CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-23133 – wifi: ath11k: update channel list in reg notifier instead reg worker
https://notcve.org/view.php?id=CVE-2025-23133
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: update channel list in reg notifier instead reg worker Currently when ath11k gets a new channel list, it will be processed according to the following steps: 1. update new channel list to cfg80211 and queue reg_work. 2. cfg80211 handles new channel list during reg_work. 3. update cfg80211's handled channel list to firmware by ath11k_reg_update_chan_list(). But ath11k will immediately execute step 3 after reg_work is just queued... • https://git.kernel.org/stable/c/f45cb6b29cd36514e13f7519770873d8c0457008 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23132 – f2fs: quota: fix to avoid warning in dquot_writeback_dquots()
https://notcve.org/view.php?id=CVE-2025-23132
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix to avoid warning in dquot_writeback_dquots() F2FS-fs (dm-59): checkpoint=enable has some unwritten data. ------------[ cut here ]------------ WARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquot_writeback_dquots+0x2fc/0x308 pc : dquot_writeback_dquots+0x2fc/0x308 lr : f2fs_quota_sync+0xcc/0x1c4 Call trace: dquot_writeback_dquots+0x2fc/0x308 f2fs_quota_sync+0xcc/0x1c4 f2fs_write_checkpoint+0x3d4/0x9b0 f2fs_issue_checkpoin... • https://git.kernel.org/stable/c/af033b2aa8a874fd5737fafe90d159136527b5b4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23131 – dlm: prevent NPD when writing a positive value to event_done
https://notcve.org/view.php?id=CVE-2025-23131
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlm_new_lockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins"). Down the line, device_create_lockspace would pass that NULL lockspace to dlm_find_l... • https://git.kernel.org/stable/c/8511a2728ab82cab398e39d019f5cf1246021c1c •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23130 – f2fs: fix to avoid panic once fallocation fails for pinfile
https://notcve.org/view.php?id=CVE-2025-23130
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 RIP: 0010:get_new_segment fs/f2fs/segment.c:2746 [inline] RIP: 0010:new_curseg+0x1f52/0x1f70 fs/f2fs/segment.c:2876 Call Trace:
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-23129 – wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path
https://notcve.org/view.php?id=CVE-2025-23129
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocation of IRQ vectors in ath11k_pci_alloc_msi(). This does no harm unless one of the functions requesting the IRQ fails and attempt to free the IRQ. This results in the below warning: WARNING: CPU: 7 PID: 349 at kernel/irq/manage.c:1929 f... • https://git.kernel.org/stable/c/39564b475ac5a589e6c22c43a08cbd283c295d2c •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22128 – wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path
https://notcve.org/view.php?id=CVE-2025-22128
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocation of IRQ vectors in ath12k_pci_msi_alloc(). This does no harm unless one of the functions requesting the IRQ fails and attempt to free the IRQ. This may end up with a warning from the IRQ core that is expecting the affinity hint to be... • https://git.kernel.org/stable/c/a3012f206d07fa62b5c2e384cbc3a81a4dbba3c9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22127 – f2fs: fix potential deadloop in prepare_compress_overwrite()
https://notcve.org/view.php?id=CVE-2025-22127
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential deadloop in prepare_compress_overwrite() Jan Prusakowski reported a kernel hang issue as below: When running xfstests on linux-next kernel (6.14.0-rc3, 6.12) I encountered a problem in generic/475 test where fsstress process gets blocked in __f2fs_write_data_pages() and the test hangs. The options I used are: MKFS_OPTIONS -- -O compression -O extra_attr -O project_quota -O quota /dev/vdc MOUNT_OPTIONS -- -o acl,user_xatt... • https://git.kernel.org/stable/c/4c8ff7095bef64fc47e996a938f7d57f9e077da3 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22126 – md: fix mddev uaf while iterating all_mddevs list
https://notcve.org/view.php?id=CVE-2025-22126
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(), list_for_each_entry_safe is used, and this can race with deletint the next mddev, causing UAF: t1: spin_lock //list_for_each_entry_safe(mddev, n, ...) mddev_get(mddev1) // assume mddev2 is the next entry spin_unlock t2: //remove mddev2 ... mddev_free spin_lock list_del spin_unlock kfree(mddev2) mddev_put(mddev1) spin_lock... • https://git.kernel.org/stable/c/f26514342255855f4ca3c0a92cb1cdea01c33004 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22125 – md/raid1,raid10: don't ignore IO flags
https://notcve.org/view.php?id=CVE-2025-22125
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that raid write performance is quite bad because all IO are throttled by wbt of underlying disks, due to flag REQ_IDLE is ignored. And turns out this behaviour exist since blk-wbt is introduced. Other than REQ_IDLE, other flags should not be ignored as well, for example REQ_META can be set for filesystems, clearing it can cause priority reverse problems; And... • https://git.kernel.org/stable/c/5404bc7a87b9949cf61e0174b21f80e73239ab25 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22124 – md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
https://notcve.org/view.php?id=CVE-2025-22124
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12k ------------------------------------------------------------------- | idle | md super | bm super [0] + bits | | bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] | | bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits | | bm bits [3, contd] | | | So in node 1, pg_index in ... • https://git.kernel.org/stable/c/ab99a87542f194f28e2364a42afbf9fb48b1c724 •