CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21701 – net: avoid race between device unregistration and ethnl ops
https://notcve.org/view.php?id=CVE-2025-21701
13 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120 CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771 RIP: 0010:__mutex_lock+0xc8a/0x1120 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21700 – net: sched: Disallow replacing of child qdisc from one parent to another
https://notcve.org/view.php?id=CVE-2025-21700
13 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc tc qdisc add dev lo root handle 1:0 drr step2. a class for packet aggregation do demonstrate uaf tc class add dev lo classid 1:1 drr step3. a class for nesting tc class add dev lo classid 1:2 drr step4. a class to graft qdisc to tc cl... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21699 – gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
https://notcve.org/view.php?id=CVE-2025-21699
12 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buffer heads or iomap_folio_state structs, and we cannot mix the two. In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space wh... • https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21697 – drm/v3d: Ensure job pointer is set to NULL after job completion
https://notcve.org/view.php?id=CVE-2025-21697
12 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device must be set to NULL. Failing to do so triggers a warning when unloading the driver, as it appears the job is still active. To prevent this, assign the job pointer to NULL after completing the job, indicating the job has finished. In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job... • https://git.kernel.org/stable/c/14d1d190869685d3a1e8a3f63924e20594557cb2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21696 – mm: clear uffd-wp PTE/PMD state on mremap()
https://notcve.org/view.php?id=CVE-2025-21696
12 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd as write-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in flag clearing leads to a mismatch between the vma flags (which have uffd-wp cleared) and the pte/pmd flags (which do not have uffd-wp cleared). This mismatch causes a subsequent mprotect(PROT_WRITE) to trigger a warning in page_table_check_pte_flags()... • https://git.kernel.org/stable/c/63b2d4174c4ad1f40b48d7138e71bcb564c1fe03 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21694 – fs/proc: fix softlockup in __read_vmcore (part 2)
https://notcve.org/view.php?id=CVE-2025-21694
12 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") the number of softlockups in __read_vmcore at kdump time have gone down, but they still happen sometimes. In a memory constrained environment like the kdump image, a softlockup is not just a harmless message, but it can interfere with things like RCU freeing memory, causing the crashdump to get stuck. The second loop in _... • https://git.kernel.org/stable/c/803d5a33d5ffdc2d86dcc0cfa01655a330612cdb •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-57951 – hrtimers: Handle CPU state correctly on hotplug
https://notcve.org/view.php?id=CVE-2024-57951
12 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to CPUHP_ONLINE: Since hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set to 1 throughout. However, during a CPU unplug operation, the tick and the clockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online state, for i... • https://git.kernel.org/stable/c/54d0d83a53508d687fd4a225f8aa1f18559562d0 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21693 – mm: zswap: properly synchronize freeing resources during CPU hotunplug
https://notcve.org/view.php?id=CVE-2025-21693
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginning of the operation is retrieved and used throughout. However, since neither preemption nor migration are disabled, it is possible that the operation continues on a different CPU. If the original CPU is hotunplugged while the acomp_ctx is still in use, we run into a UAF bug... • https://git.kernel.org/stable/c/1ec3b5fe6eec782f4e5e0a80e4ce1909ffd5d161 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21692 – net: sched: fix ets qdisc OOB Indexing
https://notcve.org/view.php?id=CVE-2025-21692
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21690 – scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
https://notcve.org/view.php?id=CVE-2025-21690
10 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooting from the VM side. Ratelimit the warning so it doesn't DoS the VM. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there... • https://git.kernel.org/stable/c/81d4dd05c412ba04f9f6b85b718e6da833be290c •