CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21745 – blk-cgroup: Fix class @block_class's subsystem refcount leakage
https://notcve.org/view.php?id=CVE-2025-21745
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount leakage blkcg_fill_root_iostats() iterates over @block_class's devices by class_dev_iter_(init|next)(), but does not end iterating with class_dev_iter_exit(), so causes the class's subsystem refcount leakage. Fix by ending the iterating with class_dev_iter_exit(). • https://git.kernel.org/stable/c/ef45fe470e1e5410db4af87abc5d5055427945ac •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21744 – wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
https://notcve.org/view.php?id=CVE-2025-21744
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the interface: brcmf_detach() brcmf_remove_interface() brcmf_del_if() Inside the brcmf_del_if() function the drvr->if2bss[ifidx] is updated to BRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches. After brcmf_remove_interface() call the brcmf_p... • https://git.kernel.org/stable/c/4e51d6d093e763348916e69d06d87e0a5593661b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21743 – usbnet: ipheth: fix possible overflow in DPE length check
https://notcve.org/view.php?id=CVE-2025-21743
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength > U16_MAX. This could lead to an OoB read. Move the wDatagramIndex term to the other side of the inequality. An existing condition ensures that wDatagramIndex < urb->actual_length. • https://git.kernel.org/stable/c/a2d274c62e44b1995c170595db3865c6fe701226 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21742 – usbnet: ipheth: use static NDP16 location in URB
https://notcve.org/view.php?id=CVE-2025-21742
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based on the `wNdpIndex` value in NTH16. Only the start position of NDP16 was checked, so it was possible for even the fixed-length part of NDP16 to extend past the end of URB, leading to an out-of-bounds read. On iOS devices, the NDP16 header always directly follows NTH16. Rely on and check for this specific format. T... • https://git.kernel.org/stable/c/a2d274c62e44b1995c170595db3865c6fe701226 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21741 – usbnet: ipheth: fix DPE OoB read
https://notcve.org/view.php?id=CVE-2025-21741
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header. • https://git.kernel.org/stable/c/a2d274c62e44b1995c170595db3865c6fe701226 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21739 – scsi: ufs: core: Fix use-after free in init error and remove paths
https://notcve.org/view.php?id=CVE-2025-21739
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix use-after free in init error and remove paths devm_blk_crypto_profile_init() registers a cleanup handler to run when the associated (platform-) device is being released. For UFS, the crypto private data and pointers are stored as part of the ufs_hba's data structure 'struct ufs_hba::crypto_profile'. This structure is allocated as part of the underlying ufshcd and therefore Scsi_host allocation. During driver release or ... • https://git.kernel.org/stable/c/d76d9d7d1009968dd3a0fc30e5f5ee9fbffc1350 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21738 – ata: libata-sff: Ensure that we cannot write outside the allocated buffer
https://notcve.org/view.php?id=CVE-2025-21738
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len set to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to ATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to write outside the allocated buffer, overwriting random memory. While a ATA device is supposed to abort a ATA_NOP command, there does seem to be a bug... • https://git.kernel.org/stable/c/a8f8cf87059ed1905c2a5c72f8b39a4f57b11b4c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21737 – ceph: fix memory leak in ceph_mds_auth_match()
https://notcve.org/view.php?id=CVE-2025-21737
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_mds_auth_match() We now free the temporary target path substring allocation on every possible branch, instead of omitting the default branch. In some cases, a memory leak occured, which could rapidly crash the system (depending on how many file accesses were attempted). This was detected in production because it caused a continuous memory growth, eventually triggering kernel OOM and completely hard-locking the ... • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21736 – nilfs2: fix possible int overflows in nilfs_fiemap()
https://notcve.org/view.php?id=CVE-2025-21736
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix possible int overflows in nilfs_fiemap() Since nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result by being prepared to go through potentially maxblocks == INT_MAX blocks, the value in n may experience an overflow caused by left shift of blkbits. While it is extremely unlikely to occur, play it safe and cast right hand expression to wider type to mitigate the issue. Found by Linux Verification Center (linuxtesting... • https://git.kernel.org/stable/c/622daaff0a8975fb5c5b95f24f3234550ba32e92 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21735 – NFC: nci: Add bounds checking in nci_hci_create_pipe()
https://notcve.org/view.php?id=CVE-2025-21735
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, nci_hci_connect_gate(). • https://git.kernel.org/stable/c/a1b0b9415817c14d207921582f269d03f848b69f •