ctucanfd: handle skb allocation failure
https://notcve.org/view.php?id=CVE-2025-21775
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb allocation fails, the pointer to struct can_frame is NULL. This is actually handled everywhere inside ctucan_err_interrupt() except for the only place. Add the missed NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb alloca... • https://git.kernel.org/stable/c/2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21772 – partitions: mac: fix handling of bogus partition table
https://notcve.org/view.php?id=CVE-2025-21772
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeeded. - If the partition table claims a silly sector size like 0xfff bytes (which results in partition table entries straddling sector boundaries), bail out instead of accessing out-of-bounds memory. - We must not assume that the partition ta... • https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5 •