CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58009 – Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
https://notcve.org/view.php?id=CVE-2024-58009
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc A NULL sock pointer is passed into l2cap_sock_alloc() when it is called from l2cap_sock_new_connection_cb() and the error handling paths should also be aware of it. Seemingly a more elegant solution would be to swap bt_sock_alloc() and l2cap_chan_create() calls since they are not interdependent to that moment but then l2cap_chan_create() adds the soon to be deallocated and still... • https://git.kernel.org/stable/c/bb2f2342a6ddf7c04f9aefbbfe86104cd138e629 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58007 – soc: qcom: socinfo: Avoid out of bounds read of serial number
https://notcve.org/view.php?id=CVE-2024-58007
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. It's always: db410c:/sys/devices/soc0$ cat serial_number 2644893864 The firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not have support for the serial_num field in the socinfo struct. There is an existing check to avoid exposing the serial number i... • https://git.kernel.org/stable/c/efb448d0a3fca01bb987dd70963da6185b81751e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-58006 – PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
https://notcve.org/view.php?id=CVE-2024-58006
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") set_bar() was modified to support dynamically changing the backing physical address of a BAR that was already configured. This means that set_bar() can be called twice, without ever calling clear_bar() (as calling clear_bar() would clear the BAR's PCI address assigned by the hos... • https://git.kernel.org/stable/c/4284c88fff0efc4e418abb53d78e02dc4f099d6c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58005 – tpm: Change to kvalloc() in eventlog/acpi.c
https://notcve.org/view.php?id=CVE-2024-58005
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155... • https://git.kernel.org/stable/c/55a82ab3181be039c6440d3f2f69260ad6fe2988 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58003 – media: i2c: ds90ub9x3: Fix extra fwnode_handle_put()
https://notcve.org/view.php?id=CVE-2024-58003
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() The ub913 and ub953 drivers call fwnode_handle_put(priv->sd.fwnode) as part of their remove process, and if the driver is removed multiple times, eventually leads to put "overflow", possibly causing memory corruption or crash. The fwnode_handle_put() is a leftover from commit 905f88ccebb1 ("media: i2c: ds90ub9x3: Fix sub-device matching"), which changed the code related to the sd.fwnode, ... • https://git.kernel.org/stable/c/905f88ccebb14e42bcd19455b0d9c0d4808f1897 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58002 – media: uvcvideo: Remove dangling pointers
https://notcve.org/view.php?id=CVE-2024-58002
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be anytime in the future. If the user closes that file descriptor, its structure will be freed, and there will be one dangling pointer per pending async control, that the driver will try to use. Clean all the dangling pointers during releas... • https://git.kernel.org/stable/c/e5225c820c057537dc780244760e2e24c7d27366 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58001 – ocfs2: handle a symlink read error correctly
https://notcve.org/view.php?id=CVE-2024-58001
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;-) So I've redone it as individual patches, and credited Mark for the patches where his code is substantially the same. It's not a bad way to do it; his patch had some bugs and my patches had some bugs. Hopefully all our bugs were different from each other. And h... • https://git.kernel.org/stable/c/6e143eb4ab83c24e7ad3e3d8e7daa241d9c38377 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21731 – nbd: don't allow reconnect after disconnect
https://notcve.org/view.php?id=CVE-2025-21731
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: don't allow reconnect after disconnect Following process can cause nbd_config UAF: 1) grab nbd_config temporarily; 2) nbd_genl_disconnect() flush all recv_work() and release the initial reference: nbd_genl_disconnect nbd_disconnect_and_put nbd_disconnect flush_workqueue(nbd->recv_workq) if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...)) nbd_config_put -> due to step 1), reference is still not zero 3) nbd_genl_reconfigure() queue recv_... • https://git.kernel.org/stable/c/b7aa3d39385dc2d95899f9e379623fef446a2acd •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21729 – wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
https://notcve.org/view.php?id=CVE-2025-21729
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally, so cancel_hw_scan can pass the condition, but suddenly hw_scan completion unset the flag and calls ieee80211_scan_completed() that will free local->hw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and use-after-free. Fix it by moving the check condition to where protected by mutex. KASAN: null-ptr-deref i... • https://git.kernel.org/stable/c/895907779752606f6a4795abfc008509f8e38314 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21728 – bpf: Send signals asynchronously if !preemptible
https://notcve.org/view.php?id=CVE-2025-21728
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep. Change `irqs_disabled()` to `!preemptible()`. • https://git.kernel.org/stable/c/1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 •