CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21919 – sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
https://notcve.org/view.php?id=CVE-2025-21919
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leaf_cfs_rq_list and the task group (tg) pointer within the struct, this can cause a memory fault or access garbage data.... • https://git.kernel.org/stable/c/fdaba61ef8a268d4136d0a113d153f7a89eb9984 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21918 – usb: typec: ucsi: Fix NULL pointer access
https://notcve.org/view.php?id=CVE-2025-21918
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated workqueue to complete before deallocating them. In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that ut... • https://git.kernel.org/stable/c/b9aa02ca39a49740926c2c450a1505a4a0f8954a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21917 – usb: renesas_usbhs: Flush the notify_hotplug_work
https://notcve.org/view.php?id=CVE-2025-21917
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Flush the notify_hotplug_work When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhsc_notify_hotplug() function. Flush the delayed work to avoid its execution when driver resources are unavailable. In the Linux kernel, the follow... • https://git.kernel.org/stable/c/bc57381e634782009b1cb2e86b18013699ada576 •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2025-21916 – usb: atm: cxacru: fix a flaw in existing endpoint checks
https://notcve.org/view.php?id=CVE-2025-21916
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. This time the issue stems from a commit authored by me (2eabb655a968 ("usb: atm: cxacru: fix endpoint checking in cxacru_bind()")). While using usb_find_common_endpoints() may usually be enough to discard devices with wrong endpoints, in this case one needs more than just finding and identifying the sufficient numb... • https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21915 – cdx: Fix possible UAF error in driver_override_show()
https://notcve.org/view.php?id=CVE-2025-21915
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). These functions can be executed concurrently in sysfs. The driver_override_store() function uses driver_set_override() to update the driver_override value, and driver_set_overrid... • https://git.kernel.org/stable/c/2959ab247061e67485d83b6af8feb3761ec08cb9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21914 – slimbus: messaging: Free transaction ID in delayed interrupt scenario
https://notcve.org/view.php?id=CVE-2025-21914
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slim_do_transfer() returns timeout error but the transaction ID (TID) is not freed. This results into invalid memory access inside qcom_slim_ngd_rx_msgq_cb() due to invalid TID. Fix the issue by freeing the TID in slim_do_transfer() before returning timeout error to avoid invalid memory access. Call trace: __memcpy_fromio+0x20/0x... • https://git.kernel.org/stable/c/afbdcc7c384b0d446da08b1e0901dc176b41b9e0 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21913 – x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
https://notcve.org/view.php?id=CVE-2025-21913
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Xen doesn't offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results in the following warning: unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0) Call Trace: xen_read_msr+0x1e/0x30 amd_get_mmconfig_range+0x2b/0x80 quirk_amd_mmconfig_area+0x28/0x100 pnp_fixup_device+0x39/0x50 __pnp_add_device+0xf/0x150 pnp_add_device+0x3d/0x100 p... • https://git.kernel.org/stable/c/3fac3734c43a2e21fefeb72124d8bd31dff3956f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21912 – gpio: rcar: Use raw_spinlock to protect register access
https://notcve.org/view.php?id=CVE-2025-21912
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: rcar: Use raw_spinlock to protect register access Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access. [ 4.239592] ============================= [ 4.239595] [ BUG: Invalid wait context ] [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted [ 4.239603] ----------------------------- [ 4.239606] kworker/u8:5/76 ... • https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21911 – drm/imagination: avoid deadlock on fence release
https://notcve.org/view.php?id=CVE-2025-21911
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/imagination: avoid deadlock on fence release Do scheduler queue fence release processing on a workqueue, rather than in the release function itself. Fixes deadlock issues such as the following: [ 607.400437] ============================================ [ 607.405755] WARNING: possible recursive locking detected [ 607.415500] -------------------------------------------- [ 607.420817] weston:zfq0/24149 is trying to acquire lock: [ 607.4261... • https://git.kernel.org/stable/c/eaf01ee5ba28b97f96a3d3eec4c5fbfb37ee4cde •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21910 – wifi: cfg80211: regulatory: improve invalid hints checking
https://notcve.org/view.php?id=CVE-2025-21910
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue [1] that occurs when erroneous symbols sent from userspace get through into user_alpha2[] via regulatory_hint_user() call. Such invalid regulatory hints should be rejected. While a sanity check from commit 47caf685a685 ("cfg80211: regulatory: reject invalid hints") looks to be enough to deter these very cases, there is a way to get around it due to 2 ... • https://git.kernel.org/stable/c/09d989d179d0c679043556dda77c51b41a2dae7e •