CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58002 – media: uvcvideo: Remove dangling pointers
https://notcve.org/view.php?id=CVE-2024-58002
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be anytime in the future. If the user closes that file descriptor, its structure will be freed, and there will be one dangling pointer per pending async control, that the driver will try to use. Clean all the dangling pointers during releas... • https://git.kernel.org/stable/c/e5225c820c057537dc780244760e2e24c7d27366 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58001 – ocfs2: handle a symlink read error correctly
https://notcve.org/view.php?id=CVE-2024-58001
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;-) So I've redone it as individual patches, and credited Mark for the patches where his code is substantially the same. It's not a bad way to do it; his patch had some bugs and my patches had some bugs. Hopefully all our bugs were different from each other. And h... • https://git.kernel.org/stable/c/6e143eb4ab83c24e7ad3e3d8e7daa241d9c38377 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21731 – nbd: don't allow reconnect after disconnect
https://notcve.org/view.php?id=CVE-2025-21731
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: don't allow reconnect after disconnect Following process can cause nbd_config UAF: 1) grab nbd_config temporarily; 2) nbd_genl_disconnect() flush all recv_work() and release the initial reference: nbd_genl_disconnect nbd_disconnect_and_put nbd_disconnect flush_workqueue(nbd->recv_workq) if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...)) nbd_config_put -> due to step 1), reference is still not zero 3) nbd_genl_reconfigure() queue recv_... • https://git.kernel.org/stable/c/b7aa3d39385dc2d95899f9e379623fef446a2acd •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21729 – wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
https://notcve.org/view.php?id=CVE-2025-21729
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally, so cancel_hw_scan can pass the condition, but suddenly hw_scan completion unset the flag and calls ieee80211_scan_completed() that will free local->hw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and use-after-free. Fix it by moving the check condition to where protected by mutex. KASAN: null-ptr-deref i... • https://git.kernel.org/stable/c/895907779752606f6a4795abfc008509f8e38314 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21728 – bpf: Send signals asynchronously if !preemptible
https://notcve.org/view.php?id=CVE-2025-21728
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep. Change `irqs_disabled()` to `!preemptible()`. • https://git.kernel.org/stable/c/1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21727 – padata: fix UAF in padata_reorder
https://notcve.org/view.php?id=CVE-2025-21727
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padata_reorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+ Workqueue: pdecrypt_parallel padata_parallel_worker Call Trace:
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21726 – padata: avoid UAF for reorder_work
https://notcve.org/view.php?id=CVE-2025-21726
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorder_work Although the previous patch can avoid ps and ps UAF for _do_serial, it can not avoid potential UAF issue for reorder_work. This issue can happen just as below: crypto_request crypto_request crypto_del_alg padata_do_serial ... padata_reorder // processes all remaining // requests then breaks while (1) { if (!padata) break; ... } padata_do_serial // new request added list_add // sees the new request queue_wo... • https://git.kernel.org/stable/c/bbefa1dd6a6d53537c11624752219e39959d04fb •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21722 – nilfs2: do not force clear folio if buffer is referenced
https://notcve.org/view.php?id=CVE-2025-21722
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not force clear folio if buffer is referenced Patch series "nilfs2: protect busy buffer heads from being force-cleared". This series fixes the buffer head state inconsistency issues reported by syzbot that occurs when the filesystem is corrupted and falls back to read-only, and the associated buffer head use-after-free issue. This patch (of 2): Syzbot has reported that after nilfs2 detects filesystem corruption and falls back to ... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21721 – nilfs2: handle errors that nilfs_prepare_chunk() may return
https://notcve.org/view.php?id=CVE-2025-21721
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfs_prepare_chunk() may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUG_ON check failures reported by syzbot around rename operations, and a minor behavioral issue where the mtime of a child directory changes when it is renamed instead of moved. This patch (of 2): The directory manipulation routines nilfs_set_link() and nilfs_delete_entry() rewrite the directory entry in th... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21719 – ipmr: do not call mr_mfc_uses_dev() for unres entries
https://notcve.org/view.php?id=CVE-2025-21719
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipmr: do not call mr_mfc_uses_dev() for unres entries syzbot found that calling mr_mfc_uses_dev() for unres entries would crash [1], because c->mfc_un.res.minvif / c->mfc_un.res.maxvif alias to "struct sk_buff_head unresolved", which contain two pointers. This code never worked, lets remove it. [1] Unable to handle kernel paging request at virtual address ffff5fff2d536613 KASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffeff... • https://git.kernel.org/stable/c/cb167893f41e21e6bd283d78e53489289dc0592d •