CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22103 – net: fix NULL pointer dereference in l3mdev_l3_rcv
https://notcve.org/view.php?id=CVE-2025-22103
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdev_l3_rcv When delete l3s ipvlan: ip link del link eth0 ipvlan1 type ipvlan mode l3s This may cause a null pointer dereference: Call trace: ip_rcv_finish+0x48/0xd0 ip_rcv+0x5c/0x100 __netif_receive_skb_one_core+0x64/0xb0 __netif_receive_skb+0x20/0x80 process_backlog+0xb4/0x204 napi_poll+0xe8/0x294 net_rx_action+0xd8/0x22c __do_softirq+0x12c/0x354 This is because l3mdev_l3_rcv() visit dev->l3mdev_ops ... • https://git.kernel.org/stable/c/c675e06a98a474f7ad0af32ce467613da818da52 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22102 – Bluetooth: btnxpuart: Fix kernel panic during FW release
https://notcve.org/view.php?id=CVE-2025-22102
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix kernel panic during FW release This fixes a kernel panic seen during release FW in a stress test scenario where WLAN and BT FW download occurs simultaneously, and due to a HW bug, chip sends out only 1 bootloader signatures. When driver receives the bootloader signature, it enters FW download mode, but since no consequtive bootloader signatures seen, FW file is not requested. After 60 seconds, when FW download time... • https://git.kernel.org/stable/c/689ca16e523278470c38832a3010645a78c544d8 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22101 – net: libwx: fix Tx L4 checksum
https://notcve.org/view.php?id=CVE-2025-22101
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix Tx L4 checksum The hardware only supports L4 checksum offload for TCP/UDP/SCTP protocol. There was a bug to set Tx checksum flag for the other protocol that results in Tx ring hang. Fix to compute software checksum for these packets. In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix Tx L4 checksum The hardware only supports L4 checksum offload for TCP/UDP/SCTP protocol. There was a bug to se... • https://git.kernel.org/stable/c/3403960cdf86c967442dccc2bec981e0093f716e •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22100 – drm/panthor: Fix race condition when gathering fdinfo group samples
https://notcve.org/view.php?id=CVE-2025-22100
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 ("drm/panthor: add DRM fdinfo support") failed to protect access to groups with an xarray lock, which could lead to use-after-free errors. In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 ("drm/panthor: add DRM fdinfo support") failed to protect acc... • https://git.kernel.org/stable/c/e16635d88fa07ba5801aa9e57ad7fe3c053234e4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22098 – drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set()
https://notcve.org/view.php?id=CVE-2025-22098
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() Instead of attempting the same mutex twice, lock and unlock it. This bug has been detected by the Clang thread-safety analyzer. • https://git.kernel.org/stable/c/28edaacb821c69241f6c0be6bbd29f7145f1b44f •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22097 – drm/vkms: Fix use after free and double free on init error
https://notcve.org/view.php?id=CVE-2025-22097
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it. Fix both possible errors by initializing default_config only when the driver initialization succeeded. In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If ... • https://git.kernel.org/stable/c/2df7af93fdadb9ba8226fe443fae15ecdefda2a6 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22095 – PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
https://notcve.org/view.php?id=CVE-2025-22095
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulator_bulk_get() If the regulator_bulk_get() returns an error and no regulators are created, we need to set their number to zero. If we don't do this and the PCIe link up fails, a call to the regulator_bulk_free() will result in a kernel panic. While at it, print the error value, as we cannot return an error upwards as the kernel will WARN() on an error from add_bus(). [kwilczynski: commit lo... • https://git.kernel.org/stable/c/9e6be018b26347c26a93e63fb50a37ee2c9311de •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22094 – powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'
https://notcve.org/view.php?id=CVE-2025-22094
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' Commit 176cda0619b6 ("powerpc/perf: Add perf interface to expose vpa counters") introduced 'vpa_pmu' to expose Book3s-HV nested APIv2 provided L1<->L2 context switch latency counters to L1 user-space via perf-events. However the newly introduced PMU named 'vpa_pmu' doesn't assign ownership of the PMU to the module 'vpa_pmu'. Consequently the module 'vpa_pmu' can be unloaded while one of th... • https://git.kernel.org/stable/c/176cda0619b6c17a553625f6e2fcbc3981ad667d •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22093 – drm/amd/display: avoid NPD when ASIC does not support DMUB
https://notcve.org/view.php?id=CVE-2025-22093
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is tested in dm_dmub_sw_init. However, it will be dereferenced in dmub_hw_lock_mgr_cmd if should_use_dmub_lock returns true. This has been the case since dmub support has been added for PSR1. Fix this by checking for dmub_srv in should_use_dmub_lock. [ 37.440832] BUG: kernel NULL pointer dereference, address: 000000... • https://git.kernel.org/stable/c/b7d2461858ac75c9d6bc4ab8af1a738d0814b716 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22092 – PCI: Fix NULL dereference in SR-IOV VF creation error path
https://notcve.org/view.php?id=CVE-2025-22092
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when pci_setup_device() fails. Add pci_iov_scan_device(), which handles virtfn allocation and setup and cleans up if pci_setup_device() fails, so pci_iov_add_virtfn() doesn't need to call pci_stop_and_remove_bus_device(). Thi... • https://git.kernel.org/stable/c/e3f30d563a388220a7c4e3b9a7b52ac0b0324b26 •