CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21941 – drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
https://notcve.org/view.php?id=CVE-2025-21941
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Found by code review. (cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092) In the Linux kernel, the following vulnerability has bee... • https://git.kernel.org/stable/c/3be5262e353b8ab97c528bfc7d0dd3c820e4ba27 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21940 – drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
https://notcve.org/view.php?id=CVE-2025-21940
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530) In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfd_queue_ac... • https://git.kernel.org/stable/c/629568d25fea8ece4f65073f039aeef4e240ab67 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21939 – drm/xe/hmm: Don't dereference struct page pointers without notifier lock
https://notcve.org/view.php?id=CVE-2025-21939
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/hmm: Don't dereference struct page pointers without notifier lock The pnfs that we obtain from hmm_range_fault() point to pages that we don't have a reference on, and the guarantee that they are still in the cpu page-tables is that the notifier lock must be held and the notifier seqno is still valid. So while building the sg table and marking the pages accesses / dirty we need to hold this lock with a validated seqno. However, the lo... • https://git.kernel.org/stable/c/81e058a3e7fd8593d076b4f26f7b8bb49f1d61e3 •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21938 – mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
https://notcve.org/view.php?id=CVE-2025-21938
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr If multiple connection requests attempt to create an implicit mptcp endpoint in parallel, more than one caller may end up in mptcp_pm_nl_append_new_local_addr because none found the address in local_addr_list during their call to mptcp_pm_nl_get_local_id. In this case, the concurrent new_local_addr calls may delete the address entry created by the previous caller. The... • https://git.kernel.org/stable/c/d045b9eb95a9b611c483897a69e7285aefdc66d7 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21937 – Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
https://notcve.org/view.php?id=CVE-2025-21937
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Add check for the return value of mgmt_alloc_skb() in mgmt_remote_name() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Add check for the return value of mgmt_alloc_skb() in mgmt_remote_name() to prevent null pointer dereference. • https://git.kernel.org/stable/c/ba17bb62ce415950753c19d16bb43b2bd3701158 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21936 – Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
https://notcve.org/view.php?id=CVE-2025-21936
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. • https://git.kernel.org/stable/c/e96741437ef0a5d18144e790ac894397efda0924 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21935 – rapidio: add check for rio_add_net() in rio_scan_alloc_net()
https://notcve.org/view.php?id=CVE-2025-21935
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net(). In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() shou... • https://git.kernel.org/stable/c/e6b585ca6e81badeb3d42db3cc408174f2826034 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21934 – rapidio: fix an API misues when rio_add_net() fails
https://notcve.org/view.php?id=CVE-2025-21934
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue. In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thu... • https://git.kernel.org/stable/c/e8de370188d098bb49483c287b44925957c3c9b6 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21932 – mm: abort vma_modify() on merge out of memory failure
https://notcve.org/view.php?id=CVE-2025-21932
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: abort vma_modify() on merge out of memory failure The remainder of vma_modify() relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt failing not due to the specified range being unmergeable, but rather due to an out of memory error arising when attempting to commit the merge, this assumption becomes untrue. This results in vmg->start, end b... • https://git.kernel.org/stable/c/2f1c6611b0a89afcb8641471af5f223c9caa01e0 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21931 – hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
https://notcve.org/view.php?id=CVE-2025-21931
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is n... • https://git.kernel.org/stable/c/b15c87263a69272423771118c653e9a1d0672caa •