CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57906 – iio: adc: ti-ads8688: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57906
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnerability has been resolved: iio: adc... • https://git.kernel.org/stable/c/61fa5dfa5f52806f5ce37a0ba5712c271eb22f98 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57905 – iio: adc: ti-ads1119: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57905
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: f... • https://git.kernel.org/stable/c/a9306887eba41c5fe7232727a8147da3d3c4f83c •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57904 – iio: adc: at91: call input_free_device() on allocated iio_dev
https://notcve.org/view.php?id=CVE-2024-57904
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Curren... • https://git.kernel.org/stable/c/84882b060301c35ab7e2c1ef355b0bd06b764195 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21654 – ovl: support encoding fid from inode with no alias
https://notcve.org/view.php?id=CVE-2025-21654
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: support encoding fid from inode with no alias Dmitry Safonov reported that a WARN_ON() assertion can be trigered by userspace when calling inotify_show_fdinfo() for an overlayfs watched inode, whose dentry aliases were discarded with drop_caches. The WARN_ON() assertion in inotify_show_fdinfo() was removed, because it is possible for encoding file handle to fail for other reason, but the impact of failing to encode an overlayfs file ha... • https://git.kernel.org/stable/c/16aac5ad1fa94894b798dd522c5c3a6a0628d7f0 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21653 – net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
https://notcve.org/view.php?id=CVE-2025-21653
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Goog... • https://git.kernel.org/stable/c/e5dfb815181fcb186d6080ac3a091eadff2d98fe •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21652 – ipvlan: Fix use-after-free in ipvlan_get_iflink().
https://notcve.org/view.php?id=CVE-2025-21652
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is triggered for the ipvlan dev, the lower dev might have already been freed, resulting in UAF of ipvlan->phy_dev in ipvlan_get_iflink(). We can delay the lower dev unregistration like vlan and macvlan by holding the l... • https://git.kernel.org/stable/c/8c55facecd7ade835287298ce325f930d888d8ec •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21651 – net: hns3: don't auto enable misc vector
https://notcve.org/view.php?id=CVE-2025-21651
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. If an interrupte is reported at this time, it will cause warning like below: [ 16.324639] Call trace: [ 16.324641] __queue_delayed_work+0xb8/0xe0 [ 16.324643] mod_delayed_work_on+0x78/0xd0 [ 16.324655] hclge_errhand_task_schedule+0x58/0x90 [hclge] [ 16.324662] hclge_misc_irq_handle+0x168/0x240 [hclge] [ 16.324666] __h... • https://git.kernel.org/stable/c/7be1b9f3e99f6213d053d16ed2438126931d8351 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21650 – net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue
https://notcve.org/view.php?id=CVE-2025-21650
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue The TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs 1024-1279 are in different BAR space addresses. However, hclge_fetch_pf_reg does not distinguish the tqp space information when reading the tqp space information. When the number of TQPs is greater than 1024, access bar space overwriting occurs. The problem of different segments has been considered ... • https://git.kernel.org/stable/c/939ccd107ffcade20c9c7055a2e7ae0fd724fb72 •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21649 – net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
https://notcve.org/view.php?id=CVE-2025-21649
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash. [ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.286600]... • https://git.kernel.org/stable/c/0bf5eb788512187b744ef7f79de835e6cbe85b9c •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21648 – netfilter: conntrack: clamp maximum hashtable size to INT_MAX
https://notcve.org/view.php?id=CVE-2025-21648
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns. In the Linux kernel, the following vulnerability has be... • https://git.kernel.org/stable/c/9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 •