CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-58006 – PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
https://notcve.org/view.php?id=CVE-2024-58006
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") set_bar() was modified to support dynamically changing the backing physical address of a BAR that was already configured. This means that set_bar() can be called twice, without ever calling clear_bar() (as calling clear_bar() would clear the BAR's PCI address assigned by the hos... • https://git.kernel.org/stable/c/4284c88fff0efc4e418abb53d78e02dc4f099d6c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58005 – tpm: Change to kvalloc() in eventlog/acpi.c
https://notcve.org/view.php?id=CVE-2024-58005
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155... • https://git.kernel.org/stable/c/55a82ab3181be039c6440d3f2f69260ad6fe2988 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58002 – media: uvcvideo: Remove dangling pointers
https://notcve.org/view.php?id=CVE-2024-58002
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be anytime in the future. If the user closes that file descriptor, its structure will be freed, and there will be one dangling pointer per pending async control, that the driver will try to use. Clean all the dangling pointers during releas... • https://git.kernel.org/stable/c/e5225c820c057537dc780244760e2e24c7d27366 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58001 – ocfs2: handle a symlink read error correctly
https://notcve.org/view.php?id=CVE-2024-58001
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;-) So I've redone it as individual patches, and credited Mark for the patches where his code is substantially the same. It's not a bad way to do it; his patch had some bugs and my patches had some bugs. Hopefully all our bugs were different from each other. And h... • https://git.kernel.org/stable/c/6e143eb4ab83c24e7ad3e3d8e7daa241d9c38377 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21731 – nbd: don't allow reconnect after disconnect
https://notcve.org/view.php?id=CVE-2025-21731
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: don't allow reconnect after disconnect Following process can cause nbd_config UAF: 1) grab nbd_config temporarily; 2) nbd_genl_disconnect() flush all recv_work() and release the initial reference: nbd_genl_disconnect nbd_disconnect_and_put nbd_disconnect flush_workqueue(nbd->recv_workq) if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...)) nbd_config_put -> due to step 1), reference is still not zero 3) nbd_genl_reconfigure() queue recv_... • https://git.kernel.org/stable/c/b7aa3d39385dc2d95899f9e379623fef446a2acd •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21729 – wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
https://notcve.org/view.php?id=CVE-2025-21729
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally, so cancel_hw_scan can pass the condition, but suddenly hw_scan completion unset the flag and calls ieee80211_scan_completed() that will free local->hw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and use-after-free. Fix it by moving the check condition to where protected by mutex. KASAN: null-ptr-deref i... • https://git.kernel.org/stable/c/895907779752606f6a4795abfc008509f8e38314 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21728 – bpf: Send signals asynchronously if !preemptible
https://notcve.org/view.php?id=CVE-2025-21728
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep. Change `irqs_disabled()` to `!preemptible()`. • https://git.kernel.org/stable/c/1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21727 – padata: fix UAF in padata_reorder
https://notcve.org/view.php?id=CVE-2025-21727
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padata_reorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+ Workqueue: pdecrypt_parallel padata_parallel_worker Call Trace:
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21726 – padata: avoid UAF for reorder_work
https://notcve.org/view.php?id=CVE-2025-21726
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorder_work Although the previous patch can avoid ps and ps UAF for _do_serial, it can not avoid potential UAF issue for reorder_work. This issue can happen just as below: crypto_request crypto_request crypto_del_alg padata_do_serial ... padata_reorder // processes all remaining // requests then breaks while (1) { if (!padata) break; ... } padata_do_serial // new request added list_add // sees the new request queue_wo... • https://git.kernel.org/stable/c/bbefa1dd6a6d53537c11624752219e39959d04fb •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21725 – smb: client: fix oops due to unset link speed
https://notcve.org/view.php?id=CVE-2025-21725
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to unset link speed It isn't guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always be set by the server, so the client must handle any values and then prevent oopses like below from happening: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:cifs_debug_... • https://git.kernel.org/stable/c/548893404c44fc01a59f17727876e02553146fe6 •