CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21854 – sockmap, vsock: For connectible sockets allow only connected
https://notcve.org/view.php?id=CVE-2025-21854
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsock_proto::psock_update_sk_prot(). However, there is an edge case where an unconnected (connectible) socket may lose its previously assigned transport. This is handled with a NULL check in the vsock/BPF recv path. Another design detail is that listening vsocks are not supposed to have any transport as... • https://git.kernel.org/stable/c/634f1a7110b439c65fd8a809171c1d2d28bcea6f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21853 – bpf: avoid holding freeze_mutex during mmap operation
https://notcve.org/view.php?id=CVE-2025-21853
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freeze_mutex for entire duration of all the mm and VMA manipulations, which is completely unnecessary. This can potentially also lead to deadlocks, as reported by syzbot in [0]. So, instead, hold freeze_mutex only during... • https://git.kernel.org/stable/c/fc9702273e2edb90400a34b3be76f7b08fa3344b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21852 – net: Add rx_skb of kfree_skb to raw_tp_null_args[].
https://notcve.org/view.php?id=CVE-2025-21852
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Yan Zhai reported a BPF prog could trigger a null-ptr-deref [0] in trace_kfree_skb if the prog does not check if rx_sk is NULL. Commit c53795d48ee8 ("net: add rx_sk to trace_kfree_skb") added rx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL. Let's add kfree_skb to raw_tp_null_args[] to let the BPF verifier validate such a prog and prevent the issue. Now we fail to load suc... • https://git.kernel.org/stable/c/c53795d48ee8f385c6a9e394651e7ee914baaeba •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21851 – bpf: Fix softlockup in arena_map_free on 64k page kernel
https://notcve.org/view.php?id=CVE-2025-21851
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() wi... • https://git.kernel.org/stable/c/317460317a02a1af512697e6e964298dedd8a163 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21850 – nvmet: Fix crash when a namespace is disabled
https://notcve.org/view.php?id=CVE-2025-21850
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet: Fix crash when a namespace is disabled The namespace percpu counter protects pending I/O, and we can only safely diable the namespace once the counter drop to zero. Otherwise we end up with a crash when running blktests/nvme/058 (eg for loop transport): [ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI [ 2352.930431] [ T53909] KASAN: null-pt... • https://git.kernel.org/stable/c/74d16965d7ac378d28ebd833ae6d6a097186a4ec •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21849 – drm/i915/gt: Use spin_lock_irqsave() in interruptible context
https://notcve.org/view.php?id=CVE-2025-21849
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Use spin_lock_irqsave() in interruptible context spin_lock/unlock() functions used in interrupt contexts could result in a deadlock, as seen in GitLab issue #13399, which occurs when interrupt comes in while holding a lock. Try to remedy the problem by saving irq state before spin lock acquisition. v2: add irqs' state save/restore calls to all locks/unlocks in signal_irq_work() execution (Maciej) v3: use with spin_lock_irqsave(... • https://git.kernel.org/stable/c/2f2cc53b5fe7022f3ae602eb24573d52f8740959 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21848 – nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
https://notcve.org/view.php?id=CVE-2025-21848
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. Several vulnerabilities have been disc... • https://git.kernel.org/stable/c/ff3d43f7568c82b335d7df2d40a31447c3fce10c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21847 – ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
https://notcve.org/view.php?id=CVE-2025-21847
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as it is done in sof_set_stream_data_offset() function. Assuming that it is not NULL if sps->stream is NULL is incorrect and can lead to NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of ... • https://git.kernel.org/stable/c/090349a9feba3ceee3997d31d68ffe54e5b57acb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21846 – acct: perform last write from workqueue
https://notcve.org/view.php?id=CVE-2025-21846
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current-... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21845 – mtd: spi-nor: sst: Fix SST write failure
https://notcve.org/view.php?id=CVE-2025-21845
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operation to `sst_nor_write_data()`")' introduced a bug where only one byte of data is written, regardless of the number of bytes passed to sst_nor_write_data(), causing a kernel crash during the write operation. Ensure the correct number of bytes are written as passed to sst_nor_write_data(). Call trace: [ 57.400180] ------------[ cut... • https://git.kernel.org/stable/c/18bcb4aa54eab75dce41e5c176a1c2bff94f0f79 •