CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21848 – nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
https://notcve.org/view.php?id=CVE-2025-21848
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. • https://git.kernel.org/stable/c/ff3d43f7568c82b335d7df2d40a31447c3fce10c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21847 – ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
https://notcve.org/view.php?id=CVE-2025-21847
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as it is done in sof_set_stream_data_offset() function. Assuming that it is not NULL if sps->stream is NULL is incorrect and can lead to NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of ... • https://git.kernel.org/stable/c/090349a9feba3ceee3997d31d68ffe54e5b57acb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21846 – acct: perform last write from workqueue
https://notcve.org/view.php?id=CVE-2025-21846
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current-... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21844 – smb: client: Add check for next_buffer in receive_encrypted_standard()
https://notcve.org/view.php?id=CVE-2025-21844
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encryp... • https://git.kernel.org/stable/c/b03c8099a738a04d2343547ae6a04e5f0f63d3fa •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58089 – btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
https://notcve.org/view.php?id=CVE-2024-58089
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): chec... • https://git.kernel.org/stable/c/d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58088 – bpf: Fix deadlock when freeing cgroup storage
https://notcve.org/view.php?id=CVE-2024-58088
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]") first introduced deadlock prevention for fentry/fexit programs attaching on bpf_task_storage helpers. That commit also employed the logic in map free path in its v6 version. Later bpf_cgrp_storage was first introduced in c4bcfb38a95e ("bpf: Implement cgroup storage available to non-cgroup-att... • https://git.kernel.org/stable/c/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58087 – ksmbd: fix racy issue from session lookup and expire
https://notcve.org/view.php?id=CVE-2024-58087
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. Attila Szász discovered that the HFS+ file system implemen... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21839 – KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
https://notcve.org/view.php?id=CVE-2025-21839
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn't debugging the guest, KVM disables DR interception and loads the guest's values into hardware on VM-Enter and saves them on VM-Exit. This allo... • https://git.kernel.org/stable/c/d67668e9dd76d98136048935723947156737932b •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21838 – usb: gadget: core: flush gadget workqueue after device removal
https://notcve.org/view.php?id=CVE-2025-21838
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: device_del() gadget_unbind_driver() usb_gadget_disconnect_locked() dwc3_gadget_pullup() dwc3_gadget_soft_disconnect() usb_gadget_set_state() schedule_work(&gadget->work) Move flush_work() after device_del() to ensure the ... • https://git.kernel.org/stable/c/5702f75375aa9ecf8ad3431aef3fe6ce8c8dbd15 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21836 – io_uring/kbuf: reallocate buf lists on upgrade
https://notcve.org/view.php?id=CVE-2025-21836
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse... • https://git.kernel.org/stable/c/2fcabce2d7d34f69a888146dab15b36a917f09d4 •