Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-0155
Vulnerability from csaf_certbund
Published
2025-01-21 23:00
Modified
2025-08-12 22:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und um nicht näher beschriebene Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und um nicht n\u00e4her beschriebene Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0155 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0155.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0155 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0155"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57930",
"url": "https://lore.kernel.org/linux-cve-announce/2025012143-CVE-2024-57930-55c0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57931",
"url": "https://lore.kernel.org/linux-cve-announce/2025012147-CVE-2024-57931-06fb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57932",
"url": "https://lore.kernel.org/linux-cve-announce/2025012147-CVE-2024-57932-a9f5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57933",
"url": "https://lore.kernel.org/linux-cve-announce/2025012148-CVE-2024-57933-aa3e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57934",
"url": "https://lore.kernel.org/linux-cve-announce/2025012148-CVE-2024-57934-6cd8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57935",
"url": "https://lore.kernel.org/linux-cve-announce/2025012149-CVE-2024-57935-d9b8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57936",
"url": "https://lore.kernel.org/linux-cve-announce/2025012149-CVE-2024-57936-03a6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57937",
"url": "https://lore.kernel.org/linux-cve-announce/2025012119-CVE-2024-57937-158a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57938",
"url": "https://lore.kernel.org/linux-cve-announce/2025012119-CVE-2024-57938-eaa0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57939",
"url": "https://lore.kernel.org/linux-cve-announce/2025012127-CVE-2024-57939-fb7b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57940",
"url": "https://lore.kernel.org/linux-cve-announce/2025012128-CVE-2024-57940-e289@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57941",
"url": "https://lore.kernel.org/linux-cve-announce/2025012128-CVE-2024-57941-8779@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57942",
"url": "https://lore.kernel.org/linux-cve-announce/2025012129-CVE-2024-57942-bedc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57943",
"url": "https://lore.kernel.org/linux-cve-announce/2025012129-CVE-2024-57943-7a6e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57944",
"url": "https://lore.kernel.org/linux-cve-announce/2025012130-CVE-2024-57944-28e7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57945",
"url": "https://lore.kernel.org/linux-cve-announce/2025012130-CVE-2024-57945-248b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57946",
"url": "https://lore.kernel.org/linux-cve-announce/2025012156-CVE-2024-57946-41e8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21656",
"url": "https://lore.kernel.org/linux-cve-announce/2025012131-CVE-2025-21656-b967@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21657",
"url": "https://lore.kernel.org/linux-cve-announce/2025012131-CVE-2025-21657-5f7d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21658",
"url": "https://lore.kernel.org/linux-cve-announce/2025012132-CVE-2025-21658-78d9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21659",
"url": "https://lore.kernel.org/linux-cve-announce/2025012133-CVE-2025-21659-1c41@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21660",
"url": "https://lore.kernel.org/linux-cve-announce/2025012133-CVE-2025-21660-cfac@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21661",
"url": "https://lore.kernel.org/linux-cve-announce/2025012134-CVE-2025-21661-2a1e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21662",
"url": "https://lore.kernel.org/linux-cve-announce/2025012134-CVE-2025-21662-0c72@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21663",
"url": "https://lore.kernel.org/linux-cve-announce/2025012135-CVE-2025-21663-7420@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21664",
"url": "https://lore.kernel.org/linux-cve-announce/2025012135-CVE-2025-21664-3744@gregkh/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0289-1 vom 2025-01-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020239.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5860 vom 2025-02-08",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00023.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0428-1 vom 2025-02-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020311.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0499-1 vom 2025-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020336.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0557-1 vom 2025-02-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020350.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0564-1 vom 2025-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020361.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0565-1 vom 2025-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020360.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4075 vom 2025-03-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4076 vom 2025-03-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2025-082 vom 2025-03-14",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-082.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7387-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7387-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7382-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7382-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7379-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7379-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7388-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7388-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7380-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7380-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7381-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7381-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7392-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-2 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7392-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7390-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7390-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7387-2 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7387-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7387-3 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7387-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7391-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7391-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7389-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7389-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7393-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7393-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7379-2 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7379-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7401-1 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7401-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-3 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7392-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-4 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7392-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7407-1 vom 2025-04-02",
"url": "https://ubuntu.com/security/notices/USN-7407-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7413-1 vom 2025-04-03",
"url": "https://ubuntu.com/security/notices/USN-7413-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7421-1 vom 2025-04-07",
"url": "https://ubuntu.com/security/notices/USN-7421-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1178-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020674.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1180-1 vom 2025-04-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DGJ23MSZWYIA7MJ47RNVV6T27Z324VKA/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-3937 vom 2025-04-18",
