CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58013 – Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
https://notcve.org/view.php?id=CVE-2024-58013
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 Read of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961 CPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0 Hardwa... • https://git.kernel.org/stable/c/75e65b983c5e2ee51962bfada98a79d805f28827 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-58012 – ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
https://notcve.org/view.php?id=CVE-2024-58012
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL pointer deference. Check that the DAI widget associated with the CPU DAI is valid to prevent NULL pointer deference due to missing DAI widgets in topologies with aggregated amps. • https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58011 – platform/x86: int3472: Check for adev == NULL
https://notcve.org/view.php?id=CVE-2024-58011
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Check for adev == NULL Not all devices have an ACPI companion fwnode, so adev might be NULL. This can e.g. (theoretically) happen when a user manually binds one of the int3472 drivers to another i2c/platform device through sysfs. Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer(). • https://git.kernel.org/stable/c/4f8b210823cc2d1f9d967f089a6c00d025bb237f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58010 – binfmt_flat: Fix integer overflow bug on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-58010
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit systems the calculation of "full_data" could be wrong. full_data = data_len + relocs * sizeof(unsigned long); • https://git.kernel.org/stable/c/c995ee28d29d6f256c3a8a6c4e66469554374f25 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58005 – tpm: Change to kvalloc() in eventlog/acpi.c
https://notcve.org/view.php?id=CVE-2024-58005
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155... • https://git.kernel.org/stable/c/55a82ab3181be039c6440d3f2f69260ad6fe2988 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58001 – ocfs2: handle a symlink read error correctly
https://notcve.org/view.php?id=CVE-2024-58001
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;-) So I've redone it as individual patches, and credited Mark for the patches where his code is substantially the same. It's not a bad way to do it; his patch had some bugs and my patches had some bugs. Hopefully all our bugs were different from each other. And h... • https://git.kernel.org/stable/c/6e143eb4ab83c24e7ad3e3d8e7daa241d9c38377 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21731 – nbd: don't allow reconnect after disconnect
https://notcve.org/view.php?id=CVE-2025-21731
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: don't allow reconnect after disconnect Following process can cause nbd_config UAF: 1) grab nbd_config temporarily; 2) nbd_genl_disconnect() flush all recv_work() and release the initial reference: nbd_genl_disconnect nbd_disconnect_and_put nbd_disconnect flush_workqueue(nbd->recv_workq) if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...)) nbd_config_put -> due to step 1), reference is still not zero 3) nbd_genl_reconfigure() queue recv_... • https://git.kernel.org/stable/c/b7aa3d39385dc2d95899f9e379623fef446a2acd •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21722 – nilfs2: do not force clear folio if buffer is referenced
https://notcve.org/view.php?id=CVE-2025-21722
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not force clear folio if buffer is referenced Patch series "nilfs2: protect busy buffer heads from being force-cleared". This series fixes the buffer head state inconsistency issues reported by syzbot that occurs when the filesystem is corrupted and falls back to read-only, and the associated buffer head use-after-free issue. This patch (of 2): Syzbot has reported that after nilfs2 detects filesystem corruption and falls back to ... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21721 – nilfs2: handle errors that nilfs_prepare_chunk() may return
https://notcve.org/view.php?id=CVE-2025-21721
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfs_prepare_chunk() may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUG_ON check failures reported by syzbot around rename operations, and a minor behavioral issue where the mtime of a child directory changes when it is renamed instead of moved. This patch (of 2): The directory manipulation routines nilfs_set_link() and nilfs_delete_entry() rewrite the directory entry in th... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21718 – net: rose: fix timer races against user threads
https://notcve.org/view.php?id=CVE-2025-21718
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174 Read of size 2 at addr ffff88802f09b82a by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0 Ha... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •