CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-22038 – ksmbd: validate zero num_subauth before sub_auth is accessed
https://notcve.org/view.php?id=CVE-2025-22038
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure num_subauth != 0 before sub_auth is accessed. • https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-22037 – ksmbd: fix null pointer dereference in alloc_preauth_hash()
https://notcve.org/view.php?id=CVE-2025-22037
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete. • https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad •
CVSS: -EPSS: %CPEs: 12EXPL: 0CVE-2025-22035 – tracing: Fix use-after-free in print_graph_function_flags during tracer switching
https://notcve.org/view.php?id=CVE-2025-22035
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. This issue can be reproduced if puting a 'mdelay(10)' after 'mutex_unlock(&trace_types_lock)' in s_start(), and executing the following script: $ echo function_graph > current_tracer $ cat trace > /dev/null & $ sleep 5 # Ensure the 'cat' reaches the 'mdelay(10)' point... • https://git.kernel.org/stable/c/05319d707732c728eb721ac616a50e7978eb499a •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-22029 – exec: fix the racy usage of fs_struct->in_exec
https://notcve.org/view.php?id=CVE-2025-22029
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: exec: fix the racy usage of fs_struct->in_exec check_unsafe_exec() sets fs->in_exec under cred_guard_mutex, then execve() paths clear fs->in_exec lockless. This is fine if exec succeeds, but if it fails we have the following race: T1 sets fs->in_exec = 1, fails, drops cred_guard_mutex T2 sets fs->in_exec = 1 T1 clears fs->in_exec T2 continues with fs->in_exec == 0 Change fs/exec.c to clear fs->in_exec with cred_guard_mutex held. • https://git.kernel.org/stable/c/753a620a7f8e134b444f89fe90873234e894e21a •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-22028 – media: vimc: skip .s_stream() for stopped entities
https://notcve.org/view.php?id=CVE-2025-22028
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs. Add a simple fix in vimc_streamer_pipeline_terminate() ensuring that entities skip a call to .s_stream() unless they have been previously properly started. [1] Syzbot report: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 59... • https://git.kernel.org/stable/c/adc589d2a20808fb99d46a78175cd023f2040338 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-22027 – media: streamzap: fix race between device disconnection and urb callback
https://notcve.org/view.php?id=CVE-2025-22027
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_devic... • https://git.kernel.org/stable/c/8e9e60640067858e8036d4d43bbf725c60613359 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-22026 – nfsd: don't ignore the return code of svc_proc_register()
https://notcve.org/view.php?id=CVE-2025-22026
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail i... • https://git.kernel.org/stable/c/9d9456185fd5f1891c74354ee297f19538141ead •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-22025 – nfsd: put dl_stid if fail to queue dl_recall
https://notcve.org/view.php?id=CVE-2025-22025
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the reference count of dl_stid. We expect that after the corresponding work_struct is processed, the reference count of dl_stid will be decremented through the callback function nfsd4_cb_recall_release. However, if the call to nfsd4_run_cb fails, the incremented reference count of dl_stid will not be decremented corre... • https://git.kernel.org/stable/c/b874cdef4e67e5150e07eff0eae1cbb21fb92da1 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-58095 – jfs: add check read-only before txBeginAnon() call
https://notcve.org/view.php?id=CVE-2024-58095
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before txBeginAnon() call Added a read-only check before calling `txBeginAnon` in `extAlloc` and `extRecord`. This prevents modification attempts on a read-only mounted filesystem, avoiding potential errors or crashes. Call trace: txBeginAnon+0xac/0x154 extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78 jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248 __block_write_begin_int+0x580/0x166c fs/buffer.c:2128 __block_write_begin fs/... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-58094 – jfs: add check read-only before truncation in jfs_truncate_nolock()
https://notcve.org/view.php?id=CVE-2024-58094
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfs_truncate_nolock() Added a check for "read-only" mode in the `jfs_truncate_nolock` function to avoid errors related to writing to a read-only filesystem. Call stack: block_write_begin() { jfs_write_failed() { jfs_truncate() { jfs_truncate_nolock() { txEnd() { ... log = JFS_SBI(tblk->sb)->log; // (log == NULL) If the `isReadOnly(ip)` condition is triggered in `jfs_truncate_nolock`, the functio... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •