CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22072 – spufs: fix gang directory lifetimes
https://notcve.org/view.php?id=CVE-2025-22072
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spufs: fix gang directory lifetimes prior to "[POWERPC] spufs: Fix gang destroy leaks" we used to have a problem with gang lifetimes - creation of a gang returns opened gang directory, which normally gets removed when that gets closed, but if somebody has created a context belonging to that gang and kept it alive until the gang got closed, removal failed and we ended up with a leak. Unfortunately, it had been fixed the wrong way. Dentry of ... • https://git.kernel.org/stable/c/877907d37da9694a34adc9dc3e2ce09400148cb5 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22071 – spufs: fix a leak in spufs_create_context()
https://notcve.org/view.php?id=CVE-2025-22071
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufs_create_context() Leak fixes back in 2008 missed one case - if we are trying to set affinity and spufs_mkdir() fails, we need to drop the reference to neighbor. In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufs_create_context() Leak fixes back in 2008 missed one case - if we are trying to set affinity and spufs_mkdir() fails, we need to drop the reference to neighbor. • https://git.kernel.org/stable/c/58119068cb27ef7513f80aff44b62a3a8f40ef5f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22070 – fs/9p: fix NULL pointer dereference on mkdir
https://notcve.org/view.php?id=CVE-2025-22070
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx parentdir then creating a subdirectory crashed 9p client, as v9fs_fid_add() call in function v9fs_vfs_mkdir_dotl() sets the passed 'fid' pointer to NULL (since dafbe689736) even though the subsequent v9fs_set_create_acl() call expects a vali... • https://git.kernel.org/stable/c/dafbe689736f62c696ac64809b17bdc752cfbe76 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22068 – ublk: make sure ubq->canceling is set when queue is frozen
https://notcve.org/view.php?id=CVE-2025-22068
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_uring_cmd_complete_in_task(). Once ubq->canceling is set, the uring_cmd can be done via ublk_cancel_cmd() and io_uring_cmd_done(). So set ubq->canceling when queue is frozen, this way makes sure that the flag can be observed from ublk_queue_rq() reliably, and avoids use-after... • https://git.kernel.org/stable/c/216c8f5ef0f209a3797292c487bdaa6991ab4b92 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22067 – spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
https://notcve.org/view.php?id=CVE-2025-22067
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() If requested_clk > 128, cdns_mrvl_xspi_setup_clock() iterates over the entire cdns_mrvl_xspi_clk_div_list array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, clamping the clock to the minimum 6.25 MHz. Fixes the following warning with an UBSAN kernel: vmlinux.o: warning: objtool:... • https://git.kernel.org/stable/c/26d34fdc49712ddbd42b11102f5d9d78a0f42097 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22066 – ASoC: imx-card: Add NULL check in imx_card_probe()
https://notcve.org/view.php?id=CVE-2025-22066
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Add NULL check in imx_card_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, imx_card_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Add NULL check in imx_card_probe() devm_kasprintf() returns NULL when memory allocati... • https://git.kernel.org/stable/c/aa736700f42fa0813e286ca2f9274ffaa25163b9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22065 – idpf: fix adapter NULL pointer dereference on reboot
https://notcve.org/view.php?id=CVE-2025-22065
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: idpf: fix adapter NULL pointer dereference on reboot With SRIOV enabled, idpf ends up calling into idpf_remove() twice. First via idpf_shutdown() and then again when idpf_remove() calls into sriov_disable(), because the VF devices use the idpf driver, hence the same remove routine. When that happens, it is possible for the adapter to be NULL from the first call to idpf_remove(), leading to a NULL pointer dereference. echo 1 > /sys/class/net... • https://git.kernel.org/stable/c/e850efed5e152e6bdd367d5b82019f21298c0653 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-22064 – netfilter: nf_tables: don't unregister hook when table is dormant
https://notcve.org/view.php?id=CVE-2025-22064
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't unregister hook when table is dormant When nf_tables_updchain encounters an error, hook registration needs to be rolled back. This should only be done if the hook has been registered, which won't happen when the table is flagged as dormant (inactive). Just move the assignment into the registration block. In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't unregister hoo... • https://git.kernel.org/stable/c/b9703ed44ffbfba85c103b9de01886a225e14b38 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-22063 – netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
https://notcve.org/view.php?id=CVE-2025-22063
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an IPv6 address, the function calipso_sock_setattr() is triggered. Inside this function, the following code is executed: sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL; Since sk is an IPv4 socket, pinet6 is NUL... • https://git.kernel.org/stable/c/ceba1832b1b2da0149c51de62a847c00bca1677a •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22062 – sctp: add mutual exclusion in proc_sctp_do_udp_port()
https://notcve.org/view.php?id=CVE-2025-22062
16 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)... • https://git.kernel.org/stable/c/046c052b475e7119b6a30e3483e2888fc606a2f8 •