CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54458 – scsi: ufs: bsg: Set bsg_queue to NULL after removal
https://notcve.org/view.php?id=CVE-2024-54458
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access. • https://git.kernel.org/stable/c/5e7b6e44468c3242c21c2a8656d009fb3eb50a73 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54456 – NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
https://notcve.org/view.php?id=CVE-2024-54456
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues. • https://git.kernel.org/stable/c/19b3ca651b4b473878c73539febe477905041442 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52560 – fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()
https://notcve.org/view.php?id=CVE-2024-52560
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the `mi_enum_attr()` function interface with an additional parameter, `struct ntfs_inode *ni`, to allow marking the inode as bad as soon as an error is detected. • https://git.kernel.org/stable/c/d9c699f2c4dc174940ffe8600b20c267897da155 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52559 – drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2024-52559
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32 values that come from the user via the submit_lookup_cmds() function. This addition could lead to an integer wrapping bug so use size_add() to prevent that. Patchwork: https://patchwork.freedesktop.org/patch/624696/ • https://git.kernel.org/stable/c/198725337ef1f73b73e7dc953c6ffb0799f26ffe •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21753 – btrfs: fix use-after-free when attempting to join an aborted transaction
https://notcve.org/view.php?id=CVE-2025-21753
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fs_info->trans_lock and without holding any extra reference count on it. This means that a concurrent task that is aborting the transaction may free the transaction before we read its 'aborted' field, leading to a use-after-free. Fix this by reading the '... • https://git.kernel.org/stable/c/871383be592ba7e819d27556591e315a0df38cee •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21752 – btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents
https://notcve.org/view.php?id=CVE-2025-21752
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Don't use btrfs_set_item_key_safe() to modify the keys in the RAID stripe-tree, as this can lead to corruption of the tree, which is caught by the checks in btrfs_set_item_key_safe(): BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12 BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030 [ snip ] item 105 key (354549760 230 2048... • https://git.kernel.org/stable/c/1c25eff52ee5a02a2c4be659a44ae972d9989742 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21751 – net/mlx5: HWS, change error flow on matcher disconnect
https://notcve.org/view.php?id=CVE-2025-21751
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware failure occurs during matcher disconnect flow, the error flow of the function reconnects the matcher back and returns an error, which continues running the calling function and eventually frees the matcher that is being disconnected. This leads to a case where we have a freed matcher on the matchers list, which in turn leads to use-after-free and eventual crash.... • https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21750 – wifi: brcmfmac: Check the return value of of_property_read_string_index()
https://notcve.org/view.php?id=CVE-2025-21750
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random pointer to devm_kstrdup(). The crash I am getting looks like this: BUG: unable to handle page fault for address: 00007f033c669379 PF: supervisor read access in kernel mode PF: error_code(0x0001) - permissions ... • https://git.kernel.org/stable/c/af525a8b2ab85291617e79a5bb18bcdcb529e80c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21749 – net: rose: lock the socket in rose_bind()
https://notcve.org/view.php?id=CVE-2025-21749
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rose_bind() syzbot reported a soft lockup in rose_loopback_timer(), with a repro calling bind() from multiple threads. rose_bind() must lock the socket to avoid this issue. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21748 – ksmbd: fix integer overflows on 32 bit systems
https://notcve.org/view.php?id=CVE-2025-21748
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipc_msg_alloc() can potentially overflow leading to memory corruption. Add bounds checking using KSMBD_IPC_MAX_PAYLOAD to avoid overflow. • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •