CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21647 – sched: sch_cake: add bounds checks to host bulk flow fairness counts
https://notcve.org/view.php?id=CVE-2025-21647
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access. To avoid any such logic errors causing out of bounds memory accesses, this commit factors out all accesses to the per-host bulk flow counters to a series of helpers that perform bounds-chec... • https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21640 – sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21640
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using... • https://git.kernel.org/stable/c/3c68198e75111a905ac2412be12bf7b29099729b •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21639 – sctp: sysctl: rto_min/max: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21639
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acc... • https://git.kernel.org/stable/c/4f3fdf3bc59cafd14c3bc2c2369efad34c7aa8b5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21638 – sctp: sysctl: auth_enable: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21638
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acc... • https://git.kernel.org/stable/c/b14878ccb7fac0242db82720b784ab62c467c0dc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21635 – rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21635
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] u... • https://git.kernel.org/stable/c/c6a58ffed53612be86b758df1cdb0b0f4305e9cb •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21634 – cgroup/cpuset: remove kernfs active break
https://notcve.org/view.php?id=CVE-2025-21634
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: remove kernfs active break A warning was found: WARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828 CPU: 10 PID: 3486953 Comm: rmdir Kdump: loaded Tainted: G RIP: 0010:kernfs_should_drain_open_files+0x1a1/0x1b0 RSP: 0018:ffff8881107ef9e0 EFLAGS: 00010202 RAX: 0000000080000002 RBX: ffff888154738c00 RCX: dffffc0000000000 RDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff888154738c04 RBP: ffff888154738c04 R08: ffffffffaf27f... • https://git.kernel.org/stable/c/76bb5ab8f6e3e7bebdcefec4146ff305e7d0b465 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57857 – RDMA/siw: Remove direct link to net_device
https://notcve.org/view.php?id=CVE-2024-57857
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Rely on associated ib_devices net_device management, not doubling the effort locally. A badly managed local link to net_device was causing a 'KASAN: slab-use-after-free' exception during siw_query_port() call. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/siw: eliminar el enlace directo a net_device No administrar un en... • https://git.kernel.org/stable/c/bdcf26bf9b3acb03c8f90387cfc6474fc8ac5521 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57802 – netrom: check buffer length before accessing it
https://notcve.org/view.php?id=CVE-2024-57802
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57795 – RDMA/rxe: Remove the direct link to net_device
https://notcve.org/view.php?id=CVE-2024-57795
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.1... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21629 – net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
https://notcve.org/view.php?id=CVE-2025-21629
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets The blamed commit disabled hardware offoad of IPv6 packets with extension headers on devices that advertise NETIF_F_IPV6_CSUM, based on the definition of that feature in skbuff.h: * * - %NETIF_F_IPV6_CSUM * - Driver (device) is only able to checksum plain * TCP or UDP packets over IPv6. These are specifically * unencapsulated packets of the form IPv6|TCP or * IPv6|UDP where the Nex... • https://git.kernel.org/stable/c/a84978a9cda68f0afe3f01d476c68db21526baf1 •