CVE-2025-21809 rxrpc, afs: Fix peer hash locking vs RCU callback

In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix peer hash locking vs RCU callback In its address list, afs now retains pointers to and refs on one or more rxrpcpeer objects. The address list is freed under RCU and at this time, it puts the refs on those peers...

CVE-2025-21805 RDMA/rtrs: Add missing deinit() call

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Add missing deinit call A warning is triggered when repeatedly connecting and disconnecting the rnbd: listadd corruption. prev-next should be next ffff88800b13e480, but was ffff88801ecd1338. prev=ffff88801ecd1340...

CVE-2025-21755

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-21787 team: better TEAM_OPTION_TYPE_STRING validation

In the Linux kernel, the following vulnerability has been resolved: team: better TEAMOPTIONTYPESTRING validation syzbot reported following splat 1 Make sure user-provided data contains one nul byte. 1 BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:633 inline BUG: KMSAN: uninit-value in...

CVE-2025-21777

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the...

CVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces

In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usbhubtostructhub to dereference a NULL or inappropriate pointer: Oops: general protection fault,...

CVE-2025-21755

...

CVE-2024-49570

In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TPprintk UAF The commit afd2627f727b "tracing: Check "%s" dereference via the field and not the TPprintk format" exposes potential UAFs in the xebomove trace event. Fix those by avoiding...

CVE-2025-21753 btrfs: fix use-after-free when attempting to join an aborted transaction

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fsinfo-translock and without holding any...

CVE-2025-21754 btrfs: fix assertion failure when splitting ordered extent after transaction abort

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFSORDEREDIOERR flag done at...

CVE-2025-21753 btrfs: fix use-after-free when attempting to join an aborted transaction

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fsinfo-translock and without holding any...

CVE-2025-21749 net: rose: lock the socket in rose_bind()

In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rosebind syzbot reported a soft lockup in roseloopbacktimer, with a repro calling bind from multiple threads. rosebind must lock the socket to avoid this issue...

CVE-2025-21748

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipcmsgalloc can potentially overflow leading to memory corruption. Add bounds checking using KSMBDIPCMAXPAYLOAD to avoid overflow...

CVE-2025-21744

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmftxfinalize On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the interface: brcmfdetach...

CVE-2025-21743 usbnet: ipheth: fix possible overflow in DPE length check

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength U16MAX. This could lead to an OoB read. Move the wDatagramIndex term t...

CVE-2025-21735

CVE-2025-21735 affects the Linux kernel NFC (nci) component, specifically nci_hci_create_pipe(). The pipe value is a net-sourced u8; if it exceeds 127, it can cause memory corruption in the caller, nci_hci_connect_gate(), per the advisory. The description confirms the issue has been resolved in t...

CVE-2025-21728

CVE-2025-21728: Linux kernel vulnerability where BPF programs in non-preemptible contexts calling bpf_send_signal() can sleep, causing issues. The fix changes irqs_disabled() to !preemptible(). Affects kernels with BPF support; CVSSv3.1 base 5.5 (LOCAL, LOW privileges, NONE user interaction, HIGH...

CVE-2025-21707

In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...

CVE-2024-57989 wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925changeviflinks In mt7925changeviflinks devmkzalloc may return NULL but this returned value is not checked...

CVE-2024-57988 Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcmgetboardname devmkstrdup can return a NULL pointer on failure,but this returned value in btbcmgetboardname is not checked. Add NULL check in btbcmgetboardname, to handle kernel NULL pointe...