CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21747 – drm/ast: astdp: Fix timeout for enabling video signal
https://notcve.org/view.php?id=CVE-2025-21747
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the timeout to 1 second. An example of the error message is shown below. [ 697.084433] ------------[ cut here ]------------ [ 697.091115] ast 0000:02:00.0: [drm] drm_WARN_ON(!__ast_dp_wait_enable(ast, enabled)) [ 697.0912... • https://git.kernel.org/stable/c/4e29cc7c5c673299cfbaf4982fc8b6a72c9f706f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21746 – Input: synaptics - fix crash when enabling pass-through port
https://notcve.org/view.php?id=CVE-2025-21746
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse instance presumably associated with the pass-through port to figure out if only 1 byte of response or entire protocol packet needs to be forwarded to the pass-through port and may crash if psmouse instance has not been... • https://git.kernel.org/stable/c/100e16959c3ca8cb7be788ed3e2c5867481f35f6 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21745 – blk-cgroup: Fix class @block_class's subsystem refcount leakage
https://notcve.org/view.php?id=CVE-2025-21745
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount leakage blkcg_fill_root_iostats() iterates over @block_class's devices by class_dev_iter_(init|next)(), but does not end iterating with class_dev_iter_exit(), so causes the class's subsystem refcount leakage. Fix by ending the iterating with class_dev_iter_exit(). • https://git.kernel.org/stable/c/ef45fe470e1e5410db4af87abc5d5055427945ac •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21744 – wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
https://notcve.org/view.php?id=CVE-2025-21744
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the interface: brcmf_detach() brcmf_remove_interface() brcmf_del_if() Inside the brcmf_del_if() function the drvr->if2bss[ifidx] is updated to BRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches. After brcmf_remove_interface() call the brcmf_p... • https://git.kernel.org/stable/c/4e51d6d093e763348916e69d06d87e0a5593661b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21743 – usbnet: ipheth: fix possible overflow in DPE length check
https://notcve.org/view.php?id=CVE-2025-21743
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength > U16_MAX. This could lead to an OoB read. Move the wDatagramIndex term to the other side of the inequality. An existing condition ensures that wDatagramIndex < urb->actual_length. • https://git.kernel.org/stable/c/a2d274c62e44b1995c170595db3865c6fe701226 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21742 – usbnet: ipheth: use static NDP16 location in URB
https://notcve.org/view.php?id=CVE-2025-21742
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based on the `wNdpIndex` value in NTH16. Only the start position of NDP16 was checked, so it was possible for even the fixed-length part of NDP16 to extend past the end of URB, leading to an out-of-bounds read. On iOS devices, the NDP16 header always directly follows NTH16. Rely on and check for this specific format. T... • https://git.kernel.org/stable/c/a2d274c62e44b1995c170595db3865c6fe701226 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21741 – usbnet: ipheth: fix DPE OoB read
https://notcve.org/view.php?id=CVE-2025-21741
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header. • https://git.kernel.org/stable/c/a2d274c62e44b1995c170595db3865c6fe701226 •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21740 – KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking
https://notcve.org/view.php?id=CVE-2025-21740
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking When waking a VM's NX huge page recovery thread, ensure the thread is actually alive before trying to wake it. Now that the thread is spawned on-demand during KVM_RUN, a VM without a recovery thread is reachable via the related module params. BUG: kernel NULL pointer dereference, address: 0000000000000040 #PF: supervisor read access in kernel mode #PF: error_code(0x000... • https://git.kernel.org/stable/c/931656b9e2ff7029aee0b36e17780621948a6ac1 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21739 – scsi: ufs: core: Fix use-after free in init error and remove paths
https://notcve.org/view.php?id=CVE-2025-21739
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix use-after free in init error and remove paths devm_blk_crypto_profile_init() registers a cleanup handler to run when the associated (platform-) device is being released. For UFS, the crypto private data and pointers are stored as part of the ufs_hba's data structure 'struct ufs_hba::crypto_profile'. This structure is allocated as part of the underlying ufshcd and therefore Scsi_host allocation. During driver release or ... • https://git.kernel.org/stable/c/d76d9d7d1009968dd3a0fc30e5f5ee9fbffc1350 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21738 – ata: libata-sff: Ensure that we cannot write outside the allocated buffer
https://notcve.org/view.php?id=CVE-2025-21738
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len set to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to ATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to write outside the allocated buffer, overwriting random memory. While a ATA device is supposed to abort a ATA_NOP command, there does seem to be a bug... • https://git.kernel.org/stable/c/a8f8cf87059ed1905c2a5c72f8b39a4f57b11b4c •