CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22086 – RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
https://notcve.org/view.php?id=CVE-2025-22086
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in order to avoid fetching the QP from the radix tree again we check if the next cqe QP is identical to the one we already have. ... kthreads_online_cpu+0x130/0x130 ret_from_fork_asm+0x11/0x20 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in order to a... • https://git.kernel.org/stable/c/e126ba97dba9edeb6fafa3665b5f8497fc9cdf8c •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22085 – RDMA/core: Fix use-after-free when rename device name
https://notcve.org/view.php?id=CVE-2025-22085
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099 Read of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025 CPU: 0 UID: 0 PID: 10025 Comm: syz.0.988 Not tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0 Hardware name:... • https://git.kernel.org/stable/c/9cbed5aab5aeea420d0aa945733bf608449d44fb • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22084 – w1: fix NULL pointer dereference in probe
https://notcve.org/view.php?id=CVE-2025-22084
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: w1: fix NULL pointer dereference in probe The w1_uart_probe() function calls w1_uart_serdev_open() (which includes devm_serdev_device_open()) before setting the client ops via serdev_device_set_client_ops(). In the Linux kernel, the following vulnerability has been resolved: w1: fix NULL pointer dereference in probe The w1_uart_probe() function calls w1_uart_serdev_open() (which includes devm_serdev_device_open()) before setti... • https://git.kernel.org/stable/c/a3c08804364e80328a9ffdac59bb26676b938195 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22083 – vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
https://notcve.org/view.php?id=CVE-2025-22083
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without a vhost_scsi_clear_endpoint between them, we can hit multiple bugs found by Haoran Zhang: 1. In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without a vhost_s... • https://git.kernel.org/stable/c/4f7f46d32c9875004fae1d57ae3c02cc2e6cd6a3 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22082 – iio: backend: make sure to NULL terminate stack buffer
https://notcve.org/view.php?id=CVE-2025-22082
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: backend: make sure to NULL terminate stack buffer Make sure to NULL terminate the buffer in iio_backend_debugfs_write_reg() before passing it to sscanf(). ... In the Linux kernel, the following vulnerability has been resolved: iio: backend: make sure to NULL terminate stack buffer Make sure to NULL terminate the buffer in iio_backend_debugfs_write_reg() before passing it to sscanf(). • https://git.kernel.org/stable/c/cdf01e0809a4c6c7877ea52401c2a6679df7aed6 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22081 – fs/ntfs3: Fix a couple integer overflows on 32bit systems
https://notcve.org/view.php?id=CVE-2025-22081
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can have an integer wrapping issue. ... In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can have an integer wrapping issue. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22080 – fs/ntfs3: Prevent integer overflow in hdr_first_de()
https://notcve.org/view.php?id=CVE-2025-22080
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. ... In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. • https://git.kernel.org/stable/c/60ce8dfde03558bfc290cd915c60fa243ba2ae84 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22079 – ocfs2: validate l_tree_depth to avoid out-of-bounds access
https://notcve.org/view.php?id=CVE-2025-22079
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is limited to OCFS2_MAX_PATH_DEPTH. ... In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is limited to OCFS2_MAX_PATH_DEPTH. • https://git.kernel.org/stable/c/ccd979bdbce9fba8412beb3f1de68a9d0171b12c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22078 – staging: vchiq_arm: Fix possible NPR of keep-alive thread
https://notcve.org/view.php?id=CVE-2025-22078
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: vchiq_arm: Fix possible NPR of keep-alive thread In case vchiq_platform_conn_state_changed() is never called or fails before driver removal, ka_thread won't be a valid pointer to a task_struct. In the Linux kernel, the following vulnerability has been resolved: staging: vchiq_arm: Fix possible NPR of keep-alive thread In case vchiq_platform_conn_state_changed() is never called or fails before driver removal, ka_thread... • https://git.kernel.org/stable/c/863a756aaf49ed23d25bbb1dad999a85f09e1836 •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22077 – smb: client: Fix netns refcount imbalance causing leaks and use-after-free
https://notcve.org/view.php?id=CVE-2025-22077
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix netns refcount imbalance causing leaks and use-after-free Commit ef7134c7fc48 ("smb: client: Fix use-after-free of network namespace.") attempted to fix a netns use-after-free issue by manually adjusting reference counts via sk->sk_net_refcnt and sock_inuse_add(). ... To address both issues, this patch ties the netns reference counti ---truncated--- In the Linux kernel, the following vulnerability has been res... • https://git.kernel.org/stable/c/e8c71494181153a134c96da28766a57bd1eac8cb •