CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21660 – ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
https://notcve.org/view.php?id=CVE-2025-21660
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not the last entry, it will exit without restoring changed path buffer. But later this buffer may be used as the filename for creation. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error an... • https://git.kernel.org/stable/c/d1b2d2a9c912fc7b788985fbaf944e80f4b3f2af •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21659 – netdev: prevent accessing NAPI instances from another namespace
https://notcve.org/view.php?id=CVE-2025-21659
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the very least NAPI instance belongs to the same netns as the owner of the genl sock. napi_by_id() can become static now, but it needs to move because of dev_get_by_napi_id(). In the Linux kernel, the following vulnerability has been res... • https://git.kernel.org/stable/c/27f91aaf49b3a50e5a02ad5fa27b7c453d029a72 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21658 – btrfs: avoid NULL pointer dereference if no valid extent tree
https://notcve.org/view.php?id=CVE-2025-21658
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1 BUG: kernel NULL pointer dereference, address: 0000000000000208 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 UID: 0 PID: 689 Comm: r... • https://git.kernel.org/stable/c/42437a6386ffeaaf200731e73d723ea491f3fe7d •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21657 – sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()
https://notcve.org/view.php?id=CVE-2025-21657
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass() scx_ops_bypass() iterates all CPUs to re-enqueue all the scx tasks. For each CPU, it acquires a lock using rq_lock() regardless of whether a CPU is offline or the CPU is currently running a task in a higher scheduler class (e.g., deadline). The rq_lock() is supposed to be used for online CPUs, and the use of rq_lock() may trigger an unnecessary warning in rq_pin_lock(). ... • https://git.kernel.org/stable/c/0e7ffff1b8117b05635c87d3c9099f6aa9c9b689 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21656 – hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur
https://notcve.org/view.php?id=CVE-2025-21656
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) error codes. Currently the driver just passes error codes of scsi_execute_cmd() to hwmon core, which is incorrect because hwmon only checks for negative error codes. This leads to hwmon reporting uninitialized data to userspace in case of SCSI errors (for example... • https://git.kernel.org/stable/c/5b46903d8bf372e563bf2150d46b87fff197a109 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57945 – riscv: mm: Fix the out of bound issue of vmemmap address
https://notcve.org/view.php?id=CVE-2024-57945
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: ((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)). And the struct page's va can be calculated with an offset: (vmemmap + (pfn)). However, when initializing struct pages, kernel actually starts from the first page from the same section that phys_ram_base belongs to. If the first page's physical addre... • https://git.kernel.org/stable/c/a278d5c60f21aa15d540abb2f2da6e6d795c3e6e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57944 – iio: adc: ti-ads1298: Add NULL check in ads1298_init
https://notcve.org/view.php?id=CVE-2024-57944
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. A check on the return value of such a call in ads1298_init() is missing. Add it. In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. A check on the return value of such a call in ads1298_init() is missing. • https://git.kernel.org/stable/c/00ef7708fa6073a84f6898fdcdfe965d903b0378 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57943 – exfat: fix the new buffer was not zeroed before writing
https://notcve.org/view.php?id=CVE-2024-57943
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses folio_zero_new_buffers() to zero the new buffers before ->write_end(). In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head mar... • https://git.kernel.org/stable/c/6630ea49103c3d45461e29b0f6eb0ce750aeb8f5 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57942 – netfs: Fix ceph copy to cache on write-begin
https://notcve.org/view.php?id=CVE-2024-57942
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix ceph copy to cache on write-begin At the end of netfs_unlock_read_folio() in which folios are marked appropriately for copying to the cache (either with by being marked dirty and having their private data set or by having PG_private_2 set) and then unlocked, the folio_queue struct has the entry pointing to the folio cleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(), which is used to write folios marked with ... • https://git.kernel.org/stable/c/796a4049640b54cb1daf9e7fe543292c5ca02c74 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57941 – netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled
https://notcve.org/view.php?id=CVE-2024-57941
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled (e.g. due to a DIO write on that file), future copying to the cache for that file is disabled until all fds open on that file are closed. However, if netfslib is using the deprecated PG_private_2 method (such as is currently used by ceph), and decides it wants to copy to the cache, netfs_advance_write() will jus... • https://git.kernel.org/stable/c/ee4cdf7ba857a894ad1650d6ab77669cbbfa329e •