CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21675 – net/mlx5: Clear port select structure when fail to create
https://notcve.org/view.php?id=CVE-2025-21675
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after definers are destroyed. That's because the mlx5_lag_destroy_definers() always try to destroy all lag definers in the tt_map, so in the flow below lag definers get double-destroyed and cause kernel crash: mlx5_lag_port_sel_create() mlx5_lag_create_definers() mlx5_lag_create_definer() <- Failed on tt 1 mlx5_lag_dest... • https://git.kernel.org/stable/c/dc48516ec7d369c6b80bf9f14d774287b6c428aa •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21674 – net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel
https://notcve.org/view.php?id=CVE-2025-21674
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernel generates the following kernel panic, which is happening due to two issues: 1. In SA add section, the should be _bh() variant when marking SA mode. 2. There is not needed flush_workqueue in SA delete routine. It is not needed as at this stage as it is removed from SADB and the running work will be can... • https://git.kernel.org/stable/c/4c24272b4e2befca6ad1409c3c9aaa16c24b1099 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21673 – smb: client: fix double free of TCP_Server_Info::hostname
https://notcve.org/view.php?id=CVE-2025-21673
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCP_Server_Info::hostname When shutting down the server in cifs_put_tcp_session(), cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server->hostname can't be freed as long as cifsd thread isn't done. Otherwise the following can happen: RIP: 0010:__slab_free+0x223/0x3c0 Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89 1c 24 e8 fb cf ... • https://git.kernel.org/stable/c/7be3248f313930ff3d3436d4e9ddbe9fccc1f541 •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21672 – afs: Fix merge preference rule failure condition
https://notcve.org/view.php?id=CVE-2025-21672
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by store the error in ret and jump to done to clean up instead of returning directly. [dh: Modified Lizhi Xu's original patch to make it honour the error code from afs_split_string()] [1] WARNING: lock held when ret... • https://git.kernel.org/stable/c/22be1d90a6211c88dd093b25d1f3aa974d0d9f9d •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21671 – zram: fix potential UAF of zram table
https://notcve.org/view.php?id=CVE-2025-21671
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an failed and uninitialized device. In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which wi... • https://git.kernel.org/stable/c/ac3b5366b9b7c9d97b606532ceab43d2329a22f3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21670 – vsock/bpf: return early if transport is not assigned
https://notcve.org/view.php?id=CVE-2025-21670
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace: BUG: kernel NULL pointer dereference, address: 00000000000000a0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 12faf8067 P4D 12faf8067 P... • https://git.kernel.org/stable/c/634f1a7110b439c65fd8a809171c1d2d28bcea6f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21669 – vsock/virtio: discard packets if the transport changes
https://notcve.org/view.php?id=CVE-2025-21669
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access vsk->transport. A possible scenario is described by Hyunwoo Kim in the attached link, where after a first connect() interrupted by a signal, and a second connect() failed, we can find `vsk->transport` at NULL, leadi... • https://git.kernel.org/stable/c/c0cfa2d8a788fcf45df5bf4070ab2474c88d543a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21668 – pmdomain: imx8mp-blk-ctrl: add missing loop break condition
https://notcve.org/view.php?id=CVE-2025-21668
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loop until an out-of-bounds exception occurs. pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : dev_pm_domain_detach+0x8/0x48 lr : imx8mp_blk_ctrl_shutdown+0x58/0x90 sp : ffffffc084f8bbf0 x29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000 x26: ffffffc081658d78 x25: 0000000000000001 x24: fffff... • https://git.kernel.org/stable/c/556f5cf9568af772d494cff24ffaa7ea41e1ab40 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21667 – iomap: avoid avoid truncating 64-bit offset to 32 bits
https://notcve.org/view.php?id=CVE-2025-21667
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an unsigned long. This could lead to an infinite loop when writing to an xfs filesystem. In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was i... • https://git.kernel.org/stable/c/7ca4bd6b754913910151acce00be093f03642725 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21666 – vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
https://notcve.org/view.php?id=CVE-2025-21666
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport (see attached links), but we shouldn't. Previous commits should have solved the real problems, but we may have more in the future, so to avoid null-ptr-deref, we can return 0 (no space, no data available) but with a warning. This way the code should continue... • https://git.kernel.org/stable/c/c0cfa2d8a788fcf45df5bf4070ab2474c88d543a •