CVE-2025-21997 xsk: fix an integer overflow in xp_create_and_assign_umem()

In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xpcreateandassignumem Since the i and pool-chunksize variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the...

CVE-2025-21991

In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, loadmicrocodeamd iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask...

CVE-2025-21991 x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, loadmicrocodeamd iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask...

CVE-2025-21988 fs/netfs/read_collect: add to next->prev_donated

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/readcollect: add to next-prevdonated If multiple subrequests donate data to the same "next" request depending on the subrequest completion order, each of them would overwrite the prevdonated field, causing data corruptio...

CVE-2025-21986

In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Convert blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding / removing...

CVE-2025-21975

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: handle errors in mlx5chainscreatetable In mlx5chainscreatetable, the return value of mlx5getfdbsubns and mlx5getflownamespace must be checked to prevent NULL pointer dereferences. If either function fails, the function...

CVE-2025-21978

CVE-2025-21978 – Linux kernel (drm/hyperv): address space leak in Hyper-V DRM device mapping . The vulnerability occurs when a Hyper-V DRM device is probed: the driver allocates MMIO space for VRAM and maps it as cacheable, but on device removal or probing error path the MMIO space is released wi...

CVE-2025-21972 net: mctp: unshare packets when reassembling

In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the fraglist used for reassembly isn't shared with other packets. This avoids incorrect reassembly when packets are cloned, and prevents a memory leak due to circular...

CVE-2025-21970 net/mlx5: Bridge, fix the crash caused by LAG state check

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Bridge, fix the crash caused by LAG state check When removing LAG device from bridge, NETDEVCHANGEUPPER event is triggered. Driver finds the lower devices PFs to flush all the offloaded entries. And mlx5lagissharedfdb i...

CVE-2025-21959 netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...

CVE-2025-21957 scsi: qla1280: Fix kernel oops when debug level > 2

In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUGQLA1280 enabled and qldebuglevel 2. I think its clear from the code that the...

CVE-2025-21946 ksmbd: fix out-of-bounds in parse_sec_desc()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parsesecdesc If osidoffset, gsidoffset and dacloffset could be greater than smbntsd struct size. If it is smaller, It could cause slab-out-of-bounds. And when validating sid, It need to check it includ...

CVE-2025-21946 ksmbd: fix out-of-bounds in parse_sec_desc()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parsesecdesc If osidoffset, gsidoffset and dacloffset could be greater than smbntsd struct size. If it is smaller, It could cause slab-out-of-bounds. And when validating sid, It need to check it includ...

CVE-2025-21903

CVE-2025-21903 affects the Linux kernel’s MCTP over I3C header handling: daddr may be NULL when no neighbour table entry exists, in which case the TX packet should be dropped; saddr may also be NULL if transmitted by a different protocol. The issue is escalated as a local vector with a Medium bas...

CVE-2025-21873

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsgtransportsgiofn. In the case where ufsbsgexecadvancedrpmbreq returns an error, do not set the...

CVE-2023-52984

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe function is only used for the DP83822 PHY, leaving the private data pointer uninitialized for the smaller DP83825/26 models. While all uses of the...

CVE-2022-49757

In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbankmcprobe When devresopengroup fails, it returns -ENOMEM without freeing memory allocated by edacmcalloc. Call edacmcfree on the error handling path to avoid a memory leak. bp: Massage comm...

CVE-2023-53022

In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid deadlock in enetctxonesteptstamp This lockdep splat says it better than I could: ================================ WARNING: inconsistent lock state 6.2.0-rc2-07010-ga9b9500ffaac-dirty 967 Not tainted...

CVE-2023-53018 Bluetooth: hci_conn: Fix memory leaks

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix memory leaks When hcicmdsyncqueue failed in hcileterminatebig or hcilebigterminate, the memory pointed by variable d is not freed, which will cause memory leak. Add release process to error path...

CVE-2023-53003 EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info

In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llccdrivdata as edacdevicectlinfo's pvtinfo The memory for llccdrivdata is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the...