CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21660 – ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
https://notcve.org/view.php?id=CVE-2025-21660
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not the last entry, it will exit without restoring changed path buffer. But later this buffer may be used as the filename for creation. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error an... • https://git.kernel.org/stable/c/d1b2d2a9c912fc7b788985fbaf944e80f4b3f2af •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21658 – btrfs: avoid NULL pointer dereference if no valid extent tree
https://notcve.org/view.php?id=CVE-2025-21658
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1 BUG: kernel NULL pointer dereference, address: 0000000000000208 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 UID: 0 PID: 689 Comm: r... • https://git.kernel.org/stable/c/42437a6386ffeaaf200731e73d723ea491f3fe7d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21656 – hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur
https://notcve.org/view.php?id=CVE-2025-21656
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) error codes. Currently the driver just passes error codes of scsi_execute_cmd() to hwmon core, which is incorrect because hwmon only checks for negative error codes. This leads to hwmon reporting uninitialized data to userspace in case of SCSI errors (for example... • https://git.kernel.org/stable/c/5b46903d8bf372e563bf2150d46b87fff197a109 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57945 – riscv: mm: Fix the out of bound issue of vmemmap address
https://notcve.org/view.php?id=CVE-2024-57945
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: ((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)). And the struct page's va can be calculated with an offset: (vmemmap + (pfn)). However, when initializing struct pages, kernel actually starts from the first page from the same section that phys_ram_base belongs to. If the first page's physical addre... • https://git.kernel.org/stable/c/a278d5c60f21aa15d540abb2f2da6e6d795c3e6e •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57940 – exfat: fix the infinite loop in exfat_readdir()
https://notcve.org/view.php?id=CVE-2024-57940
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented, causing condition 'dentry < max_dentries' unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs(). This commit stops traversing the... • https://git.kernel.org/stable/c/ca06197382bde0a3bc20215595d1c9ce20c6e341 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57939 – riscv: Fix sleeping in invalid context in die()
https://notcve.org/view.php?id=CVE-2024-57939
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep. However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. That causes the following warning: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex preempt_count: 110001, expected: 0 RCU nest depth: 0, expect... • https://git.kernel.org/stable/c/76d2a0493a17d4c8ecc781366850c3c4f8e1a446 •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57938 – net/sctp: Prevent autoclose integer overflow in sctp_association_init()
https://notcve.org/view.php?id=CVE-2024-57938
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_init() that can consequently trigger overflow. In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX... • https://git.kernel.org/stable/c/9f70f46bd4c7267d48ef461a1d613ec9ec0d520c •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57931 – selinux: ignore unknown extended permissions
https://notcve.org/view.php?id=CVE-2024-57931
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels. In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This co... • https://git.kernel.org/stable/c/fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57930 – tracing: Have process_string() also allow arrays
https://notcve.org/view.php?id=CVE-2024-57930
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and then references it in TP_printk(), which can be executed hours later when the string is free, the function test_event_printk() runs on all events as they are registered to make sure there's no unwanted dereferencing. It calls process_string() to handle cases i... • https://git.kernel.org/stable/c/f3ff759ec636b4094b8eb2c3801e4e6c97a6b712 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21655 – io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
https://notcve.org/view.php?id=CVE-2025-21655
20 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctl... • https://git.kernel.org/stable/c/21a091b970cdbcf3e8ff829234b51be6f9192766 •