CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21782 – orangefs: fix a oob in orangefs_debug_write
https://notcve.org/view.php?id=CVE-2025-21782
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's suggestion and made this patch. In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's sugges... • https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21781 – batman-adv: fix panic during interface removal
https://notcve.org/view.php?id=CVE-2025-21781
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix panic during interface removal Reference counting is used to ensure that batadv_hardif_neigh_node and batadv_hard_iface are not freed before/during batadv_v_elp_throughput_metric_update work is finished. But there isn't a guarantee that the hard if will remain associated with a soft interface up until the work is finished. This fixes a crash triggered by reboot that looks like this: Call trace: batadv_v_mesh_free+0xd0/0x4dc ... • https://git.kernel.org/stable/c/c833484e5f3872a38fe232c663586069d5ad9645 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21780 – drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
https://notcve.org/view.php?id=CVE-2025-21780
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table(). In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it... • https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21779 – KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
https://notcve.org/view.php?id=CVE-2025-21779
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Advertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and only if the local API is emulated/virtualized by KVM, and explicitly reject said hypercalls if the local APIC is emulated in userspace, i.e. don't rely on userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID. Rejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if Hyper-V enlig... • https://git.kernel.org/stable/c/214ff83d4473a7757fa18a64dc7efe3b0e158486 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21776 – USB: hub: Ignore non-compliant devices with too many configs or interfaces
https://notcve.org/view.php?id=CVE-2025-21776
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer: Oops: general protection fault, probably for non-canonical address 0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI CPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14 Hardware name: FreeBSD BHYVE/BHYVE,... • https://git.kernel.org/stable/c/c3720b04df84b5459050ae4e03ec7d545652f897 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21775 – can: ctucanfd: handle skb allocation failure
https://notcve.org/view.php?id=CVE-2025-21775
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb allocation fails, the pointer to struct can_frame is NULL. This is actually handled everywhere inside ctucan_err_interrupt() except for the only place. Add the missed NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb alloca... • https://git.kernel.org/stable/c/2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21773 – can: etas_es58x: fix potential NULL pointer dereference on udev->serial
https://notcve.org/view.php?id=CVE-2025-21773
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: fix potential NULL pointer dereference on udev->serial The driver assumed that es58x_dev->udev->serial could never be NULL. While this is true on commercially available devices, an attacker could spoof the device identity providing a NULL USB serial number. That would trigger a NULL pointer dereference. Add a check on es58x_dev->udev->serial before accessing it. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/9f06631c3f1f0f298536443df85a6837ba4c5f5c •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21772 – partitions: mac: fix handling of bogus partition table
https://notcve.org/view.php?id=CVE-2025-21772
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeeded. - If the partition table claims a silly sector size like 0xfff bytes (which results in partition table entries straddling sector boundaries), bail out instead of accessing out-of-bounds memory. - We must not assume that the partition ta... • https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21768 – net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
https://notcve.org/view.php?id=CVE-2025-21768
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own cache, and the lwtunnel state will never be freed. Discovered by the ioam6.sh test, kmemleak was recently fixed to catch per-cpu memory leaks. I'm not sure if rpl and seg6 can actually hit this, but in principle I don... • https://git.kernel.org/stable/c/6c8702c60b88651072460f3f4026c7dfe2521d12 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21767 – clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
https://notcve.org/view.php?id=CVE-2025-21767
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 get_random_u32+0x4f/0x110 clocksource_verify_choose_cpus+0xab/0x1a0 clock... • https://git.kernel.org/stable/c/7560c02bdffb7c52d1457fa551b9e745d4b9e754 •