"url": "http://linux.oracle.com/errata/ELSA-2025-3937.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7463-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7463-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7459-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7458-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7458-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-2 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7459-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:6966 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:6966"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7515-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7515-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7514-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7514-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7513-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7513-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7513-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7522-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7522-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7515-2 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7515-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7523-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7523-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5925 vom 2025-05-24",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00088.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7524-1 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7524-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7539-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7539-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7540-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7540-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-4 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7513-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-5 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7513-5"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20248-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021074.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20260-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20249-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021072.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20270-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20192-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20165-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021174.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20166-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021176.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01919-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021477.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01951-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021509.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01967-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021533.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20406 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-20406.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02249-1 vom 2025-07-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021766.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02254-1 vom 2025-07-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021770.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02307-1 vom 2025-07-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021804.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02335-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021828.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02333-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021830.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20483-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021917.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20475-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021919.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20493-1 vom 2025-07-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021967.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20498-1 vom 2025-07-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021965.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02538-1 vom 2025-07-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021981.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4271 vom 2025-08-13",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-08-12T22:00:00.000+00:00",
"generator": {
"date": "2025-08-13T06:27:13.401+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0155",
"initial_release_date": "2025-01-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-29T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-02-11T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-16T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-17T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-03-27T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-03T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-07T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-04-24T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-25T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-11T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-16T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-07-14T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-27T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-28T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "37"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T008144",
"product_identification_helper": {
"cpe": "cpe:/a:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57930",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57930"
},
{
"cve": "CVE-2024-57931",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57931"
},
{
"cve": "CVE-2024-57932",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57932"
},
{
"cve": "CVE-2024-57933",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57933"
},
{
"cve": "CVE-2024-57934",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57934"
},
{
"cve": "CVE-2024-57935",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57935"
},
{
"cve": "CVE-2024-57936",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57936"
},
{
"cve": "CVE-2024-57937",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57937"
},
{
"cve": "CVE-2024-57938",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57938"
},
{
"cve": "CVE-2024-57939",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57939"
},
{
"cve": "CVE-2024-57940",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57940"
},
{
"cve": "CVE-2024-57941",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57941"
},
{
"cve": "CVE-2024-57942",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57942"
},
{
"cve": "CVE-2024-57943",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57943"
},
{
"cve": "CVE-2024-57944",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57944"
},
{
"cve": "CVE-2024-57945",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57945"
},
{
"cve": "CVE-2024-57946",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-57946"
},
{
"cve": "CVE-2025-21656",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21656"
},
{
"cve": "CVE-2025-21657",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21657"
},
{
"cve": "CVE-2025-21658",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21658"
},
{
"cve": "CVE-2025-21659",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21660",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21660"
},
{
"cve": "CVE-2025-21661",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21661"
},
{
"cve": "CVE-2025-21662",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21662"
},
{
"cve": "CVE-2025-21663",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21663"
},
{
"cve": "CVE-2025-21664",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21664"
}
]
}
CVE-2025-21658 (GCVE-0-2025-21658)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 07:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: avoid NULL pointer dereference if no valid extent tree
[BUG]
Syzbot reported a crash with the following call trace:
BTRFS info (device loop0): scrub: started on devid 1
BUG: kernel NULL pointer dereference, address: 0000000000000208
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0
Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 1 UID: 0 PID: 689 Comm: repro Kdump: loaded Tainted: G O 6.13.0-rc4-custom+ #206
Tainted: [O]=OOT_MODULE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022
RIP: 0010:find_first_extent_item+0x26/0x1f0 [btrfs]
Call Trace:
<TASK>
scrub_find_fill_first_stripe+0x13d/0x3b0 [btrfs]
scrub_simple_mirror+0x175/0x260 [btrfs]
scrub_stripe+0x5d4/0x6c0 [btrfs]
scrub_chunk+0xbb/0x170 [btrfs]
scrub_enumerate_chunks+0x2f4/0x5f0 [btrfs]
btrfs_scrub_dev+0x240/0x600 [btrfs]
btrfs_ioctl+0x1dc8/0x2fa0 [btrfs]
? do_sys_openat2+0xa5/0xf0
__x64_sys_ioctl+0x97/0xc0
do_syscall_64+0x4f/0x120
entry_SYSCALL_64_after_hwframe+0x76/0x7e
</TASK>
[CAUSE]
The reproducer is using a corrupted image where extent tree root is
corrupted, thus forcing to use "rescue=all,ro" mount option to mount the
image.
Then it triggered a scrub, but since scrub relies on extent tree to find
where the data/metadata extents are, scrub_find_fill_first_stripe()
relies on an non-empty extent root.
But unfortunately scrub_find_fill_first_stripe() doesn't really expect
an NULL pointer for extent root, it use extent_root to grab fs_info and
triggered a NULL pointer dereference.
[FIX]
Add an extra check for a valid extent root at the beginning of
scrub_find_fill_first_stripe().
The new error path is introduced by 42437a6386ff ("btrfs: introduce
mount option rescue=ignorebadroots"), but that's pretty old, and later
commit b979547513ff ("btrfs: scrub: introduce helper to find and fill
sector info for a scrub_stripe") changed how we do scrub.
