CVSS: 9.8EPSS: %CPEs: 5EXPL: 0CVE-2025-21936 – Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
https://notcve.org/view.php?id=CVE-2025-21936
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. • https://git.kernel.org/stable/c/e96741437ef0a5d18144e790ac894397efda0924 •
CVSS: 9.8EPSS: %CPEs: 8EXPL: 0CVE-2025-21935 – rapidio: add check for rio_add_net() in rio_scan_alloc_net()
https://notcve.org/view.php?id=CVE-2025-21935
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net(). In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() shou... • https://git.kernel.org/stable/c/e6b585ca6e81badeb3d42db3cc408174f2826034 •
CVSS: 9.8EPSS: %CPEs: 8EXPL: 0CVE-2025-21934 – rapidio: fix an API misues when rio_add_net() fails
https://notcve.org/view.php?id=CVE-2025-21934
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue. In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thu... • https://git.kernel.org/stable/c/e8de370188d098bb49483c287b44925957c3c9b6 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2025-21933 – arm: pgtable: fix NULL pointer dereference issue
https://notcve.org/view.php?id=CVE-2025-21933
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: arm: pgtable: fix NULL pointer dereference issue When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte(): Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_rang... • https://git.kernel.org/stable/c/fc9c45b71f43cafcc0435dd4c7a2d3b99955a0fa •
CVSS: 6.3EPSS: %CPEs: 3EXPL: 0CVE-2025-21932 – mm: abort vma_modify() on merge out of memory failure
https://notcve.org/view.php?id=CVE-2025-21932
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: abort vma_modify() on merge out of memory failure The remainder of vma_modify() relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt failing not due to the specified range being unmergeable, but rather due to an out of memory error arising when attempting to commit the merge, this assumption becomes untrue. This results in vmg->start, end b... • https://git.kernel.org/stable/c/2f1c6611b0a89afcb8641471af5f223c9caa01e0 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2025-21931 – hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
https://notcve.org/view.php?id=CVE-2025-21931
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is n... • https://git.kernel.org/stable/c/b15c87263a69272423771118c653e9a1d0672caa •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2025-21930 – wifi: iwlwifi: mvm: don't try to talk to a dead firmware
https://notcve.org/view.php?id=CVE-2025-21930
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't try to talk to a dead firmware This fixes: bad state = 0 WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi] Call Trace:
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-21929 – HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()
https://notcve.org/view.php?id=CVE-2025-21929
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The function hid_ishtp_cl_deinit() is called before ishtp_hid_remove(), which can lead to accessing freed memory or resources during the removal process. Call Trace: ? ishtp_cl_send+0x168/0x220 [intel_ishtp] ? hid_output_report+0xe3/0x150 ... • https://git.kernel.org/stable/c/f645a90e8ff732c48dd9f18815baef08c44ac8a0 •
CVSS: 9.8EPSS: %CPEs: 8EXPL: 0CVE-2025-21928 – HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
https://notcve.org/view.php?id=CVE-2025-21928
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()` uses `driver_d... • https://git.kernel.org/stable/c/0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6 •
CVSS: 9.8EPSS: %CPEs: 3EXPL: 0CVE-2025-21927 – nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
https://notcve.org/view.php?id=CVE-2025-21927
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length (e.g. 255), causing nvme_tcp_verify_hdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest. Fix this by rejecting packets with an unexpected header... • https://git.kernel.org/stable/c/3f2304f8c6d6ed97849057bd16fee99e434ca796 •