CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-23151 – bus: mhi: host: Fix race between unprepare and queue_buf
https://notcve.org/view.php?id=CVE-2025-23151
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Fix race between unprepare and queue_buf A client driver may use mhi_unprepare_from_transfer() to quiesce incoming data during the client driver's tear down. The client driver might also be processing data at the same time, resulting in a call to mhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs after mhi_unprepare_from_transfer() has torn down the channel, a panic will occur due to an invalid dereferenc... • https://git.kernel.org/stable/c/176ed1727badd2fad2158e2b214dcbc24f4be7a1 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-23150 – ext4: fix off-by-one error in do_split
https://notcve.org/view.php?id=CVE-2025-23150
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by out-of-bounds access due to incorrect splitting in do_split. BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109 Write of size 251 at addr ffff888074572f14 by task syz-executor335/5847 CPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0 Hardw... • https://git.kernel.org/stable/c/ea54176e5821936d109bb45dc2c19bd53559e735 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23149 – tpm: do not start chip while suspended
https://notcve.org/view.php?id=CVE-2025-23149
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can lead to a spurious tpm_chip_start() call: [35985.503771] i2c i2c-1: Transfer while suspended [35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810 [35985.503802] Modules linked in: [35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3... • https://git.kernel.org/stable/c/cfaf83501a0cbb104499c5b0892ee5ebde4e967f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-23148 – soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
https://notcve.org/view.php?id=CVE-2025-23148
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() soc_dev_attr->revision could be NULL, thus, a pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool. In the Linux kernel, the following vulnerability has been resolved: soc: samsung: exynos... • https://git.kernel.org/stable/c/3253b7b7cd44c4dd029a4ce280ef9f409a256e5f •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-23147 – i3c: Add NULL pointer check in i3c_master_queue_ibi()
https://notcve.org/view.php?id=CVE-2025-23147
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in i3c_master_queue_ibi() The I3C master driver may receive an IBI from a target device that has not been probed yet. In such cases, the master calls `i3c_master_queue_ibi()` to queue an IBI work task, leading to "Unable to handle kernel read from unreadable memory" and resulting in a kernel panic. Typical IBI handling flow: 1. The I3C master scans target devices and probes their respective drivers. 2. The target... • https://git.kernel.org/stable/c/3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-23146 – mfd: ene-kb3930: Fix a potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2025-23146
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mfd: ene-kb3930: Fix a potential NULL pointer dereference The off_gpios could be NULL. Add missing check in the kb3930_probe(). This is similar to the issue fixed in commit b1ba8bcb2d1f ("backlight: hx8357: Fix potential NULL pointer dereference"). This was detected by our static analysis tool. In the Linux kernel, the following vulnerability has been resolved: mfd: ene-kb3930: Fix a potential NULL pointer dereference The off_gpios could be... • https://git.kernel.org/stable/c/ede6b2d1dfc0d6a7b0b3161a2e911d464e28e0ad •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-23145 – mptcp: fix NULL pointer in can_accept_new_subflow
https://notcve.org/view.php?id=CVE-2025-23145
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (. • https://git.kernel.org/stable/c/9466a1ccebbe54ac57fb8a89c2b4b854826546a8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-23144 – backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
https://notcve.org/view.php?id=CVE-2025-23144
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Lockdep detects the following issue on led-backlight removal: [ 142.315935] ------------[ cut here ]------------ [ 142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80 ... [ 142.500725] Call trace: [ 142.503176] led_sysfs_enable+0x54/0x80 (P) [ 142.507370] led_bl_remove+0x80/0xa8 [led_bl] [ 142.511742] platform_remove+0x30/0x58... • https://git.kernel.org/stable/c/ae232e45acf9621f2c96b41ca3af006ac7552c33 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-23143 – net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
https://notcve.org/view.php?id=CVE-2025-23143
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro [0] and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by a null-ptr-deref. [1] Reproduction Steps: 1) Mount CIFS 2) Add an iptables rule to drop incoming FIN packets for CIFS 3) Unmount CIFS 4) Unload the CIFS module 5) Remove the iptables rule At step 3), the CIFS module calls sock_release() for the underlying TC... • https://git.kernel.org/stable/c/ed07536ed6731775219c1df7fa26a7588753e693 •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2025-23142 – sctp: detect and prevent references to a freed transport in sendmsg
https://notcve.org/view.php?id=CVE-2025-23142
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then sctp_sendmsg_to_asoc() sets the selected transport in all the message chunks to be sent. There's a possible race condition if another thread triggers the removal of that selected transport, for instance, by explicitly ... • https://git.kernel.org/stable/c/df132eff463873e14e019a07f387b4d577d6d1f9 •