CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21637 – sctp: sysctl: udp_port: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21637
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2... • https://git.kernel.org/stable/c/046c052b475e7119b6a30e3483e2888fc606a2f8 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21636 – sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21636
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1... • https://git.kernel.org/stable/c/d1e462a7a5f359cbb9a0e8fbfafcfb6657034105 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21635 – rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21635
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] u... • https://git.kernel.org/stable/c/c6a58ffed53612be86b758df1cdb0b0f4305e9cb •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21634 – cgroup/cpuset: remove kernfs active break
https://notcve.org/view.php?id=CVE-2025-21634
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: remove kernfs active break A warning was found: WARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828 CPU: 10 PID: 3486953 Comm: rmdir Kdump: loaded Tainted: G RIP: 0010:kernfs_should_drain_open_files+0x1a1/0x1b0 RSP: 0018:ffff8881107ef9e0 EFLAGS: 00010202 RAX: 0000000080000002 RBX: ffff888154738c00 RCX: dffffc0000000000 RDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff888154738c04 RBP: ffff888154738c04 R08: ffffffffaf27f... • https://git.kernel.org/stable/c/76bb5ab8f6e3e7bebdcefec4146ff305e7d0b465 •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21631 – block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
https://notcve.org/view.php?id=CVE-2025-21631
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task fsstress/232726 CPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57857 – RDMA/siw: Remove direct link to net_device
https://notcve.org/view.php?id=CVE-2024-57857
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Rely on associated ib_devices net_device management, not doubling the effort locally. A badly managed local link to net_device was causing a 'KASAN: slab-use-after-free' exception during siw_query_port() call. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/siw: eliminar el enlace directo a net_device No administrar un en... • https://git.kernel.org/stable/c/bdcf26bf9b3acb03c8f90387cfc6474fc8ac5521 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57841 – net: fix memory leak in tcp_conn_request()
https://notcve.org/view.php?id=CVE-2024-57841
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in tcp_conn_request() If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will return without free the dst memory, which allocated in af_ops->route_req. Here is the kmemleak stack: unreferenced object 0xffff8881198631c0 (size 240): comm "softirq", pid 0, jiffies 4299266571 (age 1802.392s) hex dump (first 32 bytes): 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................ 81 55 18 bb ff ff ff ff 0... • https://git.kernel.org/stable/c/527bec1f56ac7a2fceb8eb77eb0fc2678ecba394 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57802 – netrom: check buffer length before accessing it
https://notcve.org/view.php?id=CVE-2024-57802
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57795 – RDMA/rxe: Remove the direct link to net_device
https://notcve.org/view.php?id=CVE-2024-57795
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.1... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54031 – netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
https://notcve.org/view.php?id=CVE-2024-54031
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c [ 72.131036] Mem abort info: [ 72.131213] ESR = 0x0000000096000021 [ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits [ 72.132209] SET = 0, FnV = 0 [ 72.133216] EA = 0, S1PTW = 0 [ 72.134080] FSC = 0x21... • https://git.kernel.org/stable/c/98d62cf0e26305dd6a1932a4054004290f4194bb •