CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-21904 – caif_virtio: fix wrong pointer check in cfv_probe()
https://notcve.org/view.php?id=CVE-2025-21904
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for NULL before calling it, not cfv->vdev. Also the current implementation is redundant because the pointer cfv->vdev is dereferenced before it is checked for NULL. Fix this by checking cfv->vq_tx for NULL instead of cfv->vdev before calling del_vqs(). • https://git.kernel.org/stable/c/0d2e1a2926b1839a4b74519e660739b2566c9386 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21899 – tracing: Fix bad hist from corrupting named_triggers list
https://notcve.org/view.php?id=CVE-2025-21899
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting named_triggers list The following commands causes a crash: ~# cd /sys/kernel/tracing/events/rcu/rcu_callback ~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' > trigger bash: echo: write error: Invalid argument ~# echo 'hist:name=bad:keys=common_pid' > trigger Because the following occurs: event_trigger_write() { trigger_process_regex() { event_hist_trigger_parse() { data = event_tri... • https://git.kernel.org/stable/c/067fe038e70f6e64960d26a79c4df5f1413d0f13 •
CVSS: -EPSS: %CPEs: 13EXPL: 0CVE-2025-21898 – ftrace: Avoid potential division by zero in function_stat_show()
https://notcve.org/view.php?id=CVE-2025-21898
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier. • https://git.kernel.org/stable/c/f0629ee3922f10112584b1898491fecc74d98b3b •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21891 – ipvlan: ensure network headers are in skb linear part
https://notcve.org/view.php?id=CVE-2025-21891
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlan_process_v6_outbound() was assuming the IPv6 network header isis present in skb->head [1] Add the needed pskb_network_may_pull() calls for both IPv4 and IPv6 handlers. [1] BUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 ipv6_addr_type include/net/ipv6.h:555 [inline] ip6_rou... • https://git.kernel.org/stable/c/2ad7bf3638411cb547f2823df08166c13ab04269 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21881 – uprobes: Reject the shared zeropage in uprobe_write_opcode()
https://notcve.org/view.php?id=CVE-2025-21881
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobe_write_opcode() We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3 flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff) raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffff... • https://git.kernel.org/stable/c/2b144498350860b6ee9dc57ff27a93ad488de5dc •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21877 – usbnet: gl620a: fix endpoint checking in genelink_bind()
https://notcve.org/view.php?id=CVE-2025-21877
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelink_bind() Syzbot reports [1] a warning in usb_submit_urb() triggered by inconsistencies between expected and actually present endpoints in gl620a driver. Since genelink_bind() does not properly verify whether specified eps are in fact provided by the device, in this case, an artificially manufactured one, one may get a mismatch. Fix the issue by resorting to a usbnet utility function usbnet_get... • https://git.kernel.org/stable/c/47ee3051c856cc2aa95d35d577a8cb37279d540f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21872 – efi: Don't map the entire mokvar table to determine its size
https://notcve.org/view.php?id=CVE-2025-21872
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: efi: Don't map the entire mokvar table to determine its size Currently, when validating the mokvar table, we (re)map the entire table on each iteration of the loop, adding space as we discover new entries. If the table grows over a certain size, this fails due to limitations of early_memmap(), and we get a failure and traceback: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220 ... • https://git.kernel.org/stable/c/46c0454ffb78ce9d3355a3cccac86383ea8ddd55 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58090 – sched/core: Prevent rescheduling when interrupts are disabled
https://notcve.org/view.php?id=CVE-2024-58090
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21871 – tee: optee: Fix supplicant wait loop
https://notcve.org/view.php?id=CVE-2025-21871
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix supplicant wait loop OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It becomes more complicated when there is incorrect shutdown ordering of the supplicant process vs the OP-TEE client application which can eventually lead to system hang-up waiting for the closure of the client application. Allow the client process waiting in kern... • https://git.kernel.org/stable/c/4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52927 – netfilter: allow exp not to be removed in nf_ct_find_expectation
https://notcve.org/view.php?id=CVE-2023-52927
14 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl. In the Linux kernel, the... • https://git.kernel.org/stable/c/3fa58a6fbd1e9e5682d09cdafb08fba004cb12ec •