CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58090 – sched/core: Prevent rescheduling when interrupts are disabled
https://notcve.org/view.php?id=CVE-2024-58090
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52927 – netfilter: allow exp not to be removed in nf_ct_find_expectation
https://notcve.org/view.php?id=CVE-2023-52927
14 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl. In the Linux kernel, the... • https://git.kernel.org/stable/c/3fa58a6fbd1e9e5682d09cdafb08fba004cb12ec •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21833 – iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2025-21833
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pa... • https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21832 – block: don't revert iter for -EIOCBQUEUED
https://notcve.org/view.php?id=CVE-2025-21832
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdev_read_iter() has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero (where bigger than makes more sense), and not checking the return value of blkdev_direct_IO() before doing an iov_iter_revert(). The latter can lead to attempting to revert with a negative value, which when passed to iov_iter_revert() as an unsigned valu... • https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58085 – tomoyo: don't emit warning in tomoyo_write_control()
https://notcve.org/view.php?id=CVE-2024-58085
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line th... • https://git.kernel.org/stable/c/c67efabddc73171c7771d3ffe4ffa1e503ee533e •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58077 – ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
https://notcve.org/view.php?id=CVE-2024-58077
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on common soc_pcm_ret(). It is used from many functions, ignoring -EINVAL is over-kill. The reason why -EINVAL was ignored was it really should only be used upon invalid parameters coming from userspace and in that case we don't want to log an error since we do not ... • https://git.kernel.org/stable/c/b65ba768302adc7ddc70811116cef80ca089af59 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49733 – ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
https://notcve.org/view.php?id=CVE-2022-49733
02 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted rec... • https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21821 – fbdev: omap: use threaded IRQ for LCD DMA
https://notcve.org/view.php?id=CVE-2025-21821
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000 Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2 Hardware name: Nokia 770 Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack fro... • https://git.kernel.org/stable/c/7bbbd311dd503653a2cc86d9226740883051dc92 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21817 – block: mark GFP_NOIO around sysfs ->store()
https://notcve.org/view.php?id=CVE-2025-21817
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs ->store() sysfs ->store is called with queue freezed, meantime we have several ->store() callbacks(update_nr_requests, wbt, scheduler) to allocate memory with GFP_KERNEL which may run into direct reclaim code path, then potential deadlock can be caused. Fix the issue by marking NOIO around sysfs ->store() In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs -... • https://git.kernel.org/stable/c/2566ce907e5d5db8a039647208e029ce559baa31 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21776 – USB: hub: Ignore non-compliant devices with too many configs or interfaces
https://notcve.org/view.php?id=CVE-2025-21776
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer: Oops: general protection fault, probably for non-canonical address 0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI CPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14 Hardware name: FreeBSD BHYVE/BHYVE,... • https://git.kernel.org/stable/c/49f077106fa07919a6a6dda99bb490dd1d1a8218 •