CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21764 – ndisc: use RCU protection in ndisc_alloc_skb()
https://notcve.org/view.php?id=CVE-2025-21764
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF. • https://git.kernel.org/stable/c/de09334b9326632bbf1a74bfd8b01866cbbf2f61 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21763 – neighbour: use RCU protection in __neigh_notify()
https://notcve.org/view.php?id=CVE-2025-21763
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF. • https://git.kernel.org/stable/c/426b5303eb435d98b9bee37a807be386bc2b3320 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21762 – arp: use RCU protection in arp_xmit()
https://notcve.org/view.php?id=CVE-2025-21762
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF. • https://git.kernel.org/stable/c/29a26a56803855a79dbd028cd61abee56237d6e5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21760 – ndisc: extend RCU protection in ndisc_send_skb()
https://notcve.org/view.php?id=CVE-2025-21760
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF. In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and a... • https://git.kernel.org/stable/c/1762f7e88eb34f653b4a915be99a102e347dd45e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21759 – ipv6: mcast: extend RCU protection in igmp6_send()
https://notcve.org/view.php?id=CVE-2025-21759
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection. In the Linux kernel, the following v... • https://git.kernel.org/stable/c/b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21758 – ipv6: mcast: add RCU protection to mld_newpack()
https://notcve.org/view.php?id=CVE-2025-21758
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection. In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack()... • https://git.kernel.org/stable/c/b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57852 – firmware: qcom: scm: smc: Handle missing SCM device
https://notcve.org/view.php?id=CVE-2024-57852
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it explicit that qcom_scm_get_tzmem_pool() can return NULL, therefore its users should handle this. In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it expli... • https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b83bd78cde1da8bc •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57834 – media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
https://notcve.org/view.php?id=CVE-2024-57834
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread syzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1] If dvb->mux is not initialized successfully by vidtv_mux_init() in the vidtv_start_streaming(), it will trigger null pointer dereference about mux in vidtv_mux_stop_thread(). Adjust the timing of streaming initialization and check it before stopping it. [1] KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000... • https://git.kernel.org/stable/c/86307e443c5844f38e1b98e2c51a4195c55576cd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54458 – scsi: ufs: bsg: Set bsg_queue to NULL after removal
https://notcve.org/view.php?id=CVE-2024-54458
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after re... • https://git.kernel.org/stable/c/5e7b6e44468c3242c21c2a8656d009fb3eb50a73 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54456 – NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
https://notcve.org/view.php?id=CVE-2024-54456
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of ... • https://git.kernel.org/stable/c/19b3ca651b4b473878c73539febe477905041442 •