CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23130 – f2fs: fix to avoid panic once fallocation fails for pinfile
https://notcve.org/view.php?id=CVE-2025-23130
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 RIP: 0010:get_new_segment fs/f2fs/segment.c:2746 [inline] RIP: 0010:new_curseg+0x1f52/0x1f70 fs/f2fs/segment.c:2876 Call Trace:
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-23129 – wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path
https://notcve.org/view.php?id=CVE-2025-23129
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocation of IRQ vectors in ath11k_pci_alloc_msi(). This does no harm unless one of the functions requesting the IRQ fails and attempt to free the IRQ. This results in the below warning: WARNING: CPU: 7 PID: 349 at kernel/irq/manage.c:1929 f... • https://git.kernel.org/stable/c/39564b475ac5a589e6c22c43a08cbd283c295d2c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22127 – f2fs: fix potential deadloop in prepare_compress_overwrite()
https://notcve.org/view.php?id=CVE-2025-22127
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential deadloop in prepare_compress_overwrite() Jan Prusakowski reported a kernel hang issue as below: When running xfstests on linux-next kernel (6.14.0-rc3, 6.12) I encountered a problem in generic/475 test where fsstress process gets blocked in __f2fs_write_data_pages() and the test hangs. The options I used are: MKFS_OPTIONS -- -O compression -O extra_attr -O project_quota -O quota /dev/vdc MOUNT_OPTIONS -- -o acl,user_xatt... • https://git.kernel.org/stable/c/4c8ff7095bef64fc47e996a938f7d57f9e077da3 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22126 – md: fix mddev uaf while iterating all_mddevs list
https://notcve.org/view.php?id=CVE-2025-22126
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(), list_for_each_entry_safe is used, and this can race with deletint the next mddev, causing UAF: t1: spin_lock //list_for_each_entry_safe(mddev, n, ...) mddev_get(mddev1) // assume mddev2 is the next entry spin_unlock t2: //remove mddev2 ... mddev_free spin_lock list_del spin_unlock kfree(mddev2) mddev_put(mddev1) spin_lock... • https://git.kernel.org/stable/c/f26514342255855f4ca3c0a92cb1cdea01c33004 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22125 – md/raid1,raid10: don't ignore IO flags
https://notcve.org/view.php?id=CVE-2025-22125
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that raid write performance is quite bad because all IO are throttled by wbt of underlying disks, due to flag REQ_IDLE is ignored. And turns out this behaviour exist since blk-wbt is introduced. Other than REQ_IDLE, other flags should not be ignored as well, for example REQ_META can be set for filesystems, clearing it can cause priority reverse problems; And... • https://git.kernel.org/stable/c/5404bc7a87b9949cf61e0174b21f80e73239ab25 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22121 – ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
https://notcve.org/view.php?id=CVE-2025-22121
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz-executor.0/15172 CPU: 3 PID: 15172 Comm: syz-executor.0 Call Trace: __dump_stack lib/dump_stack.c:82 [inline] dump_stack+0xbe/0xfd lib/dump_stack.c:123 print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400 __kasan_re... • https://git.kernel.org/stable/c/e50e5129f384ae282adebfb561189cdb19b81cee •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22119 – wifi: cfg80211: init wiphy_work before allocating rfkill fails
https://notcve.org/view.php?id=CVE-2025-22119
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1] After rfkill allocation fails, the wiphy release process will be performed, which will cause cfg80211_dev_free to access the uninitialized wiphy_work related data. Move the initialization of wiphy_work to before rfkill initialization to avoid this issue. [1] INFO: trying to register non-static key. The cod... • https://git.kernel.org/stable/c/72d520476a2fab6f3489e8388ab524985d6c4b90 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22115 – btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
https://notcve.org/view.php?id=CVE-2025-22115
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after btrfs_make_block_group() adds it to the space_info with btrfs_add_bg_to_space_info(), but before creation is completely completed in btrfs_create_pending_block_groups(). As a result, it is possible for a block group to g... • https://git.kernel.org/stable/c/0657b20c5a76c938612f8409735a8830d257866e •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22113 – ext4: avoid journaling sb update on error if journal is destroying
https://notcve.org/view.php?id=CVE-2025-22113
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUG_ON if trying to start a transaction on a journal marked with JBD2_UNMOUNT, since this should never happen. However, while ltp running stress tests, it was observed that in case of some error handling paths, it is possible for update_super_work to start a transaction after the journal is destroyed eg: (umount) ext4_kill_sb kill_block_super generic_shut... • https://git.kernel.org/stable/c/2d01ddc86606564fb08c56e3bc93a0693895f710 •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22111 – net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.
https://notcve.org/view.php?id=CVE-2025-22111
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to dev_ioctl() first and later forwarded to br_ioctl_call(), which causes unnecessary RTNL dance and the splat below [0] under RTNL pressure. Let's say Thread A is trying to detach a device from a bridge and Thread B is trying to remove the bridge. In dev_ioctl(), Thread A bumps the bridge device's refcnt by netdev_hold() and releases RTNL because the following br... • https://git.kernel.org/stable/c/893b195875340cb44b54c9db99e708145f1210e8 •