CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21711 – net/rose: prevent integer overflows in rose_setsockopt()
https://notcve.org/view.php?id=CVE-2025-21711
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsockopt() and multiplied by extra values on top of that, integer overflows may occur. Do the safest minimum and fix these issues by checking the contents of 'opt' and returning -EINVAL if they are too large. Also, switch to unsigned int and remove useless check for negative 'opt' in ROSE_IDLE case. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21708 – net: usb: rtl8150: enable basic endpoint checking
https://notcve.org/view.php?id=CVE-2025-21708
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: enable basic endpoint checking Syzkaller reports [1] encountering a common issue of utilizing a wrong usb endpoint type during URB submitting stage. This, in turn, triggers a warning shown below. For now, enable simple endpoint checking (specifically, bulk and interrupt eps, testing control one is not essential) to mitigate the issue with a view to do other related cosmetic changes later, if they are necessary. [1] Syzkal... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21707 – mptcp: consolidate suboption status
https://notcve.org/view.php?id=CVE-2025-21707
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsing is not enough to ensure a consistent status, and the MPTCP code has to additionally clear some bitfiled depending on the actually parsed suboption. The above schema is fragile, and syzbot managed to trigger a pat... • https://git.kernel.org/stable/c/84dfe3677a6f45b3d0dfdd564e55717a1a5e60cc •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21706 – mptcp: pm: only set fullmesh for subflow endp
https://notcve.org/view.php?id=CVE-2025-21706
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcp_pm_nl_fullmesh() expects to change it only on 'subflow' endpoints, to recreate more or less subflows using the linked address. Unfortunately, the set_flags() hook was a bit more permissive, and allowed 'implicit' endpoints to get the 'fullmesh' flag while it is not allowed before. That's what syzbot ... • https://git.kernel.org/stable/c/73c762c1f07dacba4fd1cefd15e24b419d42320d •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21705 – mptcp: handle fastopen disconnect correctly
https://notcve.org/view.php?id=CVE-2025-21705
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: handle fastopen disconnect correctly Syzbot was able to trigger a data stream corruption: WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024 Modules linked in: CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:__mptcp_clean_una+0xdd... • https://git.kernel.org/stable/c/b7bb71dfb541df376c21c24451369fea83c4f327 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57999 – powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
https://notcve.org/view.php?id=CVE-2024-57999
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Power Hypervisor can possibily allocate MMIO window intersecting with Dynamic DMA Window (DDW) range, which is over 32-bit addressing. These MMIO pages needs to be marked as reserved so that IOMMU doesn't map DMA buffers in this range. The current code is not marking these pages correctly which is resulting in LPAR to OOPS while booting. The stack is at below BUG: Unable to ha... • https://git.kernel.org/stable/c/3c33066a21903076722a2881556a92aa3cd7d359 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57997 – wifi: wcn36xx: fix channel survey memory allocation size
https://notcve.org/view.php?id=CVE-2024-57997
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wcn36xx: fix channel survey memory allocation size KASAN reported a memory allocation issue in wcn->chan_survey due to incorrect size calculation. This commit uses kcalloc to allocate memory for wcn->chan_survey, ensuring proper initialization and preventing the use of uninitialized values when there are no frames on the channel. • https://git.kernel.org/stable/c/29696e0aa413b9d56558731aae3806d7cff48d36 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57996 – net_sched: sch_sfq: don't allow 1 packet limit
https://notcve.org/view.php?id=CVE-2024-57996
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixes the following syzkaller reported crash: UBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6 index 65535 is out of range for type 'struct sfq_head[128]' CPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1 Ha... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57993 – HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
https://notcve.org/view.php?id=CVE-2024-57993
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check syzbot has found a type mismatch between a USB pipe and the transfer endpoint, which is triggered by the hid-thrustmaster driver[1]. There is a number of similar, already fixed issues [2]. In this case as in others, implementing check for endpoint type fixes the issue. [1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470 [2] https://syzkaller.appsp... • https://git.kernel.org/stable/c/c49c33637802a2c6957a78119eb8be3b055dd9e9 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57986 – HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
https://notcve.org/view.php?id=CVE-2024-57986
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections A report in 2019 by the syzbot fuzzer was found to be connected to two errors in the HID core associated with Resolution Multipliers. One of the errors was fixed by commit ea427a222d8b ("HID: core: Fix deadloop in hid_apply_multiplier."), but the other has not been fixed. This error arises because hid_apply_multipler() assumes that every Resolution Multipli... • https://git.kernel.org/stable/c/5a4abb36f312cf83206b1b7d1308ba47cba0b3cc •