CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21852 – net: Add rx_skb of kfree_skb to raw_tp_null_args[].
https://notcve.org/view.php?id=CVE-2025-21852
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Yan Zhai reported a BPF prog could trigger a null-ptr-deref [0] in trace_kfree_skb if the prog does not check if rx_sk is NULL. Commit c53795d48ee8 ("net: add rx_sk to trace_kfree_skb") added rx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL. Let's add kfree_skb to raw_tp_null_args[] to let the BPF verifier validate such a prog and prevent the issue. Now we fail to load suc... • https://git.kernel.org/stable/c/c53795d48ee8f385c6a9e394651e7ee914baaeba •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21851 – bpf: Fix softlockup in arena_map_free on 64k page kernel
https://notcve.org/view.php?id=CVE-2025-21851
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() wi... • https://git.kernel.org/stable/c/317460317a02a1af512697e6e964298dedd8a163 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21849 – drm/i915/gt: Use spin_lock_irqsave() in interruptible context
https://notcve.org/view.php?id=CVE-2025-21849
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Use spin_lock_irqsave() in interruptible context spin_lock/unlock() functions used in interrupt contexts could result in a deadlock, as seen in GitLab issue #13399, which occurs when interrupt comes in while holding a lock. Try to remedy the problem by saving irq state before spin lock acquisition. v2: add irqs' state save/restore calls to all locks/unlocks in signal_irq_work() execution (Maciej) v3: use with spin_lock_irqsave(... • https://git.kernel.org/stable/c/2f2cc53b5fe7022f3ae602eb24573d52f8740959 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21848 – nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
https://notcve.org/view.php?id=CVE-2025-21848
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. • https://git.kernel.org/stable/c/ff3d43f7568c82b335d7df2d40a31447c3fce10c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21847 – ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
https://notcve.org/view.php?id=CVE-2025-21847
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as it is done in sof_set_stream_data_offset() function. Assuming that it is not NULL if sps->stream is NULL is incorrect and can lead to NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of ... • https://git.kernel.org/stable/c/090349a9feba3ceee3997d31d68ffe54e5b57acb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21846 – acct: perform last write from workqueue
https://notcve.org/view.php?id=CVE-2025-21846
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current-... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21844 – smb: client: Add check for next_buffer in receive_encrypted_standard()
https://notcve.org/view.php?id=CVE-2025-21844
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encryp... • https://git.kernel.org/stable/c/b03c8099a738a04d2343547ae6a04e5f0f63d3fa •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58089 – btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
https://notcve.org/view.php?id=CVE-2024-58089
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): chec... • https://git.kernel.org/stable/c/d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58088 – bpf: Fix deadlock when freeing cgroup storage
https://notcve.org/view.php?id=CVE-2024-58088
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]") first introduced deadlock prevention for fentry/fexit programs attaching on bpf_task_storage helpers. That commit also employed the logic in map free path in its v6 version. Later bpf_cgrp_storage was first introduced in c4bcfb38a95e ("bpf: Implement cgroup storage available to non-cgroup-att... • https://git.kernel.org/stable/c/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58087 – ksmbd: fix racy issue from session lookup and expire
https://notcve.org/view.php?id=CVE-2024-58087
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. Attila Szász discovered that the HFS+ file system implemen... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •