CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58090 – sched/core: Prevent rescheduling when interrupts are disabled
https://notcve.org/view.php?id=CVE-2024-58090
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21871 – tee: optee: Fix supplicant wait loop
https://notcve.org/view.php?id=CVE-2025-21871
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix supplicant wait loop OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It becomes more complicated when there is incorrect shutdown ordering of the supplicant process vs the OP-TEE client application which can eventually lead to system hang-up waiting for the closure of the client application. Allow the client process waiting in kern... • https://git.kernel.org/stable/c/4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21870 – ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
https://notcve.org/view.php?id=CVE-2025-21870
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->data is NULL, no alh_data is attached, which could lead to NULL pointer dereference. We could check for this NULL pointer in sof_ipc4_prepare_copier_module() and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai() will miscalculate the ALH d... • https://git.kernel.org/stable/c/a150345aa758492e05d2934f318ce7c2566b1cfe •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21869 – powerpc/code-patching: Disable KASAN report during patching via temporary mm
https://notcve.org/view.php?id=CVE-2025-21869
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Disable KASAN report during patching via temporary mm Erhard reports the following KASAN hit on Talos II (power9) with kernel 6.13: [ 12.028126] ================================================================== [ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0 [ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1 [ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted... • https://git.kernel.org/stable/c/465cabc97b42405eb89380ea6ba8d8b03e4ae1a2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21868 – net: allow small head cache usage with large MAX_SKB_FRAGS values
https://notcve.org/view.php?id=CVE-2025-21868
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina reported the following splat: WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netif_napi_add_weight_locked+0x8f2/0xba0 Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-rc1-net-00092-g011b03359038 #996 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 RIP: 0010:netif_napi_add_weight_locked+0x8f2/0xba0 C... • https://git.kernel.org/stable/c/3948b05950fdd64002a5f182c65ba5cf2d53cf71 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21867 – bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
https://notcve.org/view.php?id=CVE-2025-21867
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The cause of the issue was that eth_skb_pkt_type() accessed skb's data that didn't contain an Ethernet header. This occurs when bpf_prog_test_run_xdp() passes an invalid value as the user_data argument to bpf_test_init(). Fix this by returning an error when user_data is less than ETH_HLEN in bpf_test_init(). Addition... • https://git.kernel.org/stable/c/be3d72a2896cb24090f268dce4aa8a304d40bc23 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21866 – powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
https://notcve.org/view.php?id=CVE-2025-21866
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8 Write of size 8 at addr f1000000 by task chronyd/1293 CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2 Tainted: [W]=WARN Hardware name: PowerMac3,6 7455 0x8... • https://git.kernel.org/stable/c/37bc3e5fd764fb258ff4fcbb90b6d1b67fb466c1 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21865 – gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
https://notcve.org/view.php?id=CVE-2025-21865
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Brad Spengler reported the list_del() corruption splat in gtp_net_exit_batch_rtnl(). [0] Commit eb28fd76c0a0 ("gtp: Destroy device along with udp socket's netns dismantle.") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger ->dellink() twice for the same device during ->... • https://git.kernel.org/stable/c/c986380c1d5274c4d5e935addc807d6791cc23eb •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21864 – tcp: drop secpath at the same time as we currently drop dst
https://notcve.org/view.php?id=CVE-2025-21864
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6_tunnel_net_exit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the pair of netns The xfrm_state found on spi_byaddr was not deleted at the time we delete the netns, because we still have a reference on it. This lingering reference comes from a secpath (which holds a ref on the xf... • https://git.kernel.org/stable/c/68822bdf76f10c3dc80609d4e2cdc1e847429086 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21863 – io_uring: prevent opcode speculation
https://notcve.org/view.php?id=CVE-2025-21863
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. • https://git.kernel.org/stable/c/d3656344fea0339fb0365c8df4d2beba4e0089cd •