CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57904 – iio: adc: at91: call input_free_device() on allocated iio_dev
https://notcve.org/view.php?id=CVE-2024-57904
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Curren... • https://git.kernel.org/stable/c/84882b060301c35ab7e2c1ef355b0bd06b764195 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21653 – net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
https://notcve.org/view.php?id=CVE-2025-21653
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Goog... • https://git.kernel.org/stable/c/e5dfb815181fcb186d6080ac3a091eadff2d98fe •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21648 – netfilter: conntrack: clamp maximum hashtable size to INT_MAX
https://notcve.org/view.php?id=CVE-2025-21648
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns. In the Linux kernel, the following vulnerability has be... • https://git.kernel.org/stable/c/9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21640 – sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21640
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using... • https://git.kernel.org/stable/c/3c68198e75111a905ac2412be12bf7b29099729b •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21639 – sctp: sysctl: rto_min/max: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21639
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acc... • https://git.kernel.org/stable/c/4f3fdf3bc59cafd14c3bc2c2369efad34c7aa8b5 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-21638 – sctp: sysctl: auth_enable: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21638
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acc... • https://git.kernel.org/stable/c/b14878ccb7fac0242db82720b784ab62c467c0dc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21635 – rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21635
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] u... • https://git.kernel.org/stable/c/c6a58ffed53612be86b758df1cdb0b0f4305e9cb •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21634 – cgroup/cpuset: remove kernfs active break
https://notcve.org/view.php?id=CVE-2025-21634
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: remove kernfs active break A warning was found: WARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828 CPU: 10 PID: 3486953 Comm: rmdir Kdump: loaded Tainted: G RIP: 0010:kernfs_should_drain_open_files+0x1a1/0x1b0 RSP: 0018:ffff8881107ef9e0 EFLAGS: 00010202 RAX: 0000000080000002 RBX: ffff888154738c00 RCX: dffffc0000000000 RDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff888154738c04 RBP: ffff888154738c04 R08: ffffffffaf27f... • https://git.kernel.org/stable/c/76bb5ab8f6e3e7bebdcefec4146ff305e7d0b465 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57802 – netrom: check buffer length before accessing it
https://notcve.org/view.php?id=CVE-2024-57802
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57795 – RDMA/rxe: Remove the direct link to net_device
https://notcve.org/view.php?id=CVE-2024-57795
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.1... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 • CWE-416: Use After Free •