CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21760 – ndisc: extend RCU protection in ndisc_send_skb()
https://notcve.org/view.php?id=CVE-2025-21760
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF. In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and a... • https://git.kernel.org/stable/c/1762f7e88eb34f653b4a915be99a102e347dd45e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21759 – ipv6: mcast: extend RCU protection in igmp6_send()
https://notcve.org/view.php?id=CVE-2025-21759
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection. In the Linux kernel, the following v... • https://git.kernel.org/stable/c/b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21758 – ipv6: mcast: add RCU protection to mld_newpack()
https://notcve.org/view.php?id=CVE-2025-21758
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection. In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack()... • https://git.kernel.org/stable/c/b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21757 – net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
https://notcve.org/view.php?id=CVE-2025-21757
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels dst_cache_get() gives us a reference, we need to release it. Discovered by the ioam6.sh test, kmemleak was recently fixed to catch per-cpu memory leaks. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels dst_cache_get() gives us a reference, we need to release it. Discovered by the ioam6.sh test, kmemlea... • https://git.kernel.org/stable/c/985ec6f5e6235242191370628acb73d7a9f0c0ea •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21756 – vsock: Keep the binding until socket destruction
https://notcve.org/view.php?id=CVE-2025-21756
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket unbinding during a transport reassignment, which fixes a use-after-free: 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2) 2. transport->release() calls vsock_remove_bound() without checking if sk was bound and moved t... • https://git.kernel.org/stable/c/c0cfa2d8a788fcf45df5bf4070ab2474c88d543a • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-58020 – HID: multitouch: Add NULL check in mt_input_configured
https://notcve.org/view.php?id=CVE-2024-58020
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but this returned value in mt_input_configured() is not checked. Add NULL check in mt_input_configured(), to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but... • https://git.kernel.org/stable/c/2763732ec1e68910719c75b6b896e11b6d3d622b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57852 – firmware: qcom: scm: smc: Handle missing SCM device
https://notcve.org/view.php?id=CVE-2024-57852
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it explicit that qcom_scm_get_tzmem_pool() can return NULL, therefore its users should handle this. In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it expli... • https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b83bd78cde1da8bc •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57834 – media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
https://notcve.org/view.php?id=CVE-2024-57834
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread syzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1] If dvb->mux is not initialized successfully by vidtv_mux_init() in the vidtv_start_streaming(), it will trigger null pointer dereference about mux in vidtv_mux_stop_thread(). Adjust the timing of streaming initialization and check it before stopping it. [1] KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000... • https://git.kernel.org/stable/c/f90cf6079bf67988f8b1ad1ade70fc89d0080905 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54458 – scsi: ufs: bsg: Set bsg_queue to NULL after removal
https://notcve.org/view.php?id=CVE-2024-54458
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after re... • https://git.kernel.org/stable/c/df032bf27a414acf61c957ec2fad22a57d903b39 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54456 – NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
https://notcve.org/view.php?id=CVE-2024-54456
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of ... • https://git.kernel.org/stable/c/19b3ca651b4b473878c73539febe477905041442 •