CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21908 – NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback
https://notcve.org/view.php?id=CVE-2025-21908
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd enduced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS's call to __filemap_get_folio): 607... • https://git.kernel.org/stable/c/96780ca55e3cbf4f150fd5a833a61492c9947b5b •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21907 – mm: memory-failure: update ttu flag inside unmap_poisoned_folio
https://notcve.org/view.php?id=CVE-2025-21907
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: memory-failure: update ttu flag inside unmap_poisoned_folio Patch series "mm: memory_failure: unmap poisoned folio during migrate properly", v3. Fix two bugs during folio migration if the folio is poisoned. This patch (of 3): Commit 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON") introduce TTU_HWPOISON to replace TTU_IGNORE_HWPOISON in order to stop send SIGBUS signal when accessing an error page after a memory... • https://git.kernel.org/stable/c/6da6b1d4a7df8c35770186b53ef65d388398e139 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21905 – wifi: iwlwifi: limit printed string from FW file
https://notcve.org/view.php?id=CVE-2025-21905
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit print... • https://git.kernel.org/stable/c/aee1b6385e29e472ae5592b9652b750a29bf702e •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21904 – caif_virtio: fix wrong pointer check in cfv_probe()
https://notcve.org/view.php?id=CVE-2025-21904
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for NULL before calling it, not cfv->vdev. Also the current implementation is redundant because the pointer cfv->vdev is dereferenced before it is checked for NULL. Fix this by checking cfv->vq_tx for NULL instead of cfv->vdev before calling del_vqs(). In the Linux kernel, the following vulnerability has been resolv... • https://git.kernel.org/stable/c/0d2e1a2926b1839a4b74519e660739b2566c9386 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21899 – tracing: Fix bad hist from corrupting named_triggers list
https://notcve.org/view.php?id=CVE-2025-21899
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting named_triggers list The following commands causes a crash: ~# cd /sys/kernel/tracing/events/rcu/rcu_callback ~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' > trigger bash: echo: write error: Invalid argument ~# echo 'hist:name=bad:keys=common_pid' > trigger Because the following occurs: event_trigger_write() { trigger_process_regex() { event_hist_trigger_parse() { data = event_tri... • https://git.kernel.org/stable/c/067fe038e70f6e64960d26a79c4df5f1413d0f13 •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-21898 – ftrace: Avoid potential division by zero in function_stat_show()
https://notcve.org/view.php?id=CVE-2025-21898
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier. In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_s... • https://git.kernel.org/stable/c/f0629ee3922f10112584b1898491fecc74d98b3b •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21895 – perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list
https://notcve.org/view.php?id=CVE-2025-21895
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same perf_event_pmu_context, but not in the same order. The problem is that the order of pmu_ctx_list for the parent is impacted by the time when an event/PMU is added. While the order for a child is impacted by the event order in... • https://git.kernel.org/stable/c/bd27568117664b8b3e259721393df420ed51f57b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21894 – net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC
https://notcve.org/view.php?id=CVE-2025-21894
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Actually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only ENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash if VFs are used to test one-step timestamp, the crash log as follows. [ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0 [ 129.287769] Call trace: [ 129.290219] enetc_port_mac_wr+0x30/0xec (P) [ 129.294504... • https://git.kernel.org/stable/c/41514737ecaa603a5127cdccdc5f17ef11b9b3dc •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53033 – netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
https://notcve.org/view.php?id=CVE-2023-53033
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet + vlan header are copied directly from the skbuff data area. Fix incorrect arithmetic operator: subtract, not add, the size of the vlan header in case of dou... • https://git.kernel.org/stable/c/f6ae9f120dada00abfb47313364c35118469455f •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53032 – netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
https://notcve.org/view.php?id=CVE-2023-53032
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) is subject to overflow due to a failure casting operands to a larger data type before performing the arithmetic. Note that it's harmless since the value will be checked at the next step. Found by InfoTeCS on behalf of Linux Verificat... • https://git.kernel.org/stable/c/b9fed748185a96b7cfe74afac4bd228e8af16f01 •