So for kernels older than 6.6, the fix will need manual backport.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/scrub.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "24b85a8b0310e0144da9ab30be42e87e6476638a",
"status": "affected",
"version": "42437a6386ffeaaf200731e73d723ea491f3fe7d",
"versionType": "git"
},
{
"lessThan": "aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784",
"status": "affected",
"version": "42437a6386ffeaaf200731e73d723ea491f3fe7d",
"versionType": "git"
},
{
"lessThan": "6aecd91a5c5b68939cf4169e32bc49f3cd2dd329",
"status": "affected",
"version": "42437a6386ffeaaf200731e73d723ea491f3fe7d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/scrub.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid NULL pointer dereference if no valid extent tree\n\n[BUG]\nSyzbot reported a crash with the following call trace:\n\n BTRFS info (device loop0): scrub: started on devid 1\n BUG: kernel NULL pointer dereference, address: 0000000000000208\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 UID: 0 PID: 689 Comm: repro Kdump: loaded Tainted: G O 6.13.0-rc4-custom+ #206\n Tainted: [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:find_first_extent_item+0x26/0x1f0 [btrfs]\n Call Trace:\n \u003cTASK\u003e\n scrub_find_fill_first_stripe+0x13d/0x3b0 [btrfs]\n scrub_simple_mirror+0x175/0x260 [btrfs]\n scrub_stripe+0x5d4/0x6c0 [btrfs]\n scrub_chunk+0xbb/0x170 [btrfs]\n scrub_enumerate_chunks+0x2f4/0x5f0 [btrfs]\n btrfs_scrub_dev+0x240/0x600 [btrfs]\n btrfs_ioctl+0x1dc8/0x2fa0 [btrfs]\n ? do_sys_openat2+0xa5/0xf0\n __x64_sys_ioctl+0x97/0xc0\n do_syscall_64+0x4f/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n[CAUSE]\nThe reproducer is using a corrupted image where extent tree root is\ncorrupted, thus forcing to use \"rescue=all,ro\" mount option to mount the\nimage.\n\nThen it triggered a scrub, but since scrub relies on extent tree to find\nwhere the data/metadata extents are, scrub_find_fill_first_stripe()\nrelies on an non-empty extent root.\n\nBut unfortunately scrub_find_fill_first_stripe() doesn\u0027t really expect\nan NULL pointer for extent root, it use extent_root to grab fs_info and\ntriggered a NULL pointer dereference.\n\n[FIX]\nAdd an extra check for a valid extent root at the beginning of\nscrub_find_fill_first_stripe().\n\nThe new error path is introduced by 42437a6386ff (\"btrfs: introduce\nmount option rescue=ignorebadroots\"), but that\u0027s pretty old, and later\ncommit b979547513ff (\"btrfs: scrub: introduce helper to find and fill\nsector info for a scrub_stripe\") changed how we do scrub.\n\nSo for kernels older than 6.6, the fix will need manual backport."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:18:24.189Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/24b85a8b0310e0144da9ab30be42e87e6476638a"
},
{
"url": "https://git.kernel.org/stable/c/aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784"
},
{
"url": "https://git.kernel.org/stable/c/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329"
}
],
"title": "btrfs: avoid NULL pointer dereference if no valid extent tree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21658",
"datePublished": "2025-01-21T12:18:14.578Z",
"dateReserved": "2024-12-29T08:45:45.731Z",
"dateUpdated": "2025-05-04T07:18:24.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21662 (GCVE-0-2025-21662)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 13:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix variable not being completed when function returns
When cmd_alloc_index(), fails cmd_work_handler() needs
to complete ent->slotted before returning early.
Otherwise the task which issued the command may hang:
mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry
INFO: task kworker/13:2:4055883 blocked for more than 120 seconds.
Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/13:2 D 0 4055883 2 0x00000228
Workqueue: events mlx5e_tx_dim_work [mlx5_core]
Call trace:
__switch_to+0xe8/0x150
__schedule+0x2a8/0x9b8
schedule+0x2c/0x88
schedule_timeout+0x204/0x478
wait_for_common+0x154/0x250
wait_for_completion+0x28/0x38
cmd_exec+0x7a0/0xa00 [mlx5_core]
mlx5_cmd_exec+0x54/0x80 [mlx5_core]
mlx5_core_modify_cq+0x6c/0x80 [mlx5_core]
mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core]
mlx5e_tx_dim_work+0x54/0x68 [mlx5_core]
process_one_work+0x1b0/0x448
worker_thread+0x54/0x468
kthread+0x134/0x138
ret_from_fork+0x10/0x18
