CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21763 – neighbour: use RCU protection in __neigh_notify()
https://notcve.org/view.php?id=CVE-2025-21763
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF. • https://git.kernel.org/stable/c/426b5303eb435d98b9bee37a807be386bc2b3320 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21762 – arp: use RCU protection in arp_xmit()
https://notcve.org/view.php?id=CVE-2025-21762
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF. • https://git.kernel.org/stable/c/29a26a56803855a79dbd028cd61abee56237d6e5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21761 – openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
https://notcve.org/view.php?id=CVE-2025-21761
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ovs_vport_cmd_fill_info() can be called without RTNL or RCU. Use RCU protection and dev_net_rcu() to avoid potential UAF. • https://git.kernel.org/stable/c/9354d452034273a50a4fd703bea31e5d6b1fc20b • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21760 – ndisc: extend RCU protection in ndisc_send_skb()
https://notcve.org/view.php?id=CVE-2025-21760
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF. In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and a... • https://git.kernel.org/stable/c/1762f7e88eb34f653b4a915be99a102e347dd45e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21759 – ipv6: mcast: extend RCU protection in igmp6_send()
https://notcve.org/view.php?id=CVE-2025-21759
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection. In the Linux kernel, the following v... • https://git.kernel.org/stable/c/b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21758 – ipv6: mcast: add RCU protection to mld_newpack()
https://notcve.org/view.php?id=CVE-2025-21758
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection. In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack()... • https://git.kernel.org/stable/c/b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21756 – vsock: Keep the binding until socket destruction
https://notcve.org/view.php?id=CVE-2025-21756
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket unbinding during a transport reassignment, which fixes a use-after-free: 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2) 2. transport->release() calls vsock_remove_bound() without checking if sk was bound and moved t... • https://git.kernel.org/stable/c/c0cfa2d8a788fcf45df5bf4070ab2474c88d543a • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-58021 – HID: winwing: Add NULL check in winwing_init_led()
https://notcve.org/view.php?id=CVE-2024-58021
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: winwing: Add NULL check in winwing_init_led() devm_kasprintf() can return a NULL pointer on failure,but this returned value in winwing_init_led() is not checked. Add NULL check in winwing_init_led(), to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: HID: winwing: Add NULL check in winwing_init_led() devm_kasprintf() can return a NULL pointer on failure,but this returned... • https://git.kernel.org/stable/c/266c990debad2f9589c7a412e897a8e312b09766 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-58020 – HID: multitouch: Add NULL check in mt_input_configured
https://notcve.org/view.php?id=CVE-2024-58020
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but this returned value in mt_input_configured() is not checked. Add NULL check in mt_input_configured(), to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but... • https://git.kernel.org/stable/c/2763732ec1e68910719c75b6b896e11b6d3d622b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57852 – firmware: qcom: scm: smc: Handle missing SCM device
https://notcve.org/view.php?id=CVE-2024-57852
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it explicit that qcom_scm_get_tzmem_pool() can return NULL, therefore its users should handle this. In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it expli... • https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b83bd78cde1da8bc •