CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58013 – Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
https://notcve.org/view.php?id=CVE-2024-58013
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 Read of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961 CPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0 Hardwa... • https://git.kernel.org/stable/c/75e65b983c5e2ee51962bfada98a79d805f28827 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58001 – ocfs2: handle a symlink read error correctly
https://notcve.org/view.php?id=CVE-2024-58001
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;-) So I've redone it as individual patches, and credited Mark for the patches where his code is substantially the same. It's not a bad way to do it; his patch had some bugs and my patches had some bugs. Hopefully all our bugs were different from each other. And h... • https://git.kernel.org/stable/c/cd3e22b206189cbb4a94229002141e1529f83746 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21718 – net: rose: fix timer races against user threads
https://notcve.org/view.php?id=CVE-2025-21718
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174 Read of size 2 at addr ffff88802f09b82a by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0 Ha... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21712 – md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
https://notcve.org/view.php?id=CVE-2025-21712
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct md_bitmap_stats"), following panic is reported: Oops: general protection fault, probably for non-canonical address RIP: 0010:bitmap_get_stats+0x2b/0xa0 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21711 – net/rose: prevent integer overflows in rose_setsockopt()
https://notcve.org/view.php?id=CVE-2025-21711
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsockopt() and multiplied by extra values on top of that, integer overflows may occur. Do the safest minimum and fix these issues by checking the contents of 'opt' and returning -EINVAL if they are too large. Also, switch to unsigned int and remove useless check for negative 'opt' in ROSE_IDLE case. In the Linux kernel... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21708 – net: usb: rtl8150: enable basic endpoint checking
https://notcve.org/view.php?id=CVE-2025-21708
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: enable basic endpoint checking Syzkaller reports [1] encountering a common issue of utilizing a wrong usb endpoint type during URB submitting stage. This, in turn, triggers a warning shown below. For now, enable simple endpoint checking (specifically, bulk and interrupt eps, testing control one is not essential) to mitigate the issue with a view to do other related cosmetic changes later, if they are necessary. [1] Syzkal... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57996 – net_sched: sch_sfq: don't allow 1 packet limit
https://notcve.org/view.php?id=CVE-2024-57996
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixes the following syzkaller reported crash: UBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6 index 65535 is out of range for type 'struct sfq_head[128]' CPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1 Ha... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57976 – btrfs: do proper folio cleanup when cow_file_range() failed
https://notcve.org/view.php?id=CVE-2024-57976
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cow_file_range() failed [BUG] When testing with COW fixup marked as BUG_ON() (this is involved with the new pin_user_pages*() change, which should not result new out-of-band dirty pages), I hit a crash triggered by the BUG_ON() from hitting COW fixup path. This BUG_ON() happens just after a failed btrfs_run_delalloc_range(): BTRFS error (device dm-2): failed to run delalloc range, root 348 ino 405 folio 6... • https://git.kernel.org/stable/c/692cf71173bb41395c855acbbbe197d3aedfa5d4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57975 – btrfs: do proper folio cleanup when run_delalloc_nocow() failed
https://notcve.org/view.php?id=CVE-2024-57975
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when run_delalloc_nocow() failed [BUG] With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crash with the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range failed, start 1146880 end 1253375 len 106496 ret -28 BTRFS error (device dm-3): run_delalloc_nocow failed, start 1146880 end 1253375 len 106496 ret -28 page: refcount:4 mapcount:0 mapping:00000000592787cc index:0x12 pfn:0... • https://git.kernel.org/stable/c/5ae72abbf91eb172ce3a838a4dc34be3c9707296 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49731 – ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
https://notcve.org/view.php?id=CVE-2022-49731
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() In an unlikely (and probably wrong?) case that the 'ppi' parameter of ata_host_alloc_pinfo() points to an array starting with a NULL pointer, there's going to be a kernel oops as the 'pi' local variable won't get reassigned from the initial value of NULL. Initialize 'pi' instead to '&ata_dummy_port_info' to fix the possible kernel oops for good... Found by Linux Verification... • https://git.kernel.org/stable/c/ca4693e6e06e4fd2b240c0fec47aa2498c94848e • CWE-476: NULL Pointer Dereference •