CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22126 – md: fix mddev uaf while iterating all_mddevs list
https://notcve.org/view.php?id=CVE-2025-22126
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(), list_for_each_entry_safe is used, and this can race with deletint the next mddev, causing UAF: t1: spin_lock //list_for_each_entry_safe(mddev, n, ...) mddev_get(mddev1) // assume mddev2 is the next entry spin_unlock t2: //remove mddev2 ... In the Linux kernel, the following vulnerability has been resolved: m... • https://git.kernel.org/stable/c/f26514342255855f4ca3c0a92cb1cdea01c33004 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22125 – md/raid1,raid10: don't ignore IO flags
https://notcve.org/view.php?id=CVE-2025-22125
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that raid write performance is quite bad because all IO are throttled by wbt of underlying disks, due to flag REQ_IDLE is ignored. ... Fises: f51d46d0e7cb ("md: add support for REQ_NOWAIT") In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that... • https://git.kernel.org/stable/c/5404bc7a87b9949cf61e0174b21f80e73239ab25 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22124 – md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
https://notcve.org/view.php?id=CVE-2025-22124
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12k ------------------------------------------------------------------- | idle | md super | bm super [0] + bits | | bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] | | bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits | | bm bits [3, contd] | | | So in node 1, pg_in... • https://git.kernel.org/stable/c/ab99a87542f194f28e2364a42afbf9fb48b1c724 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22123 – f2fs: fix to avoid accessing uninitialized curseg
https://notcve.org/view.php?id=CVE-2025-22123
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid accessing uninitialized curseg syzbot reports a f2fs bug as below: F2FS-fs (loop3): Stopped filesystem due to reason: 7 kworker/u8:7: attempt to access beyond end of device BUG: unable to handle page fault for address: ffffed1604ea3dfa RIP: 0010:get_ckpt_valid_blocks fs/f2fs/segment.h:361 [inline] RIP: 0010:has_curseg_enough_space fs/f2fs/segment.h:570 [inline] RIP: 0010:__get_secs_required fs/f2fs/segment.h:620 [i... • https://git.kernel.org/stable/c/8b10d3653735e117bc1954ade80d75ad7b46b801 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22122 – block: fix adding folio to bio
https://notcve.org/view.php?id=CVE-2025-22122
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio can't be held in 'unsigned int', cause warning in bio_add_folio_nofail() and IO failure. In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio... • https://git.kernel.org/stable/c/ed9832bc08db29874600eb066b74918fe6fc2060 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22121 – ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
https://notcve.org/view.php?id=CVE-2025-22121
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz-executor.0/15172 CPU: 3 PID: 15172 Comm: syz-executor.0 Call Trace: __dump_stack lib/dump_stack.c:82 [inline] dump_stack+0xbe/0xfd lib/dump_stack.c:123 print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400 __k... • https://git.kernel.org/stable/c/e50e5129f384ae282adebfb561189cdb19b81cee •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22120 – ext4: goto right label 'out_mmap_sem' in ext4_setattr()
https://notcve.org/view.php?id=CVE-2025-22120
16 Apr 2025 — task:fsstress state:D stack:0 pid:374 tgid:374 ppid:373 task_flags:0x440140 flags:0x00000000 Call Trace:
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22119 – wifi: cfg80211: init wiphy_work before allocating rfkill fails
https://notcve.org/view.php?id=CVE-2025-22119
16 Apr 2025 — CPU: 0 UID: 0 PID: 5935 Comm: syz-executor550 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22118 – ice: validate queue quanta parameters to prevent OOB access
https://notcve.org/view.php?id=CVE-2025-22118
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration. Ensure end_qid does not overflow by validating start_qid and num_queues. In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration. • https://git.kernel.org/stable/c/015307754a19832dd665295f6c123289b0f37ba6 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22117 – ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()
https://notcve.org/view.php?id=CVE-2025-22117
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in function ice_vc_fdir_parse_raw() by verifying if it does not exceed the VIRTCHNL_MAX_SIZE_RAW_PACKET value. In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in functi... • https://git.kernel.org/stable/c/99f419df8a5c5e1a58822203989f77712d01d410 •