CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21994 – ksmbd: fix incorrect validation for num_aces field of smb_acl
https://notcve.org/view.php?id=CVE-2025-21994
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) It is an incorrect validation that we can create an array of size ULONG_MAX. smb_acl has ->size field to calculate actual number of aces in request buffer size. Use this to check invalid num_aces. • https://git.kernel.org/stable/c/9c4e202abff45f8eac17989e549fc7a75095f675 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21993 – iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
https://notcve.org/view.php?id=CVE-2025-21993
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this causes the shift exponent to become negative, triggering a UBSAN warning. As the concept of a subnet mask does not apply to IPv6, the value is set to ~0 to suppress the warning message. • https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-21992 – HID: ignore non-functional sensor in HP 5MP Camera
https://notcve.org/view.php?id=CVE-2025-21992
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:... • https://git.kernel.org/stable/c/9acdb0059fb6b82158e15adae91e629cb5974564 •
CVSS: -EPSS: %CPEs: 11EXPL: 0CVE-2025-21991 – x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
https://notcve.org/view.php?id=CVE-2025-21991
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't ha... • https://git.kernel.org/stable/c/d576547f489c935b9897d4acf8beee3325dea8a5 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-21990 – drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags
https://notcve.org/view.php?id=CVE-2025-21990
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will be NULL. Check for that before dereferencing. (cherry picked from commit 3e3fcd29b505cebed659311337ea03b7698767fc) • https://git.kernel.org/stable/c/0cce5f285d9ae81c33993f3270fe77f5e74a69ab •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-21989 – drm/amd/display: fix missing .is_two_pixels_per_container
https://notcve.org/view.php?id=CVE-2025-21989
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .is_two_pixels_per_container function in dce60_tg_funcs, causes a NULL pointer dereference on PCs with old GPUs, such as R9 280X. So this fix adds missing .is_two_pixels_per_container to dce60_tg_funcs. (cherry picked from commit bd4b125eb949785c6f8a53b0494e32795421209d) • https://git.kernel.org/stable/c/e6a901a00822659181c93c86d8bbc2a17779fddc •
CVSS: -EPSS: %CPEs: 1EXPL: 0CVE-2025-21988 – fs/netfs/read_collect: add to next->prev_donated
https://notcve.org/view.php?id=CVE-2025-21988
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/netfs/read_collect: add to next->prev_donated If multiple subrequests donate data to the same "next" request (depending on the subrequest completion order), each of them would overwrite the `prev_donated` field, causing data corruption and a BUG() crash ("Can't donate prior to front"). • https://git.kernel.org/stable/c/ee4cdf7ba857a894ad1650d6ab77669cbbfa329e •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-21987 – drm/amdgpu: init return value in amdgpu_ttm_clear_buffer
https://notcve.org/view.php?id=CVE-2025-21987
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared returns true for all regions. Possibly closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812 (cherry picked from commit 7c62aacc3b452f73a1284198c81551035fac6d71) • https://git.kernel.org/stable/c/a68c7eaa7a8ffdec9287ba1561a668d674c20a13 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21986 – net: switchdev: Convert blocking notification chain to a raw one
https://notcve.org/view.php?id=CVE-2025-21986
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Convert blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding / removing notifiers to / from the chain and acquired for reading when traversing the chain and informing notifiers about an event. In case of the blocking switchdev notification chain, recursive notifications are possible which lea... • https://git.kernel.org/stable/c/91ac2c79e896b28a4a3a262384689ee6dfeaf083 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21985 – drm/amd/display: Fix out-of-bound accesses
https://notcve.org/view.php?id=CVE-2025-21985
01 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAX_HPO_DP2_ENCODERS. Similiarly, disp_cfg_stream_location can be used as an array index which should be 0..5, so the ASSERT's conditions should be less without equal. In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/36793d90d76f667d26c6dd025571481ee0c96abc •