CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21776 – USB: hub: Ignore non-compliant devices with too many configs or interfaces
https://notcve.org/view.php?id=CVE-2025-21776
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer: Oops: general protection fault, probably for non-canonical address 0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI CPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14 Hardware name: FreeBSD BHYVE/BHYVE,... • https://git.kernel.org/stable/c/c3720b04df84b5459050ae4e03ec7d545652f897 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21775 – can: ctucanfd: handle skb allocation failure
https://notcve.org/view.php?id=CVE-2025-21775
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb allocation fails, the pointer to struct can_frame is NULL. This is actually handled everywhere inside ctucan_err_interrupt() except for the only place. Add the missed NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. • https://git.kernel.org/stable/c/2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21774 – can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated
https://notcve.org/view.php?id=CVE-2025-21774
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to bail out if skb cannot be allocated. • https://git.kernel.org/stable/c/ff60bfbaf67f219c634cfe89a52250efe8e600d0 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21773 – can: etas_es58x: fix potential NULL pointer dereference on udev->serial
https://notcve.org/view.php?id=CVE-2025-21773
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: fix potential NULL pointer dereference on udev->serial The driver assumed that es58x_dev->udev->serial could never be NULL. While this is true on commercially available devices, an attacker could spoof the device identity providing a NULL USB serial number. That would trigger a NULL pointer dereference. Add a check on es58x_dev->udev->serial before accessing it. • https://git.kernel.org/stable/c/9f06631c3f1f0f298536443df85a6837ba4c5f5c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21772 – partitions: mac: fix handling of bogus partition table
https://notcve.org/view.php?id=CVE-2025-21772
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeeded. - If the partition table claims a silly sector size like 0xfff bytes (which results in partition table entries straddling sector boundaries), bail out instead of accessing out-of-bounds memory. - We must not assume that the partition ta... • https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21771 – sched_ext: Fix incorrect autogroup migration detection
https://notcve.org/view.php?id=CVE-2025-21771
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix incorrect autogroup migration detection scx_move_task() is called from sched_move_task() and tells the BPF scheduler that cgroup migration is being committed. sched_move_task() is used by both cgroup and autogroup migrations and scx_move_task() tried to filter out autogroup migrations by testing the destination cgroup and PF_EXITING but this is not enough. In fact, without explicitly tagging the thread which is doing the cgro... • https://git.kernel.org/stable/c/8195136669661fdfe54e9a8923c33b31c92fc1da •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21770 – iommu: Fix potential memory leak in iopf_queue_remove_device()
https://notcve.org/view.php?id=CVE-2025-21770
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential memory leak in iopf_queue_remove_device() The iopf_queue_remove_device() helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the device from the queue. However, it fails to release the group structure that represents a group of iopf's awaiting for a response after responding to the hardware. This... • https://git.kernel.org/stable/c/19911232713573a2ebea84a25bd4d71d024ed86b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21768 – net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
https://notcve.org/view.php?id=CVE-2025-21768
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own cache, and the lwtunnel state will never be freed. Discovered by the ioam6.sh test, kmemleak was recently fixed to catch per-cpu memory leaks. I'm not sure if rpl and seg6 can actually hit this, but in principle I don... • https://git.kernel.org/stable/c/6c8702c60b88651072460f3f4026c7dfe2521d12 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21767 – clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
https://notcve.org/view.php?id=CVE-2025-21767
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 get_random_u32+0x4f/0x110 clocksource_verify_choose_cpus+0xab/0x1a0 clock... • https://git.kernel.org/stable/c/7560c02bdffb7c52d1457fa551b9e745d4b9e754 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21766 – ipv4: use RCU protection in __ip_rt_update_pmtu()
https://notcve.org/view.php?id=CVE-2025-21766
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: use RCU protection in __ip_rt_update_pmtu() __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear. • https://git.kernel.org/stable/c/2fbc6e89b2f1403189e624cabaf73e189c5e50c6 •