CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21798 – firewire: test: Fix potential null dereference in firewire kunit test
https://notcve.org/view.php?id=CVE-2025-21798
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: firewire: test: Fix potential null dereference in firewire kunit test kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add a NULL check for test_state. In the Linux kernel, the following vulnerability has been resolved: firewire: test: Fix potential null dereference in firewire kunit test kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NUL... • https://git.kernel.org/stable/c/1c8506d62624fbc57db75414a387f365da8422e9 •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-58042 – rhashtable: Fix potential deadlock by moving schedule_work outside lock
https://notcve.org/view.php?id=CVE-2024-58042
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rhashtable: Fix potential deadlock by moving schedule_work outside lock Move the hash table growth check and work scheduling outside the rht lock to prevent a possible circular locking dependency. The original implementation could trigger a lockdep warning due to a potential deadlock scenario involving nested locks between rhashtable bucket, rq lock, and dsq lock. By relocating the growth check and work scheduling after releasing the rth lo... • https://git.kernel.org/stable/c/f0e1a0643a59bf1f922fa209cec86a170b784f3f •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58034 – memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
https://notcve.org/view.php?id=CVE-2024-58034
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() As of_find_node_by_name() release the reference of the argument device node, tegra_emc_find_node_by_ram_code() releases some device nodes while still in use, resulting in possible UAFs. According to the bindings and the in-tree DTS files, the "emc-tables" node is always device's child node with the property "nvidia,use-ram-code", and the "lpddr2" node is ... • https://git.kernel.org/stable/c/96e5da7c842424bcf64afe1082b960b42b96190b • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58022 – mailbox: th1520: Fix a NULL vs IS_ERR() bug
https://notcve.org/view.php?id=CVE-2024-58022
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fix a NULL vs IS_ERR() bug The devm_ioremap() function doesn't return error pointers, it returns NULL. Update the error checking to match. In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fix a NULL vs IS_ERR() bug The devm_ioremap() function doesn't return error pointers, it returns NULL. Update the error checking to match. • https://git.kernel.org/stable/c/5d4d263e1c6b6b18acb4d67fd3b9af71b7404924 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21797 – HID: corsair-void: Add missing delayed work cancel for headset status
https://notcve.org/view.php?id=CVE-2025-21797
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Add missing delayed work cancel for headset status The cancel_delayed_work_sync() call was missed, causing a use-after-free in corsair_void_remove(). In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Add missing delayed work cancel for headset status The cancel_delayed_work_sync() call was missed, causing a use-after-free in corsair_void_remove(). • https://git.kernel.org/stable/c/6ea2a6fd3872e60a4d500b548ad65ed94e459ddd • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21796 – nfsd: clear acl_access/acl_default after releasing them
https://notcve.org/view.php?id=CVE-2025-21796
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously. However, acl_access will still retain a pointer pointing to the released posix_acl, which will trigger a WARNING in nfs3svc_release_getacl like this: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 26 PID: 3199 at lib/refcount.c:28 refcount_warn_saturate+0... • https://git.kernel.org/stable/c/a257cdd0e2179630d3201c32ba14d7fcb3c3a055 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21795 – NFSD: fix hang in nfsd4_shutdown_callback
https://notcve.org/view.php?id=CVE-2025-21795
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: fix hang in nfsd4_shutdown_callback If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped. This patch modifies nfsd4_run_cb_work to skip the RPC call if nfs4_client is in courtesy state. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/66af25799940b26efd41ea6e648f75c41a48a2c2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21794 – HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()
https://notcve.org/view.php?id=CVE-2025-21794
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Syzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from hid-thrustmaster driver. This array is passed to usb_check_int_endpoints function from usb.c core driver, which executes a for loop that iterates over the elements of the passed array. Not finding a null element at the end of the array, it tries to read the next, non-existent element, c... • https://git.kernel.org/stable/c/ae730deded66150204c494282969bfa98dc3ae67 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21793 – spi: sn-f-ospi: Fix division by zero
https://notcve.org/view.php?id=CVE-2025-21793
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: sn-f-ospi: Fix division by zero When there is no dummy cycle in the spi-nor commands, both dummy bus cycle bytes and width are zero. Because of the cpu's warning when divided by zero, the warning should be avoided. Return just zero to avoid such calculations. In the Linux kernel, the following vulnerability has been resolved: spi: sn-f-ospi: Fix division by zero When there is no dummy cycle in the spi-nor commands, both dummy bus cycle... • https://git.kernel.org/stable/c/1b74dd64c8612619e399e5a31da79a3636914495 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2025-21792 – ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
https://notcve.org/view.php?id=CVE-2025-21792
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SO_BINDTODEVICE socket option, a refcount leak will occur in ax25_release(). Commit 9fd75b66b8f6 ("ax25: Fix refcount leaks caused by ax25_cb_del()") added decrement of device refcounts in ax25_release(). In order for that to work correctly the refcounts must already be incremented when the device is bound to the socket. A... • https://git.kernel.org/stable/c/9fd75b66b8f68498454d685dc4ba13192ae069b0 •