CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21882 – net/mlx5: Fix vport QoS cleanup on error
https://notcve.org/view.php?id=CVE-2025-21882
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix vport QoS cleanup on error When enabling vport QoS fails, the scheduling node was never freed, causing a leak. Add the missing free and reset the vport scheduling node pointer to NULL. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix vport QoS cleanup on error When enabling vport QoS fails, the scheduling node was never freed, causing a leak. Add the missing free and reset the vport scheduling ... • https://git.kernel.org/stable/c/be034baba83e2a80a0b2c0f24c08547b6eedc79a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21881 – uprobes: Reject the shared zeropage in uprobe_write_opcode()
https://notcve.org/view.php?id=CVE-2025-21881
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobe_write_opcode() We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3 flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff) raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffff... • https://git.kernel.org/stable/c/2b144498350860b6ee9dc57ff27a93ad488de5dc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21880 – drm/xe/userptr: fix EFAULT handling
https://notcve.org/view.php?id=CVE-2025-21880
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix EFAULT handling Currently we treat EFAULT from hmm_range_fault() as a non-fatal error when called from xe_vm_userptr_pin() with the idea that we want to avoid killing the entire vm and chucking an error, under the assumption that the user just did an unmap or something, and has no intention of actually touching that memory from the GPU. At this point we have already zapped the PTEs so any access should generate a page fa... • https://git.kernel.org/stable/c/521db22a1d70dbc596a07544a738416025b1b63c •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21879 – btrfs: fix use-after-free on inode when scanning root during em shrinking
https://notcve.org/view.php?id=CVE-2025-21879
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfs_scan_root() we are accessing the inode's root (and fs_info) in a call to btrfs_fs_closing() after we have scheduled the inode for a delayed iput, and that can result in a use-after-free on the inode in case the cleaner kthread does the iput before we dereference the inode in the call to btrfs_fs_closing(). Fix this by using the fs_info stored already in a loc... • https://git.kernel.org/stable/c/1020443840569535f6025a855958f07ea3eebf71 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21878 – i2c: npcm: disable interrupt enable bit before devm_request_irq
https://notcve.org/view.php?id=CVE-2025-21878
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: disable interrupt enable bit before devm_request_irq The customer reports that there is a soft lockup issue related to the i2c driver. After checking, the i2c module was doing a tx transfer and the bmc machine reboots in the middle of the i2c transaction, the i2c module keeps the status without being reset. Due to such an i2c module status, the i2c irq handler keeps getting triggered since the i2c irq handler is registered in the... • https://git.kernel.org/stable/c/56a1485b102ed1cd5a4af8e87ed794699fd1cad2 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21877 – usbnet: gl620a: fix endpoint checking in genelink_bind()
https://notcve.org/view.php?id=CVE-2025-21877
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelink_bind() Syzbot reports [1] a warning in usb_submit_urb() triggered by inconsistencies between expected and actually present endpoints in gl620a driver. Since genelink_bind() does not properly verify whether specified eps are in fact provided by the device, in this case, an artificially manufactured one, one may get a mismatch. Fix the issue by resorting to a usbnet utility function usbnet_get... • https://git.kernel.org/stable/c/47ee3051c856cc2aa95d35d577a8cb37279d540f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21876 – iommu/vt-d: Fix suspicious RCU usage
https://notcve.org/view.php?id=CVE-2025-21876
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix suspicious RCU usage Commit
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21875 – mptcp: always handle address removal under msk socket lock
https://notcve.org/view.php?id=CVE-2025-21875
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline] WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline] WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:... • https://git.kernel.org/stable/c/b6c08380860b926752d57c8fa9911fa388c4b876 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21874 – dm-integrity: Avoid divide by zero in table status in Inline mode
https://notcve.org/view.php?id=CVE-2025-21874
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journal_sectors is zero. Calculating the journal watermark requires dividing by journal_sectors, which should be done only if the journal is configured. Otherwise, a simple table query (dmsetup table) can cause OOPS. This bug did not show on some systems, perhaps only due to compiler optimization. On my 32-bit testing machine, this r... • https://git.kernel.org/stable/c/fb0987682c629c1d2c476f35f6fde405a5e304a4 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21873 – scsi: ufs: core: bsg: Fix crash when arpmb command fails
https://notcve.org/view.php?id=CVE-2025-21873
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsg_transport_sg_io_fn(). In the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-;