CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21633 – io_uring/sqpoll: zero sqd->thread on tctx errors
https://notcve.org/view.php?id=CVE-2025-21633
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: zero sqd->thread on tctx errors Syzkeller reports: BUG: KASAN: slab-use-after-free in thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341 Read of size 8 at addr ffff88803578c510 by task syz.2.3223/27552 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21632 – x86/fpu: Ensure shadow stack is active before "getting" registers
https://notcve.org/view.php?id=CVE-2025-21632
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure shadow stack is active before "getting" registers The x86 shadow stack support has its own set of registers. Those registers are XSAVE-managed, but they are "supervisor state components" which means that userspace can not touch them with XSAVE/XRSTOR. It also means that they are not accessible from the existing ptrace ABI for XSAVE state. Thus, there is a new ptrace get/set interface for it. The regset code that ptrace uses ... • https://git.kernel.org/stable/c/2fab02b25ae7cf5f714ab456b03d9a3fe5ae98c9 •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21631 – block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
https://notcve.org/view.php?id=CVE-2025-21631
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task fsstress/232726 CPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57857 – RDMA/siw: Remove direct link to net_device
https://notcve.org/view.php?id=CVE-2024-57857
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Rely on associated ib_devices net_device management, not doubling the effort locally. A badly managed local link to net_device was causing a 'KASAN: slab-use-after-free' exception during siw_query_port() call. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/siw: eliminar el enlace directo a net_device No administrar un en... • https://git.kernel.org/stable/c/bdcf26bf9b3acb03c8f90387cfc6474fc8ac5521 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57841 – net: fix memory leak in tcp_conn_request()
https://notcve.org/view.php?id=CVE-2024-57841
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in tcp_conn_request() If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will return without free the dst memory, which allocated in af_ops->route_req. Here is the kmemleak stack: unreferenced object 0xffff8881198631c0 (size 240): comm "softirq", pid 0, jiffies 4299266571 (age 1802.392s) hex dump (first 32 bytes): 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................ 81 55 18 bb ff ff ff ff 0... • https://git.kernel.org/stable/c/527bec1f56ac7a2fceb8eb77eb0fc2678ecba394 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57802 – netrom: check buffer length before accessing it
https://notcve.org/view.php?id=CVE-2024-57802
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57801 – net/mlx5e: Skip restore TC rules for vport rep without loaded flag
https://notcve.org/view.php?id=CVE-2024-57801
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed while trying to get rpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: Omitir ... • https://git.kernel.org/stable/c/d1569537a837d66620aa7ffc2bddf918e902f227 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57795 – RDMA/rxe: Remove the direct link to net_device
https://notcve.org/view.php?id=CVE-2024-57795
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.1... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54031 – netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
https://notcve.org/view.php?id=CVE-2024-54031
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c [ 72.131036] Mem abort info: [ 72.131213] ESR = 0x0000000096000021 [ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits [ 72.132209] SET = 0, FnV = 0 [ 72.133216] EA = 0, S1PTW = 0 [ 72.134080] FSC = 0x21... • https://git.kernel.org/stable/c/98d62cf0e26305dd6a1932a4054004290f4194bb •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53681 – nvmet: Don't overflow subsysnqn
https://notcve.org/view.php?id=CVE-2024-53681
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. Create a new string with kstrndup instead of using the old buffer. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet: No desborde subsysnqn nvmet_root_discovery_nqn_store trata la cadena subsysnqn como un búfer de tamaño fijo, aunque se ... • https://git.kernel.org/stable/c/95409e277d8343810adf8700d29d4329828d452b •