CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21839 – KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
https://notcve.org/view.php?id=CVE-2025-21839
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn't debugging the guest, KVM disables DR interception and loads the guest's values into hardware on VM-Enter and saves them on VM-Exit. This allo... • https://git.kernel.org/stable/c/d67668e9dd76d98136048935723947156737932b •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21838 – usb: gadget: core: flush gadget workqueue after device removal
https://notcve.org/view.php?id=CVE-2025-21838
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: device_del() gadget_unbind_driver() usb_gadget_disconnect_locked() dwc3_gadget_pullup() dwc3_gadget_soft_disconnect() usb_gadget_set_state() schedule_work(&gadget->work) Move flush_work() after device_del() to ensure the ... • https://git.kernel.org/stable/c/5702f75375aa9ecf8ad3431aef3fe6ce8c8dbd15 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21836 – io_uring/kbuf: reallocate buf lists on upgrade
https://notcve.org/view.php?id=CVE-2025-21836
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse... • https://git.kernel.org/stable/c/2fcabce2d7d34f69a888146dab15b36a917f09d4 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21835 – usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
https://notcve.org/view.php?id=CVE-2025-21835
07 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct information, bNumEmbMIDIJack and bLength are set incorrectly in these descriptors. This does not matter when the numbers of in and out ports are equal, but when they differ the host will receive broken descriptors with uninitialized stack memory leaking into the desc... • https://git.kernel.org/stable/c/c8933c3f79568263c90a46f06cf80419e6c63c97 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58086 – drm/v3d: Stop active perfmon if it is being destroyed
https://notcve.org/view.php?id=CVE-2024-58086
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop active perfmon if it is being destroyed If the active performance monitor (`v3d->active_perfmon`) is being destroyed, stop it first. Currently, the active perfmon is not stopped during destruction, leaving the `v3d->active_perfmon` pointer stale. This can lead to undefined behavior and instability. This patch ensures that the active perfmon is stopped before being destroyed, aligning with the behavior introduced in commit 7d1f... • https://git.kernel.org/stable/c/26a4dc29b74a137f45665089f6d3d633fcc9b662 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21833 – iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2025-21833
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pa... • https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21832 – block: don't revert iter for -EIOCBQUEUED
https://notcve.org/view.php?id=CVE-2025-21832
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdev_read_iter() has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero (where bigger than makes more sense), and not checking the return value of blkdev_direct_IO() before doing an iov_iter_revert(). The latter can lead to attempting to revert with a negative value, which when passed to iov_iter_revert() as an unsigned valu... • https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21831 – PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1
https://notcve.org/view.php?id=CVE-2025-21831
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 commit 9d26d3a8f1b0 ("PCI: Put PCIe ports into D3 during suspend") sets the policy that all PCIe ports are allowed to use D3. When the system is suspended if the port is not power manageable by the platform and won't be used for wakeup via a PME this sets up the policy for these ports to go into D3hot. This policy generally makes sense from an OSPM perspective but it leads to ... • https://git.kernel.org/stable/c/9d26d3a8f1b0c442339a235f9508bdad8af91043 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58085 – tomoyo: don't emit warning in tomoyo_write_control()
https://notcve.org/view.php?id=CVE-2024-58085
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line th... • https://git.kernel.org/stable/c/a01c200fa7eb59da4d2dbbb48b61f4a0d196c09f •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58083 – KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
https://notcve.org/view.php?id=CVE-2024-58083
06 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamping the index in kvm_get_vcpu(). If the index is "bad", the nospec clamping will generate '0', i.e. KVM will return vCPU0 instead of NULL. In practice, the bug is unlikely to cause problems, as it will only come into play if userspace or the guest is buggy or misbehaving, e.g. KVM may send interrupts to vCPU0 inst... • https://git.kernel.org/stable/c/1d487e9bf8ba66a7174c56a0029c54b1eca8f99c •