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 4baae687a20ef2b82fde12de3c04461e6f2521d6 Version: f9caccdd42e999b74303c9b0643300073ed5d319 Version: 485d65e1357123a697c591a5aeb773994b247ad7 Version: 485d65e1357123a697c591a5aeb773994b247ad7 Version: 2d0962d05c93de391ce85f6e764df895f47c8918 Version: 94024332a129c6e4275569d85c0c1bfb2ae2d71b |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f0a2808767ac39f64b1d9a0ff865c255073cf3d4",
"status": "affected",
"version": "4baae687a20ef2b82fde12de3c04461e6f2521d6",
"versionType": "git"
},
{
"lessThan": "229cc10284373fbe754e623b7033dca7e7470ec8",
"status": "affected",
"version": "f9caccdd42e999b74303c9b0643300073ed5d319",
"versionType": "git"
},
{
"lessThan": "36124081f6ffd9dfaad48830bdf106bb82a9457d",
"status": "affected",
"version": "485d65e1357123a697c591a5aeb773994b247ad7",
"versionType": "git"
},
{
"lessThan": "0e2909c6bec9048f49d0c8e16887c63b50b14647",
"status": "affected",
"version": "485d65e1357123a697c591a5aeb773994b247ad7",
"versionType": "git"
},
{
"status": "affected",
"version": "2d0962d05c93de391ce85f6e764df895f47c8918",
"versionType": "git"
},
{
"status": "affected",
"version": "94024332a129c6e4275569d85c0c1bfb2ae2d71b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.125",
"versionStartIncluding": "6.1.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "6.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix variable not being completed when function returns\n\nWhen cmd_alloc_index(), fails cmd_work_handler() needs\nto complete ent-\u003eslotted before returning early.\nOtherwise the task which issued the command may hang:\n\n mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry\n INFO: task kworker/13:2:4055883 blocked for more than 120 seconds.\n Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n kworker/13:2 D 0 4055883 2 0x00000228\n Workqueue: events mlx5e_tx_dim_work [mlx5_core]\n Call trace:\n __switch_to+0xe8/0x150\n __schedule+0x2a8/0x9b8\n schedule+0x2c/0x88\n schedule_timeout+0x204/0x478\n wait_for_common+0x154/0x250\n wait_for_completion+0x28/0x38\n cmd_exec+0x7a0/0xa00 [mlx5_core]\n mlx5_cmd_exec+0x54/0x80 [mlx5_core]\n mlx5_core_modify_cq+0x6c/0x80 [mlx5_core]\n mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core]\n mlx5e_tx_dim_work+0x54/0x68 [mlx5_core]\n process_one_work+0x1b0/0x448\n worker_thread+0x54/0x468\n kthread+0x134/0x138\n ret_from_fork+0x10/0x18"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T13:06:13.866Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f0a2808767ac39f64b1d9a0ff865c255073cf3d4"
},
{
"url": "https://git.kernel.org/stable/c/229cc10284373fbe754e623b7033dca7e7470ec8"
},
{
"url": "https://git.kernel.org/stable/c/36124081f6ffd9dfaad48830bdf106bb82a9457d"
},
{
"url": "https://git.kernel.org/stable/c/0e2909c6bec9048f49d0c8e16887c63b50b14647"
}
],
"title": "net/mlx5: Fix variable not being completed when function returns",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21662",
"datePublished": "2025-01-21T12:18:17.674Z",
"dateReserved": "2024-12-29T08:45:45.732Z",
"dateUpdated": "2025-05-04T13:06:13.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21664 (GCVE-0-2025-21664)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 07:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm thin: make get_first_thin use rcu-safe list first function
The documentation in rculist.h explains the absence of list_empty_rcu()
and cautions programmers against relying on a list_empty() ->
list_first() sequence in RCU safe code. This is because each of these
functions performs its own READ_ONCE() of the list head. This can lead
to a situation where the list_empty() sees a valid list entry, but the
subsequent list_first() sees a different view of list head state after a
modification.
In the case of dm-thin, this author had a production box crash from a GP
fault in the process_deferred_bios path. This function saw a valid list
head in get_first_thin() but when it subsequently dereferenced that and
turned it into a thin_c, it got the inside of the struct pool, since the
list was now empty and referring to itself. The kernel on which this
occurred printed both a warning about a refcount_t being saturated, and
a UBSAN error for an out-of-bounds cpuid access in the queued spinlock,
prior to the fault itself. When the resulting kdump was examined, it
was possible to see another thread patiently waiting in thin_dtr's
synchronize_rcu.
The thin_dtr call managed to pull the thin_c out of the active thins
list (and have it be the last entry in the active_thins list) at just
the wrong moment which lead to this crash.
Fortunately, the fix here is straight forward. Switch get_first_thin()
function to use list_first_or_null_rcu() which performs just a single
READ_ONCE() and returns NULL if the list is already empty.
