CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21708 – net: usb: rtl8150: enable basic endpoint checking
https://notcve.org/view.php?id=CVE-2025-21708
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: enable basic endpoint checking Syzkaller reports [1] encountering a common issue of utilizing a wrong usb endpoint type during URB submitting stage. This, in turn, triggers a warning shown below. For now, enable simple endpoint checking (specifically, bulk and interrupt eps, testing control one is not essential) to mitigate the issue with a view to do other related cosmetic changes later, if they are necessary. [1] Syzkal... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57996 – net_sched: sch_sfq: don't allow 1 packet limit
https://notcve.org/view.php?id=CVE-2024-57996
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixes the following syzkaller reported crash: UBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6 index 65535 is out of range for type 'struct sfq_head[128]' CPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1 Ha... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57980 – media: uvcvideo: Fix double free in error path
https://notcve.org/view.php?id=CVE-2024-57980
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org> • https://git.kernel.org/stable/c/a31a4055473bf0a7b2b06cb2262347200d0711e1 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-57979 – pps: Fix a use-after-free
https://notcve.org/view.php?id=CVE-2024-57979
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardw... • https://git.kernel.org/stable/c/d953e0e837e65ecc1ddaa4f9560f7925878a0de6 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57976 – btrfs: do proper folio cleanup when cow_file_range() failed
https://notcve.org/view.php?id=CVE-2024-57976
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cow_file_range() failed [BUG] When testing with COW fixup marked as BUG_ON() (this is involved with the new pin_user_pages*() change, which should not result new out-of-band dirty pages), I hit a crash triggered by the BUG_ON() from hitting COW fixup path. This BUG_ON() happens just after a failed btrfs_run_delalloc_range(): BTRFS error (device dm-2): failed to run delalloc range, root 348 ino 405 folio 6... • https://git.kernel.org/stable/c/692cf71173bb41395c855acbbbe197d3aedfa5d4 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57975 – btrfs: do proper folio cleanup when run_delalloc_nocow() failed
https://notcve.org/view.php?id=CVE-2024-57975
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when run_delalloc_nocow() failed [BUG] With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crash with the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range failed, start 1146880 end 1253375 len 106496 ret -28 BTRFS error (device dm-3): run_delalloc_nocow failed, start 1146880 end 1253375 len 106496 ret -28 page: refcount:4 mapcount:0 mapping:00000000592787cc index:0x12 pfn:0... • https://git.kernel.org/stable/c/5ae72abbf91eb172ce3a838a4dc34be3c9707296 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57974 – udp: Deal with race between UDP socket address change and rehash
https://notcve.org/view.php?id=CVE-2024-57974
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: udp: Deal with race between UDP socket address change and rehash If a UDP socket changes its local address while it's receiving datagrams, as a result of connect(), there is a period during which a lookup operation might fail to find it, after the address is changed but before the secondary hash (port and address) and the four-tuple hash (local and remote ports and addresses) are updated. Secondary hash chains were introduced by commit 30ff... • https://git.kernel.org/stable/c/30fff9231fad757c061285e347b33c5149c2c2e4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49731 – ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
https://notcve.org/view.php?id=CVE-2022-49731
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() In an unlikely (and probably wrong?) case that the 'ppi' parameter of ata_host_alloc_pinfo() points to an array starting with a NULL pointer, there's going to be a kernel oops as the 'pi' local variable won't get reassigned from the initial value of NULL. Initialize 'pi' instead to '&ata_dummy_port_info' to fix the possible kernel oops for good... Found by Linux Verification... • https://git.kernel.org/stable/c/ca4693e6e06e4fd2b240c0fec47aa2498c94848e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49730 – scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted
https://notcve.org/view.php?id=CVE-2022-49730
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted A use-after-free crash can occur after an ELS LOGO is aborted. Specifically, a nodelist structure is freed and then ndlp->vport->cfg_log_verbose is dereferenced in lpfc_nlp_get() when the discovery state machine is mistakenly called a second time with NLP_EVT_DEVICE_RM argument. Rework lpfc_cmpl_els_logo() to prevent the duplicate calls to release a nodelist structure. In... • https://git.kernel.org/stable/c/5e83869e29448958f8ae2c6911f350318f75e4fc •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49729 – nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
https://notcve.org/view.php?id=CVE-2022-49729
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Similar to the handling of play_deferred in commit 19cfe912c37b ("Bluetooth: btusb: Fix memory leak in play_deferred"), we thought a patch might be needed here as well. Currently usb_submit_urb is called directly to submit deferred tx urbs after unanchor them. So the usb_giveback_urb_bh would failed to unref it in usb_unanchor_urb and cause memory leak. Put those urbs in tx_anchor to av... • https://git.kernel.org/stable/c/1eb0afecfb9cd0f38424b82bd9aaa542310934ee •