CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58088 – bpf: Fix deadlock when freeing cgroup storage
https://notcve.org/view.php?id=CVE-2024-58088
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]") first introduced deadlock prevention for fentry/fexit programs attaching on bpf_task_storage helpers. That commit also employed the logic in map free path in its v6 version. Later bpf_cgrp_storage was first introduced in c4bcfb38a95e ("bpf: Implement cgroup storage available to non-cgroup-att... • https://git.kernel.org/stable/c/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58087 – ksmbd: fix racy issue from session lookup and expire
https://notcve.org/view.php?id=CVE-2024-58087
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. Attila Szász discovered that the HFS+ file system implemen... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21839 – KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
https://notcve.org/view.php?id=CVE-2025-21839
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn't debugging the guest, KVM disables DR interception and loads the guest's values into hardware on VM-Enter and saves them on VM-Exit. This allo... • https://git.kernel.org/stable/c/d67668e9dd76d98136048935723947156737932b •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21838 – usb: gadget: core: flush gadget workqueue after device removal
https://notcve.org/view.php?id=CVE-2025-21838
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: device_del() gadget_unbind_driver() usb_gadget_disconnect_locked() dwc3_gadget_pullup() dwc3_gadget_soft_disconnect() usb_gadget_set_state() schedule_work(&gadget->work) Move flush_work() after device_del() to ensure the ... • https://git.kernel.org/stable/c/5702f75375aa9ecf8ad3431aef3fe6ce8c8dbd15 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21836 – io_uring/kbuf: reallocate buf lists on upgrade
https://notcve.org/view.php?id=CVE-2025-21836
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse... • https://git.kernel.org/stable/c/2fcabce2d7d34f69a888146dab15b36a917f09d4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21835 – usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
https://notcve.org/view.php?id=CVE-2025-21835
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct information, bNumEmbMIDIJack and bLength are set incorrectly in these descriptors. This does not matter when the numbers of in and out ports are equal, but when they differ the host will receive broken descriptors with uninitialized stack memory leaking into the desc... • https://git.kernel.org/stable/c/c8933c3f79568263c90a46f06cf80419e6c63c97 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-58086 – drm/v3d: Stop active perfmon if it is being destroyed
https://notcve.org/view.php?id=CVE-2024-58086
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop active perfmon if it is being destroyed If the active performance monitor (`v3d->active_perfmon`) is being destroyed, stop it first. Currently, the active perfmon is not stopped during destruction, leaving the `v3d->active_perfmon` pointer stale. This can lead to undefined behavior and instability. This patch ensures that the active perfmon is stopped before being destroyed, aligning with the behavior introduced in commit 7d1f... • https://git.kernel.org/stable/c/26a4dc29b74a137f45665089f6d3d633fcc9b662 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21833 – iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2025-21833
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pa... • https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21832 – block: don't revert iter for -EIOCBQUEUED
https://notcve.org/view.php?id=CVE-2025-21832
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdev_read_iter() has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero (where bigger than makes more sense), and not checking the return value of blkdev_direct_IO() before doing an iov_iter_revert(). The latter can lead to attempting to revert with a negative value, which when passed to iov_iter_revert() as an unsigned valu... • https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21831 – PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1
https://notcve.org/view.php?id=CVE-2025-21831
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 commit 9d26d3a8f1b0 ("PCI: Put PCIe ports into D3 during suspend") sets the policy that all PCIe ports are allowed to use D3. When the system is suspended if the port is not power manageable by the platform and won't be used for wakeup via a PME this sets up the policy for these ports to go into D3hot. This policy generally makes sense from an OSPM perspective but it leads to ... • https://git.kernel.org/stable/c/9d26d3a8f1b0c442339a235f9508bdad8af91043 •