This was run against the devicemapper test suite's thin-provisioning
suites for delete and suspend and no regressions were observed.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: b10ebd34cccae1b431caf1be54919aede2be7cbe Version: b10ebd34cccae1b431caf1be54919aede2be7cbe Version: b10ebd34cccae1b431caf1be54919aede2be7cbe Version: b10ebd34cccae1b431caf1be54919aede2be7cbe Version: b10ebd34cccae1b431caf1be54919aede2be7cbe Version: b10ebd34cccae1b431caf1be54919aede2be7cbe Version: b10ebd34cccae1b431caf1be54919aede2be7cbe |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-thin.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec037fe8c0d0f6140e3d8a49c7b29cb5582160b8",
"status": "affected",
"version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
"versionType": "git"
},
{
"lessThan": "cd30a3960433ec2db94b3689752fa3c5df44d649",
"status": "affected",
"version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
"versionType": "git"
},
{
"lessThan": "802666a40c71a23542c43a3f87e3a2d0f4e8fe45",
"status": "affected",
"version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
"versionType": "git"
},
{
"lessThan": "12771050b6d059eea096993bf2001da9da9fddff",
"status": "affected",
"version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
"versionType": "git"
},
{
"lessThan": "6b305e98de0d225ccebfb225730a9f560d28ecb0",
"status": "affected",
"version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
"versionType": "git"
},
{
"lessThan": "cbd0d5ecfa390ac29c5380200147d09c381b2ac6",
"status": "affected",
"version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
"versionType": "git"
},
{
"lessThan": "80f130bfad1dab93b95683fc39b87235682b8f72",
"status": "affected",
"version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-thin.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.290",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.234",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.290",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.234",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.177",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.125",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm thin: make get_first_thin use rcu-safe list first function\n\nThe documentation in rculist.h explains the absence of list_empty_rcu()\nand cautions programmers against relying on a list_empty() -\u003e\nlist_first() sequence in RCU safe code. This is because each of these\nfunctions performs its own READ_ONCE() of the list head. This can lead\nto a situation where the list_empty() sees a valid list entry, but the\nsubsequent list_first() sees a different view of list head state after a\nmodification.\n\nIn the case of dm-thin, this author had a production box crash from a GP\nfault in the process_deferred_bios path. This function saw a valid list\nhead in get_first_thin() but when it subsequently dereferenced that and\nturned it into a thin_c, it got the inside of the struct pool, since the\nlist was now empty and referring to itself. The kernel on which this\noccurred printed both a warning about a refcount_t being saturated, and\na UBSAN error for an out-of-bounds cpuid access in the queued spinlock,\nprior to the fault itself. When the resulting kdump was examined, it\nwas possible to see another thread patiently waiting in thin_dtr\u0027s\nsynchronize_rcu.\n\nThe thin_dtr call managed to pull the thin_c out of the active thins\nlist (and have it be the last entry in the active_thins list) at just\nthe wrong moment which lead to this crash.\n\nFortunately, the fix here is straight forward. Switch get_first_thin()\nfunction to use list_first_or_null_rcu() which performs just a single\nREAD_ONCE() and returns NULL if the list is already empty.\n\nThis was run against the devicemapper test suite\u0027s thin-provisioning\nsuites for delete and suspend and no regressions were observed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:18:30.814Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec037fe8c0d0f6140e3d8a49c7b29cb5582160b8"
},
{
"url": "https://git.kernel.org/stable/c/cd30a3960433ec2db94b3689752fa3c5df44d649"
},
{
"url": "https://git.kernel.org/stable/c/802666a40c71a23542c43a3f87e3a2d0f4e8fe45"
},
{
"url": "https://git.kernel.org/stable/c/12771050b6d059eea096993bf2001da9da9fddff"
},
{
"url": "https://git.kernel.org/stable/c/6b305e98de0d225ccebfb225730a9f560d28ecb0"
},
{
"url": "https://git.kernel.org/stable/c/cbd0d5ecfa390ac29c5380200147d09c381b2ac6"
},
{
"url": "https://git.kernel.org/stable/c/80f130bfad1dab93b95683fc39b87235682b8f72"
}
],
"title": "dm thin: make get_first_thin use rcu-safe list first function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21664",
"datePublished": "2025-01-21T12:18:19.015Z",
"dateReserved": "2024-12-29T08:45:45.732Z",
"dateUpdated": "2025-05-04T07:18:30.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57942 (GCVE-0-2024-57942)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 10:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix ceph copy to cache on write-begin
At the end of netfs_unlock_read_folio() in which folios are marked
appropriately for copying to the cache (either with by being marked dirty
and having their private data set or by having PG_private_2 set) and then
unlocked, the folio_queue struct has the entry pointing to the folio
cleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(),
which is used to write folios marked with PG_private_2 to the cache as it
expects to be able to trawl the folio_queue list thereafter to find the
relevant folios, leading to a hang.
Fix this by not clearing the folio_queue entry if we're going to do the
deprecated copy-to-cache. The clearance will be done instead as the folios
are written to the cache.
This can be reproduced by starting cachefiles, mounting a ceph filesystem
with "-o fsc" and writing to it.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/netfs/read_collect.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "43b8d3249b0b71bad239d42dbe08ce6c938ba000",
"status": "affected",
"version": "ee4cdf7ba857a894ad1650d6ab77669cbbfa329e",
"versionType": "git"
},
{
"lessThan": "38cf8e945721ffe708fa675507465da7f4f2a9f7",
"status": "affected",
"version": "ee4cdf7ba857a894ad1650d6ab77669cbbfa329e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/netfs/read_collect.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix ceph copy to cache on write-begin\n\nAt the end of netfs_unlock_read_folio() in which folios are marked\nappropriately for copying to the cache (either with by being marked dirty\nand having their private data set or by having PG_private_2 set) and then\nunlocked, the folio_queue struct has the entry pointing to the folio\ncleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(),\nwhich is used to write folios marked with PG_private_2 to the cache as it\nexpects to be able to trawl the folio_queue list thereafter to find the\nrelevant folios, leading to a hang.\n\nFix this by not clearing the folio_queue entry if we\u0027re going to do the\ndeprecated copy-to-cache. The clearance will be done instead as the folios\nare written to the cache.\n\nThis can be reproduced by starting cachefiles, mounting a ceph filesystem\nwith \"-o fsc\" and writing to it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:07:09.915Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/43b8d3249b0b71bad239d42dbe08ce6c938ba000"
},
{
"url": "https://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7"
}
],
"title": "netfs: Fix ceph copy to cache on write-begin",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57942",
"datePublished": "2025-01-21T12:18:10.532Z",
"dateReserved": "2025-01-19T11:50:08.378Z",
"dateUpdated": "2025-05-04T10:07:09.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21661 (GCVE-0-2025-21661)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 07:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: virtuser: fix missing lookup table cleanups
When a virtuser device is created via configfs and the probe fails due
to an incorrect lookup table, the table is not removed. This prevents
subsequent probe attempts from succeeding, even if the issue is
corrected, unless the device is released. Additionally, cleanup is also
needed in the less likely case of platform_device_register_full()
failure.
