CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21859 – USB: gadget: f_midi: f_midi_complete to call queue_work
https://notcve.org/view.php?id=CVE-2025-21859
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to f_midi_transmit, causing a deadlock. Fix it by using queue_work() to schedule the inner f_midi_transmit() via a high priority work queue from the completion handler. In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When us... • https://git.kernel.org/stable/c/d5daf49b58661ec4af7a55b277176efbf945ca05 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21858 – geneve: Fix use-after-free in geneve_find_dev().
https://notcve.org/view.php?id=CVE-2025-21858
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev(). syzkaller reported a use-after-free in geneve_find_dev() [0] without repro. geneve_configure() links struct geneve_dev.next to net_generic(net, geneve_net_id)->geneve_list. The net here could differ from dev_net(dev) if IFLA_NET_NS_PID, IFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set. When dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally calls unregister_netdevice_queue() for each d... • https://git.kernel.org/stable/c/2d07dc79fe04a43d82a346ced6bbf07bdb523f1b • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21855 – ibmvnic: Don't reference skb after sending to VIOS
https://notcve.org/view.php?id=CVE-2025-21855
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the tx_bytes stat was incremented by the length of the skb. It is invalid to access the skb memory after sending the buffer to the VIOS because, at any point after sending, the VIOS can trigger an interrupt to free this memory. A race between reading skb->len and freeing the skb is possible (especially during LPM) and will res... • https://git.kernel.org/stable/c/032c5e82847a2214c3196a90f0aeba0ce252de58 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21846 – acct: perform last write from workqueue
https://notcve.org/view.php?id=CVE-2025-21846
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current-... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21838 – usb: gadget: core: flush gadget workqueue after device removal
https://notcve.org/view.php?id=CVE-2025-21838
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: device_del() gadget_unbind_driver() usb_gadget_disconnect_locked() dwc3_gadget_pullup() dwc3_gadget_soft_disconnect() usb_gadget_set_state() schedule_work(&gadget->work) Move flush_work() after device_del() to ensure the ... • https://git.kernel.org/stable/c/5702f75375aa9ecf8ad3431aef3fe6ce8c8dbd15 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21835 – usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
https://notcve.org/view.php?id=CVE-2025-21835
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct information, bNumEmbMIDIJack and bLength are set incorrectly in these descriptors. This does not matter when the numbers of in and out ports are equal, but when they differ the host will receive broken descriptors with uninitialized stack memory leaking into the desc... • https://git.kernel.org/stable/c/c8933c3f79568263c90a46f06cf80419e6c63c97 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21833 – iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2025-21833
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pa... • https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21832 – block: don't revert iter for -EIOCBQUEUED
https://notcve.org/view.php?id=CVE-2025-21832
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdev_read_iter() has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero (where bigger than makes more sense), and not checking the return value of blkdev_direct_IO() before doing an iov_iter_revert(). The latter can lead to attempting to revert with a negative value, which when passed to iov_iter_revert() as an unsigned valu... • https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21831 – PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1
https://notcve.org/view.php?id=CVE-2025-21831
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 commit 9d26d3a8f1b0 ("PCI: Put PCIe ports into D3 during suspend") sets the policy that all PCIe ports are allowed to use D3. When the system is suspended if the port is not power manageable by the platform and won't be used for wakeup via a PME this sets up the policy for these ports to go into D3hot. This policy generally makes sense from an OSPM perspective but it leads to ... • https://git.kernel.org/stable/c/9d26d3a8f1b0c442339a235f9508bdad8af91043 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58085 – tomoyo: don't emit warning in tomoyo_write_control()
https://notcve.org/view.php?id=CVE-2024-58085
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line th... • https://git.kernel.org/stable/c/c67efabddc73171c7771d3ffe4ffa1e503ee533e •