CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57834 – media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
https://notcve.org/view.php?id=CVE-2024-57834
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread syzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1] If dvb->mux is not initialized successfully by vidtv_mux_init() in the vidtv_start_streaming(), it will trigger null pointer dereference about mux in vidtv_mux_stop_thread(). Adjust the timing of streaming initialization and check it before stopping it. [1] KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000... • https://git.kernel.org/stable/c/86307e443c5844f38e1b98e2c51a4195c55576cd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54458 – scsi: ufs: bsg: Set bsg_queue to NULL after removal
https://notcve.org/view.php?id=CVE-2024-54458
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after re... • https://git.kernel.org/stable/c/5e7b6e44468c3242c21c2a8656d009fb3eb50a73 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54456 – NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
https://notcve.org/view.php?id=CVE-2024-54456
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of ... • https://git.kernel.org/stable/c/19b3ca651b4b473878c73539febe477905041442 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52560 – fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()
https://notcve.org/view.php?id=CVE-2024-52560
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the `mi_enum_attr()` function interface with an additional parameter, `struct ntfs_inode *ni`, to allow marking the inode as bad as soon as an error is detected. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the `mi_enum_attr()` function interface with an addi... • https://git.kernel.org/stable/c/d9c699f2c4dc174940ffe8600b20c267897da155 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52559 – drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2024-52559
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32 values that come from the user via the submit_lookup_cmds() function. This addition could lead to an integer wrapping bug so use size_add() to prevent that. Patchwork: https://patchwork.freedesktop.org/patch/624696/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent int... • https://git.kernel.org/stable/c/198725337ef1f73b73e7dc953c6ffb0799f26ffe •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49570 – drm/xe/tracing: Fix a potential TP_printk UAF
https://notcve.org/view.php?id=CVE-2024-49570
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TP_printk UAF The commit afd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format") exposes potential UAFs in the xe_bo_move trace event. Fix those by avoiding dereferencing the xe_mem_type_to_name[] array at TP_printk time. Since some code refactoring has taken place, explicit backporting may be needed for kernels older than 6.10. In the Linux kernel, the following vulnerabil... • https://git.kernel.org/stable/c/e46d3f813abd2383881c66d21ba04cee9fbdf3a9 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21754 – btrfs: fix assertion failure when splitting ordered extent after transaction abort
https://notcve.org/view.php?id=CVE-2025-21754
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done at btrfs_destroy_ordered_extents()), and then after that if we enter btrfs_split_ordered_extent() and the ordered extent has bytes left (meaning we have a bio that doesn't cover the whole ordered extent, see details... • https://git.kernel.org/stable/c/52b1fdca23ac0fbcad363a1a5b426bf0d56b715a •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21753 – btrfs: fix use-after-free when attempting to join an aborted transaction
https://notcve.org/view.php?id=CVE-2025-21753
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fs_info->trans_lock and without holding any extra reference count on it. This means that a concurrent task that is aborting the transaction may free the transaction before we read its 'aborted' field, leading to a use-after-free. Fix this by reading the '... • https://git.kernel.org/stable/c/871383be592ba7e819d27556591e315a0df38cee • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21752 – btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents
https://notcve.org/view.php?id=CVE-2025-21752
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Don't use btrfs_set_item_key_safe() to modify the keys in the RAID stripe-tree, as this can lead to corruption of the tree, which is caught by the checks in btrfs_set_item_key_safe(): BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12 BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030 [ snip ] item 105 key (354549760 230 2048... • https://git.kernel.org/stable/c/1c25eff52ee5a02a2c4be659a44ae972d9989742 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21751 – net/mlx5: HWS, change error flow on matcher disconnect
https://notcve.org/view.php?id=CVE-2025-21751
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware failure occurs during matcher disconnect flow, the error flow of the function reconnects the matcher back and returns an error, which continues running the calling function and eventually frees the matcher that is being disconnected. This leads to a case where we have a freed matcher on the matchers list, which in turn leads to use-after-free and eventual crash.... • https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624 • CWE-416: Use After Free •