Besides, a consistent memory leak in lookup_table->dev_id was spotted
using kmemleak by toggling the live state between 0 and 1 with a correct
lookup table.
Introduce gpio_virtuser_remove_lookup_table() as the counterpart to the
existing gpio_virtuser_make_lookup_table() and call it from all
necessary points to ensure proper cleanup.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-virtuser.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d72d0126b1f6981f6ce8b4247305f359958c11b5",
"status": "affected",
"version": "91581c4b3f29e2e22aeb1a62e842d529ca638b2d",
"versionType": "git"
},
{
"lessThan": "a619cba8c69c434258ff4101d463322cd63e1bdc",
"status": "affected",
"version": "91581c4b3f29e2e22aeb1a62e842d529ca638b2d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-virtuser.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.11"
},
{
"lessThan": "6.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: virtuser: fix missing lookup table cleanups\n\nWhen a virtuser device is created via configfs and the probe fails due\nto an incorrect lookup table, the table is not removed. This prevents\nsubsequent probe attempts from succeeding, even if the issue is\ncorrected, unless the device is released. Additionally, cleanup is also\nneeded in the less likely case of platform_device_register_full()\nfailure.\n\nBesides, a consistent memory leak in lookup_table-\u003edev_id was spotted\nusing kmemleak by toggling the live state between 0 and 1 with a correct\nlookup table.\n\nIntroduce gpio_virtuser_remove_lookup_table() as the counterpart to the\nexisting gpio_virtuser_make_lookup_table() and call it from all\nnecessary points to ensure proper cleanup."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:18:27.332Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d72d0126b1f6981f6ce8b4247305f359958c11b5"
},
{
"url": "https://git.kernel.org/stable/c/a619cba8c69c434258ff4101d463322cd63e1bdc"
}
],
"title": "gpio: virtuser: fix missing lookup table cleanups",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21661",
"datePublished": "2025-01-21T12:18:16.902Z",
"dateReserved": "2024-12-29T08:45:45.732Z",
"dateUpdated": "2025-05-04T07:18:27.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57932 (GCVE-0-2024-57932)
Vulnerability from cvelistv5
Published
2025-01-21 12:01
Modified
2025-05-04 10:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gve: guard XDP xmit NDO on existence of xdp queues
In GVE, dedicated XDP queues only exist when an XDP program is installed
and the interface is up. As such, the NDO XDP XMIT callback should
return early if either of these conditions are false.
In the case of no loaded XDP program, priv->num_xdp_queues=0 which can
cause a divide-by-zero error, and in the case of interface down,
num_xdp_queues remains untouched to persist XDP queue count for the next
interface up, but the TX pointer itself would be NULL.
The XDP xmit callback also needs to synchronize with a device
transitioning from open to close. This synchronization will happen via
the GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call,
which waits for any RCU critical sections at call-time to complete.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/google/gve/gve_main.c",
"drivers/net/ethernet/google/gve/gve_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cbe9eb2c39d09f3c8574febcfa39d8c09d0c7cb5",
"status": "affected",
"version": "39a7f4aa3e4a7947614cf1d5c27abba3300adb1e",
"versionType": "git"
},
{
"lessThan": "35f44eed5828cf1bc7e760d1993ed8549ba41c7b",
"status": "affected",
"version": "39a7f4aa3e4a7947614cf1d5c27abba3300adb1e",
"versionType": "git"
},
{
"lessThan": "ff7c2dea9dd1a436fc79d6273adffdcc4a7ffea3",
"status": "affected",
"version": "39a7f4aa3e4a7947614cf1d5c27abba3300adb1e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/google/gve/gve_main.c",
"drivers/net/ethernet/google/gve/gve_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.70",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.9",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: guard XDP xmit NDO on existence of xdp queues\n\nIn GVE, dedicated XDP queues only exist when an XDP program is installed\nand the interface is up. As such, the NDO XDP XMIT callback should\nreturn early if either of these conditions are false.\n\nIn the case of no loaded XDP program, priv-\u003enum_xdp_queues=0 which can\ncause a divide-by-zero error, and in the case of interface down,\nnum_xdp_queues remains untouched to persist XDP queue count for the next\ninterface up, but the TX pointer itself would be NULL.\n\nThe XDP xmit callback also needs to synchronize with a device\ntransitioning from open to close. This synchronization will happen via\nthe GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call,\nwhich waits for any RCU critical sections at call-time to complete."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:06:56.476Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cbe9eb2c39d09f3c8574febcfa39d8c09d0c7cb5"
},
{
"url": "https://git.kernel.org/stable/c/35f44eed5828cf1bc7e760d1993ed8549ba41c7b"
},
{
"url": "https://git.kernel.org/stable/c/ff7c2dea9dd1a436fc79d6273adffdcc4a7ffea3"
}
],
"title": "gve: guard XDP xmit NDO on existence of xdp queues",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57932",
"datePublished": "2025-01-21T12:01:29.212Z",
"dateReserved": "2025-01-19T11:50:08.377Z",
"dateUpdated": "2025-05-04T10:06:56.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57941 (GCVE-0-2024-57941)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 10:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled
When the caching for a cookie is temporarily disabled (e.g. due to a DIO
write on that file), future copying to the cache for that file is disabled
until all fds open on that file are closed. However, if netfslib is using
the deprecated PG_private_2 method (such as is currently used by ceph), and
decides it wants to copy to the cache, netfs_advance_write() will just bail
at the first check seeing that the cache stream is unavailable, and
indicate that it dealt with all the content.
