CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21735 – NFC: nci: Add bounds checking in nci_hci_create_pipe()
https://notcve.org/view.php?id=CVE-2025-21735
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, nci_hci_connect_gate(). • https://git.kernel.org/stable/c/a1b0b9415817c14d207921582f269d03f848b69f •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21734 – misc: fastrpc: Fix copy buffer page size
https://notcve.org/view.php?id=CVE-2025-21734
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix copy buffer page size For non-registered buffer, fastrpc driver copies the buffer and pass it to the remote subsystem. There is a problem with current implementation of page size calculation which is not considering the offset in the calculation. This might lead to passing of improper and out-of-bounds page size which could result in memory issue. Calculate page start and page end using the offset adjusted address instead... • https://git.kernel.org/stable/c/02b45b47fbe84e23699bb6bdc74d4c2780e282b4 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-58019 – nvkm/gsp: correctly advance the read pointer of GSP message queue
https://notcve.org/view.php?id=CVE-2024-58019
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nvkm/gsp: correctly advance the read pointer of GSP message queue A GSP event message consists three parts: message header, RPC header, message body. GSP calculates the number of pages to write from the total size of a GSP message. This behavior can be observed from the movement of the write pointer. However, nvkm takes only the size of RPC header and message body as the message size when advancing the read pointer. When handling a two-page... • https://git.kernel.org/stable/c/5185e63b45ea39339ed83f269e2ddfafb07e70d9 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-58018 – nvkm: correctly calculate the available space of the GSP cmdq buffer
https://notcve.org/view.php?id=CVE-2024-58018
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535_gsp_cmdq_push() waits for the available page in the GSP cmdq buffer when handling a large RPC request. When it sees at least one available page in the cmdq, it quits the waiting with the amount of free buffer pages in the queue. Unfortunately, it always takes the [write pointer, buf_size) as available buffer pages before rolling back and wrongly calculates the size of... • https://git.kernel.org/stable/c/56e6c7f6d2a6b4e0aae0528c502e56825bb40598 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58017 – printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
https://notcve.org/view.php?id=CVE-2024-58017
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior. This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer. • https://git.kernel.org/stable/c/9a6d43844de2479a3ff8d674c3e2a16172e01598 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58016 – safesetid: check size of policy writes
https://notcve.org/view.php?id=CVE-2024-58016
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handle_policy_update(), triggering a warning in kmalloc. Check the size specified for write buffers before allocating. [PM: subject tweak] • https://git.kernel.org/stable/c/a0dec65f88c8d9290dfa1d2ca1e897abe54c5881 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-58015 – wifi: ath12k: Fix for out-of bound access error
https://notcve.org/view.php?id=CVE-2024-58015
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix for out-of bound access error Selfgen stats are placed in a buffer using print_array_to_buf_index() function. Array length parameter passed to the function is too big, resulting in possible out-of bound memory error. Decreasing buffer size by one fixes faulty upper bound of passed array. Discovered in coverity scan, CID 1600742 and CID 1600758 • https://git.kernel.org/stable/c/8700c4bf8b7ed98037d2acf1eaf770ad6dd431d4 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58014 – wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
https://notcve.org/view.php?id=CVE-2024-58014
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN() instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/ada9df08b3ef683507e75b92f522fb659260147f •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58013 – Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
https://notcve.org/view.php?id=CVE-2024-58013
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 Read of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961 CPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0 Hardwa... • https://git.kernel.org/stable/c/75e65b983c5e2ee51962bfada98a79d805f28827 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-58012 – ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
https://notcve.org/view.php?id=CVE-2024-58012
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL pointer deference. Check that the DAI widget associated with the CPU DAI is valid to prevent NULL pointer deference due to missing DAI widgets in topologies with aggregated amps. • https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5 •