CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21799 – net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
https://notcve.org/view.php?id=CVE-2025-21799
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() When getting the IRQ we use k3_udma_glue_tx_get_irq() which returns negative error value on error. So not NULL check is not sufficient to deteremine if IRQ is valid. Check that IRQ is greater then zero to ensure it is valid. There is no issue at probe time but at runtime user can invoke .set_channels which results in the following call chain. am65_cpsw_set_chan... • https://git.kernel.org/stable/c/93a76530316a3d8cc2d82c3deca48424fee92100 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58034 – memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
https://notcve.org/view.php?id=CVE-2024-58034
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() As of_find_node_by_name() release the reference of the argument device node, tegra_emc_find_node_by_ram_code() releases some device nodes while still in use, resulting in possible UAFs. According to the bindings and the in-tree DTS files, the "emc-tables" node is always device's child node with the property "nvidia,use-ram-code", and the "lpddr2" node is ... • https://git.kernel.org/stable/c/96e5da7c842424bcf64afe1082b960b42b96190b • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21796 – nfsd: clear acl_access/acl_default after releasing them
https://notcve.org/view.php?id=CVE-2025-21796
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously. However, acl_access will still retain a pointer pointing to the released posix_acl, which will trigger a WARNING in nfs3svc_release_getacl like this: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 26 PID: 3199 at lib/refcount.c:28 refcount_warn_saturate+0... • https://git.kernel.org/stable/c/a257cdd0e2179630d3201c32ba14d7fcb3c3a055 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21795 – NFSD: fix hang in nfsd4_shutdown_callback
https://notcve.org/view.php?id=CVE-2025-21795
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: fix hang in nfsd4_shutdown_callback If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped. This patch modifies nfsd4_run_cb_work to skip the RPC call if nfs4_client is in courtesy state. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/66af25799940b26efd41ea6e648f75c41a48a2c2 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21793 – spi: sn-f-ospi: Fix division by zero
https://notcve.org/view.php?id=CVE-2025-21793
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: sn-f-ospi: Fix division by zero When there is no dummy cycle in the spi-nor commands, both dummy bus cycle bytes and width are zero. Because of the cpu's warning when divided by zero, the warning should be avoided. Return just zero to avoid such calculations. In the Linux kernel, the following vulnerability has been resolved: spi: sn-f-ospi: Fix division by zero When there is no dummy cycle in the spi-nor commands, both dummy bus cycle... • https://git.kernel.org/stable/c/1b74dd64c8612619e399e5a31da79a3636914495 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2025-21792 – ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
https://notcve.org/view.php?id=CVE-2025-21792
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SO_BINDTODEVICE socket option, a refcount leak will occur in ax25_release(). Commit 9fd75b66b8f6 ("ax25: Fix refcount leaks caused by ax25_cb_del()") added decrement of device refcounts in ax25_release(). In order for that to work correctly the refcounts must already be incremented when the device is bound to the socket. A... • https://git.kernel.org/stable/c/9fd75b66b8f68498454d685dc4ba13192ae069b0 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21791 – vrf: use RCU protection in l3mdev_l3_out()
https://notcve.org/view.php?id=CVE-2025-21791
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendmsg() ip_push_pending_frames() ip_send_skb() ip_local_out() __ip_local_out() l3mdev_ip_out() Add rcu_read_lock() / rcu_read_unlock() pair to avoid a potential UAF. In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendms... • https://git.kernel.org/stable/c/a8e3e1a9f02094145580ea7920c6a1d9aabd5539 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21790 – vxlan: check vxlan_vnigroup_init() return value
https://notcve.org/view.php?id=CVE-2025-21790
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlan_vnigroup_init() return value vxlan_init() must check vxlan_vnigroup_init() success otherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167] CPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975... • https://git.kernel.org/stable/c/f9c4bb0b245cee35ef66f75bf409c9573d934cf9 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21789 – LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
https://notcve.org/view.php?id=CVE-2025-21789
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bit system") would cause an undefined shift and an out-of-bounds read. Commit 8bd795fedb84 ("arm64: csum: Fix OoB access in IP checksum code for negative lengths") fixes the same issue on ARM64. In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP chec... • https://git.kernel.org/stable/c/69e3a6aa6be21de6aaf38130fad97ecde34a193c •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21787 – team: better TEAM_OPTION_TYPE_STRING validation
https://notcve.org/view.php?id=CVE-2025-21787
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1] BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline] BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714 string_nocheck lib/vsprintf.c:633 [inline] string+0x3ec/0x5f0 lib/vsprintf.c:714 vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843 __request_module+0x252/0x9f0 kernel/module/... • https://git.kernel.org/stable/c/3d249d4ca7d0ed6629a135ea1ea21c72286c0d80 •