This means that we have no subrequests to provide notifications to drive
the state machine or even to pin the request and the request just gets
discarded, leaving the folios with PG_private_2 set.
Fix this by jumping directly to cancel the request if the cache is not
available. That way, we don't remove mark3 from the folio_queue list and
netfs_pgpriv2_cancel() will clean up the folios.
This was found by running the generic/013 xfstest against ceph with an
active cache and the "-o fsc" option passed to ceph. That would usually
hang
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/netfs/read_pgpriv2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ba37bdfe59fb43e80dd79290340a21864ba4b61e",
"status": "affected",
"version": "ee4cdf7ba857a894ad1650d6ab77669cbbfa329e",
"versionType": "git"
},
{
"lessThan": "d0327c824338cdccad058723a31d038ecd553409",
"status": "affected",
"version": "ee4cdf7ba857a894ad1650d6ab77669cbbfa329e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/netfs/read_pgpriv2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix the (non-)cancellation of copy when cache is temporarily disabled\n\nWhen the caching for a cookie is temporarily disabled (e.g. due to a DIO\nwrite on that file), future copying to the cache for that file is disabled\nuntil all fds open on that file are closed. However, if netfslib is using\nthe deprecated PG_private_2 method (such as is currently used by ceph), and\ndecides it wants to copy to the cache, netfs_advance_write() will just bail\nat the first check seeing that the cache stream is unavailable, and\nindicate that it dealt with all the content.\n\nThis means that we have no subrequests to provide notifications to drive\nthe state machine or even to pin the request and the request just gets\ndiscarded, leaving the folios with PG_private_2 set.\n\nFix this by jumping directly to cancel the request if the cache is not\navailable. That way, we don\u0027t remove mark3 from the folio_queue list and\nnetfs_pgpriv2_cancel() will clean up the folios.\n\nThis was found by running the generic/013 xfstest against ceph with an\nactive cache and the \"-o fsc\" option passed to ceph. That would usually\nhang"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:07:08.541Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ba37bdfe59fb43e80dd79290340a21864ba4b61e"
},
{
"url": "https://git.kernel.org/stable/c/d0327c824338cdccad058723a31d038ecd553409"
}
],
"title": "netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57941",
"datePublished": "2025-01-21T12:18:09.834Z",
"dateReserved": "2025-01-19T11:50:08.378Z",
"dateUpdated": "2025-05-04T10:07:08.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57940 (GCVE-0-2024-57940)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 10:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix the infinite loop in exfat_readdir()
If the file system is corrupted so that a cluster is linked to
itself in the cluster chain, and there is an unused directory
entry in the cluster, 'dentry' will not be incremented, causing
condition 'dentry < max_dentries' unable to prevent an infinite
loop.
This infinite loop causes s_lock not to be released, and other
tasks will hang, such as exfat_sync_fs().
