CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-21946 – ksmbd: fix out-of-bounds in parse_sec_desc()
https://notcve.org/view.php?id=CVE-2025-21946
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parse_sec_desc() If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd struct size. If it is smaller, It could cause slab-out-of-bounds. And when validating sid, It need to check it included subauth array size. • https://git.kernel.org/stable/c/c1569dbbe2d43041be9f3fef7ca08bec3b66ad1b •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21945 – ksmbd: fix use-after-free in smb2_lock
https://notcve.org/view.php?id=CVE-2025-21945
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_lock If smb_lock->zero_len has value, ->llist of smb_lock is not delete and flock is old one. It will cause use-after-free on error handling routine. • https://git.kernel.org/stable/c/410ce35a2ed6d0e114132bba29af49b69880c8c7 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21944 – ksmbd: fix bug on trap in smb2_lock
https://notcve.org/view.php?id=CVE-2025-21944
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix bug on trap in smb2_lock If lock count is greater than 1, flags could be old value. It should be checked with flags of smb_lock, not flags. It will cause bug-on trap from locks_free_lock in error handling routine. • https://git.kernel.org/stable/c/11e0e74e14f1832a95092f2c98ed3b99f57797ee •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-21943 – gpio: aggregator: protect driver attr handlers against module unload
https://notcve.org/view.php?id=CVE-2025-21943
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both new_device_store and delete_device_store touch module global resources (e.g. gpio_aggregator_lock). To prevent race conditions with module unload, a reference needs to be held. Add try_module_get() in these handlers. For new_device_store, this eliminates what appears to be the most dangerous scenario: if an id is allocated from gpio_aggregator_idr but platform_device_... • https://git.kernel.org/stable/c/828546e24280f721350a7a0dcc92416e917b4382 •
CVSS: -EPSS: %CPEs: 1EXPL: 0CVE-2025-21942 – btrfs: zoned: fix extent range end unlock in cow_file_range()
https://notcve.org/view.php?id=CVE-2025-21942
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix extent range end unlock in cow_file_range() Running generic/751 on the for-next branch often results in a hang like below. They are both stack by locking an extent. This suggests someone forget to unlock an extent. INFO: task kworker/u128:1:12 blocked for more than 323 seconds. Not tainted 6.13.0-BTRFS-ZNS+ #503 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u128:1 state:D stack:0 pi... • https://git.kernel.org/stable/c/692cf71173bb41395c855acbbbe197d3aedfa5d4 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21941 – drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
https://notcve.org/view.php?id=CVE-2025-21941
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Found by code review. (cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092) • https://git.kernel.org/stable/c/3be5262e353b8ab97c528bfc7d0dd3c820e4ba27 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-21940 – drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
https://notcve.org/view.php?id=CVE-2025-21940
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530) • https://git.kernel.org/stable/c/629568d25fea8ece4f65073f039aeef4e240ab67 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-21939 – drm/xe/hmm: Don't dereference struct page pointers without notifier lock
https://notcve.org/view.php?id=CVE-2025-21939
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/hmm: Don't dereference struct page pointers without notifier lock The pnfs that we obtain from hmm_range_fault() point to pages that we don't have a reference on, and the guarantee that they are still in the cpu page-tables is that the notifier lock must be held and the notifier seqno is still valid. So while building the sg table and marking the pages accesses / dirty we need to hold this lock with a validated seqno. However, the lo... • https://git.kernel.org/stable/c/81e058a3e7fd8593d076b4f26f7b8bb49f1d61e3 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21938 – mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
https://notcve.org/view.php?id=CVE-2025-21938
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr If multiple connection requests attempt to create an implicit mptcp endpoint in parallel, more than one caller may end up in mptcp_pm_nl_append_new_local_addr because none found the address in local_addr_list during their call to mptcp_pm_nl_get_local_id. In this case, the concurrent new_local_addr calls may delete the address entry created by the previous caller. The... • https://git.kernel.org/stable/c/d045b9eb95a9b611c483897a69e7285aefdc66d7 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-21937 – Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
https://notcve.org/view.php?id=CVE-2025-21937
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Add check for the return value of mgmt_alloc_skb() in mgmt_remote_name() to prevent null pointer dereference. • https://git.kernel.org/stable/c/ba17bb62ce415950753c19d16bb43b2bd3701158 •