CVSS: 9.8EPSS: %CPEs: 8EXPL: 0CVE-2025-21904 – caif_virtio: fix wrong pointer check in cfv_probe()
https://notcve.org/view.php?id=CVE-2025-21904
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for NULL before calling it, not cfv->vdev. Also the current implementation is redundant because the pointer cfv->vdev is dereferenced before it is checked for NULL. Fix this by checking cfv->vq_tx for NULL instead of cfv->vdev before calling del_vqs(). In the Linux kernel, the following vulnerability has been resolv... • https://git.kernel.org/stable/c/0d2e1a2926b1839a4b74519e660739b2566c9386 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-21899 – tracing: Fix bad hist from corrupting named_triggers list
https://notcve.org/view.php?id=CVE-2025-21899
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting named_triggers list The following commands causes a crash: ~# cd /sys/kernel/tracing/events/rcu/rcu_callback ~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' > trigger bash: echo: write error: Invalid argument ~# echo 'hist:name=bad:keys=common_pid' > trigger Because the following occurs: event_trigger_write() { trigger_process_regex() { event_hist_trigger_parse() { data = event_tri... • https://git.kernel.org/stable/c/067fe038e70f6e64960d26a79c4df5f1413d0f13 •
CVSS: 9.8EPSS: %CPEs: 13EXPL: 0CVE-2025-21898 – ftrace: Avoid potential division by zero in function_stat_show()
https://notcve.org/view.php?id=CVE-2025-21898
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier. In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_s... • https://git.kernel.org/stable/c/f0629ee3922f10112584b1898491fecc74d98b3b •
CVSS: 4.7EPSS: %CPEs: 4EXPL: 0CVE-2025-21895 – perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list
https://notcve.org/view.php?id=CVE-2025-21895
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same perf_event_pmu_context, but not in the same order. The problem is that the order of pmu_ctx_list for the parent is impacted by the time when an event/PMU is added. While the order for a child is impacted by the event order in... • https://git.kernel.org/stable/c/bd27568117664b8b3e259721393df420ed51f57b •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-21894 – net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC
https://notcve.org/view.php?id=CVE-2025-21894
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Actually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only ENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash if VFs are used to test one-step timestamp, the crash log as follows. [ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0 [ 129.287769] Call trace: [ 129.290219] enetc_port_mac_wr+0x30/0xec (P) [ 129.294504... • https://git.kernel.org/stable/c/41514737ecaa603a5127cdccdc5f17ef11b9b3dc •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53033 – netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
https://notcve.org/view.php?id=CVE-2023-53033
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet + vlan header are copied directly from the skbuff data area. Fix incorrect arithmetic operator: subtract, not add, the size of the vlan header in case of dou... • https://git.kernel.org/stable/c/f6ae9f120dada00abfb47313364c35118469455f •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53032 – netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
https://notcve.org/view.php?id=CVE-2023-53032
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) is subject to overflow due to a failure casting operands to a larger data type before performing the arithmetic. Note that it's harmless since the value will be checked at the next step. Found by InfoTeCS on behalf of Linux Verificat... • https://git.kernel.org/stable/c/b9fed748185a96b7cfe74afac4bd228e8af16f01 •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53031 – powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
https://notcve.org/view.php?id=CVE-2023-53031
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEP and CONFIG_PROVE_LOCKING enabled, while running a thread_imc event. Command to trigger the warning: # perf stat -e thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/ sleep 5 Performance counter stats for 'sleep 5': 0 thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/ 5.002117947 seconds time elapsed 0.000131000 seconds user 0.001063000 ... • https://git.kernel.org/stable/c/8f95faaac56c18b32d0e23ace55417a440abdb7e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53030 – octeontx2-pf: Avoid use of GFP_KERNEL in atomic context
https://notcve.org/view.php?id=CVE-2023-53030
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context Using GFP_KERNEL in preemption disable context, causing below warning when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. [ 32.542271] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 [ 32.550883] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0 [ 32.558707] preempt_count: 1, expected: 0 [ 32.562710] RCU nest depth: 0, expected: 0 [ 32.... • https://git.kernel.org/stable/c/6ea5273c71dd2d07c0a2459594eb34bc087939f7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53029 – octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt
https://notcve.org/view.php?id=CVE-2023-53029
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_freeptr() callback, but it also unnecessarily disable the preemption for the blockable memory allocation. The commit 87b93b678e95 ("octeontx2-pf: Avoid use of GFP_KERNEL in atomic context") tried to fix these sleep inside atomic warnin... • https://git.kernel.org/stable/c/6ea5273c71dd2d07c0a2459594eb34bc087939f7 •