CVE-2025-21945

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_lock If smb_lock->zero_len has value, ->llist of smb_lock is not delete andflock is old one. It will cause use-after-free on error handlingroutine.

CVE-2024-58088

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commitbc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]")first introduced deadlock prevention for fentry/fexit programs attachingon bpf_tas...

CVE-2025-21774

In the Linux kernel, the following vulnerability has been resolved: can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() tobail out if skb cannot be allocated.

CVE-2025-21843

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the uninitialized value is copiedto user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize'priorities_info' to a...

CVE-2025-21851

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y,arena_htab tests cause a segmentation fault and soft lockup.The same failure is not observed with 4k pages on aarch64. It tu...

CVE-2025-21982

In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw devm_kasprintf() calls can return null pointers on failure.But the return values were not checked in npcm8xx_gpio_fw().Add NULL check in npcm8xx_gpio_fw(), to handle kern...

CVE-2025-21908

In the Linux kernel, the following vulnerability has been resolved: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it sonfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can de...

CVE-2025-22000

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped due to EOF,folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop allpage cache refs. Othe...

CVE-2025-21900

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it ispossible for a server reboot to triggeer an open reclaim, with can againrace with the application ...

CVE-2025-21915

In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, whichincludes both driver_override_sh...

CVE-2025-21947

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix type confusion via race condition when using ipc_msg_send_request req->handle is allocated using ksmbd_acquire_id(&ipc_ida), based onida_alloc. req->handle from ksmbd_ipc_login_request andFSCTL_PIPE_TRANSCEIVE ioct...

CVE-2025-21989

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1,due to lack of .is_two_pixels_per_container function in dce60_tg_funcs,causes a NULL pointer dereferen...

CVE-2025-21770

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential memory leak in iopf_queue_remove_device() The iopf_queue_remove_device() helper removes a device from the per-iommuiopf queue when PRI is disabled on the device. It responds to alloutstanding iopf's with an IOM...

CVE-2025-21824

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra")caused a use of uninitialized mutex leading to below warning whenCONFIG_DEBUG_MUTEXES and CONFIG_DEBUG_LOCK_ALLOC are e...

CVE-2025-21845

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operationto sst_nor_write_data()")' introduced a bug where only one byte of datais written, regardless of the number of byte...

CVE-2025-21929

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the rmmod operation for the intel_ishtp_hid driver, ause-after-free issue can occur in the hid_ishtp_cl_remove() function.The function hid_ishtp_cl_deinit...

CVE-2025-21940

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrencewhen calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)

CVE-2025-21949

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set hugetlb mmap base address aligned with pmd size With ltp test case "testcases/bin/hugefork02", there is a dmesg errorreport message such as: kernel BUG at mm/hugetlb.c:5550!Oops - BUG[#1]:CPU: 0 UID: 0 PID: 1517 Comm...

CVE-2025-21911

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: avoid deadlock on fence release Do scheduler queue fence release processing on a workqueue, ratherthan in the release function itself. Fixes deadlock issues such as the following: [ 607.400437] ====================...

CVE-2025-21879

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfs_scan_root() we are accessing the inode's root (and fs_info) in acall to btrfs_fs_closing() after we have scheduled the inode for a delayediput, and ...

CVE-2025-21930

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't try to talk to a dead firmware This fixes: bad state = 0WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi]Call Trace:? __warn+0xca/0x1c0? ...

CVE-2025-21933

In the Linux kernel, the following vulnerability has been resolved: arm: pgtable: fix NULL pointer dereference issue When update_mmu_cache_range() is called by update_mmu_cache(), the vmfparameter is NULL, which will cause a NULL pointer dereference issue inadjust_pte(): Unable to handle kernel NUL...

CVE-2025-21797

In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Add missing delayed work cancel for headset status The cancel_delayed_work_sync() call was missed, causing a use-after-freein corsair_void_remove().

CVE-2025-21901

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add sanity checks on rdev validity There is a possibility that ulp_irq_stop and ulp_irq_startcallbacks will be called when the device is in detached state.This can cause a crash due to NULL pointer dereference asthe r...

CVE-2025-21783

In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix crash on error in gpiochip_get_ngpios() The gpiochip_get_ngpios() uses chip_() macros to print messages.However these macros rely on gpiodev to be initialised and set,which is not the case when called via bgpio_init()....

CVE-2025-21990

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will beNULL. Check for that before dereferencing. (cherry picked from commit 3e3fcd29b505cebe...

CVE-2025-21769

In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Add .owner to vmclock_miscdev_fops Without the .owner field, the module can be unloaded while /dev/vmclock0is open, leading to an oops.

CVE-2025-21788

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases If the XDP program doesn't result in XDP_PASS then we leak thememory allocated by am65_cpsw_build_skb(). It is pointless to allocate SKB memory before running the XDPpr...

CVE-2024-58021

In the Linux kernel, the following vulnerability has been resolved: HID: winwing: Add NULL check in winwing_init_led() devm_kasprintf() can return a NULL pointer on failure,but thisreturned value in winwing_init_led() is not checked.Add NULL check in winwing_init_led(), to handle kernel NULLpointer...

CVE-2025-21789

In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bitsystem") would cause an undefined shift and an out-of-bounds read. Commit 8bd795fedb84 ("...