CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21756 – vsock: Keep the binding until socket destruction
https://notcve.org/view.php?id=CVE-2025-21756
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket unbinding during a transport reassignment, which fixes a use-after-free: 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2) 2. transport->release() calls vsock_remove_bound() without checking if sk was bound and moved t... • https://git.kernel.org/stable/c/c0cfa2d8a788fcf45df5bf4070ab2474c88d543a • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-58020 – HID: multitouch: Add NULL check in mt_input_configured
https://notcve.org/view.php?id=CVE-2024-58020
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but this returned value in mt_input_configured() is not checked. Add NULL check in mt_input_configured(), to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but... • https://git.kernel.org/stable/c/2763732ec1e68910719c75b6b896e11b6d3d622b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57852 – firmware: qcom: scm: smc: Handle missing SCM device
https://notcve.org/view.php?id=CVE-2024-57852
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it explicit that qcom_scm_get_tzmem_pool() can return NULL, therefore its users should handle this. In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it expli... • https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b83bd78cde1da8bc •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57834 – media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
https://notcve.org/view.php?id=CVE-2024-57834
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread syzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1] If dvb->mux is not initialized successfully by vidtv_mux_init() in the vidtv_start_streaming(), it will trigger null pointer dereference about mux in vidtv_mux_stop_thread(). Adjust the timing of streaming initialization and check it before stopping it. [1] KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000... • https://git.kernel.org/stable/c/86307e443c5844f38e1b98e2c51a4195c55576cd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54458 – scsi: ufs: bsg: Set bsg_queue to NULL after removal
https://notcve.org/view.php?id=CVE-2024-54458
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after re... • https://git.kernel.org/stable/c/5e7b6e44468c3242c21c2a8656d009fb3eb50a73 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54456 – NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
https://notcve.org/view.php?id=CVE-2024-54456
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of ... • https://git.kernel.org/stable/c/19b3ca651b4b473878c73539febe477905041442 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52560 – fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()
https://notcve.org/view.php?id=CVE-2024-52560
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the `mi_enum_attr()` function interface with an additional parameter, `struct ntfs_inode *ni`, to allow marking the inode as bad as soon as an error is detected. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the `mi_enum_attr()` function interface with an addi... • https://git.kernel.org/stable/c/d9c699f2c4dc174940ffe8600b20c267897da155 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52559 – drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2024-52559
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32 values that come from the user via the submit_lookup_cmds() function. This addition could lead to an integer wrapping bug so use size_add() to prevent that. Patchwork: https://patchwork.freedesktop.org/patch/624696/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent int... • https://git.kernel.org/stable/c/198725337ef1f73b73e7dc953c6ffb0799f26ffe •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21753 – btrfs: fix use-after-free when attempting to join an aborted transaction
https://notcve.org/view.php?id=CVE-2025-21753
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fs_info->trans_lock and without holding any extra reference count on it. This means that a concurrent task that is aborting the transaction may free the transaction before we read its 'aborted' field, leading to a use-after-free. Fix this by reading the '... • https://git.kernel.org/stable/c/871383be592ba7e819d27556591e315a0df38cee • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21752 – btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents
https://notcve.org/view.php?id=CVE-2025-21752
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Don't use btrfs_set_item_key_safe() to modify the keys in the RAID stripe-tree, as this can lead to corruption of the tree, which is caught by the checks in btrfs_set_item_key_safe(): BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12 BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030 [ snip ] item 105 key (354549760 230 2048... • https://git.kernel.org/stable/c/1c25eff52ee5a02a2c4be659a44ae972d9989742 •