This commit stops traversing the cluster chain when there is unused
directory entry in the cluster to avoid this infinite loop.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: ca06197382bde0a3bc20215595d1c9ce20c6e341 Version: ca06197382bde0a3bc20215595d1c9ce20c6e341 Version: ca06197382bde0a3bc20215595d1c9ce20c6e341 Version: ca06197382bde0a3bc20215595d1c9ce20c6e341 Version: ca06197382bde0a3bc20215595d1c9ce20c6e341 Version: ca06197382bde0a3bc20215595d1c9ce20c6e341 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/exfat/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d8cfbb8723bd3d3222f360227a1cc15227189ca6",
"status": "affected",
"version": "ca06197382bde0a3bc20215595d1c9ce20c6e341",
"versionType": "git"
},
{
"lessThan": "28c21f0ac5293a4bf19b3e0e32005d6dd31a6c17",
"status": "affected",
"version": "ca06197382bde0a3bc20215595d1c9ce20c6e341",
"versionType": "git"
},
{
"lessThan": "31beabd0f47f8c3ed9965ba861c9e5b252d4920a",
"status": "affected",
"version": "ca06197382bde0a3bc20215595d1c9ce20c6e341",
"versionType": "git"
},
{
"lessThan": "dc1d7afceb982e8f666e70a582e6b5aa806de063",
"status": "affected",
"version": "ca06197382bde0a3bc20215595d1c9ce20c6e341",
"versionType": "git"
},
{
"lessThan": "d9ea94f5cd117d56e573696d0045ab3044185a15",
"status": "affected",
"version": "ca06197382bde0a3bc20215595d1c9ce20c6e341",
"versionType": "git"
},
{
"lessThan": "fee873761bd978d077d8c55334b4966ac4cb7b59",
"status": "affected",
"version": "ca06197382bde0a3bc20215595d1c9ce20c6e341",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/exfat/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.234",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.234",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.177",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.125",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix the infinite loop in exfat_readdir()\n\nIf the file system is corrupted so that a cluster is linked to\nitself in the cluster chain, and there is an unused directory\nentry in the cluster, \u0027dentry\u0027 will not be incremented, causing\ncondition \u0027dentry \u003c max_dentries\u0027 unable to prevent an infinite\nloop.\n\nThis infinite loop causes s_lock not to be released, and other\ntasks will hang, such as exfat_sync_fs().\n\nThis commit stops traversing the cluster chain when there is unused\ndirectory entry in the cluster to avoid this infinite loop."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:07:07.089Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d8cfbb8723bd3d3222f360227a1cc15227189ca6"
},
{
"url": "https://git.kernel.org/stable/c/28c21f0ac5293a4bf19b3e0e32005d6dd31a6c17"
},
{
"url": "https://git.kernel.org/stable/c/31beabd0f47f8c3ed9965ba861c9e5b252d4920a"
},
{
"url": "https://git.kernel.org/stable/c/dc1d7afceb982e8f666e70a582e6b5aa806de063"
},
{
"url": "https://git.kernel.org/stable/c/d9ea94f5cd117d56e573696d0045ab3044185a15"
},
{
"url": "https://git.kernel.org/stable/c/fee873761bd978d077d8c55334b4966ac4cb7b59"
}
],
"title": "exfat: fix the infinite loop in exfat_readdir()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57940",
"datePublished": "2025-01-21T12:18:09.150Z",
"dateReserved": "2025-01-19T11:50:08.378Z",
"dateUpdated": "2025-05-04T10:07:07.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57930 (GCVE-0-2024-57930)
Vulnerability from cvelistv5
Published
2025-01-21 12:01
Modified
2025-05-04 10:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Have process_string() also allow arrays
In order to catch a common bug where a TRACE_EVENT() TP_fast_assign()
assigns an address of an allocated string to the ring buffer and then
references it in TP_printk(), which can be executed hours later when the
string is free, the function test_event_printk() runs on all events as
they are registered to make sure there's no unwanted dereferencing.
It calls process_string() to handle cases in TP_printk() format that has
"%s". It returns whether or not the string is safe. But it can have some
false positives.
For instance, xe_bo_move() has:
TP_printk("move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s",
__entry->move_lacks_source ? "yes" : "no", __entry->bo, __entry->size,
xe_mem_type_to_name[__entry->old_placement],
xe_mem_type_to_name[__entry->new_placement], __get_str(device_id))
Where the "%s" references into xe_mem_type_to_name[]. This is an array of
pointers that should be safe for the event to access. Instead of flagging
this as a bad reference, if a reference points to an array, where the
record field is the index, consider it safe.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 85d7635d54d75a2589f28583dc17feedc3aa4ad6 Version: f3ff759ec636b4094b8eb2c3801e4e6c97a6b712 Version: 2f6ad0b613cd45cca48e6eb04f65351db018afb0 Version: 683eccacc02d2eb25d1c34b8fb0363fcc7e08f64 Version: 65a25d9f7ac02e0cf361356e834d1c71d36acca9 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3bcdc9039a6e9e6e47ed689a37b8d57894a3c571",
"status": "affected",
"version": "85d7635d54d75a2589f28583dc17feedc3aa4ad6",
"versionType": "git"
},
{
"lessThan": "631b1e09e213c86d5a4ce23d45c81af473bb0ac7",
"status": "affected",
"version": "f3ff759ec636b4094b8eb2c3801e4e6c97a6b712",
"versionType": "git"
},
{
"lessThan": "a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b",
"status": "affected",
"version": "2f6ad0b613cd45cca48e6eb04f65351db018afb0",
"versionType": "git"
},
{
"lessThan": "92bd18c74624e5eb9f96e70076aa46293f4b626f",
"status": "affected",
"version": "683eccacc02d2eb25d1c34b8fb0363fcc7e08f64",
"versionType": "git"
},
{
"lessThan": "afc6717628f959941d7b33728570568b4af1c4b8",
"status": "affected",
"version": "65a25d9f7ac02e0cf361356e834d1c71d36acca9",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.1.124",
"status": "affected",
"version": "6.1.122",
"versionType": "semver"
},
{
"lessThan": "6.6.70",
"status": "affected",
"version": "6.6.68",
"versionType": "semver"
},
{
"lessThan": "6.12.9",
"status": "affected",
"version": "6.12.7",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.124",
"versionStartIncluding": "6.1.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.70",
"versionStartIncluding": "6.6.68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.9",
"versionStartIncluding": "6.12.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have process_string() also allow arrays\n\nIn order to catch a common bug where a TRACE_EVENT() TP_fast_assign()\nassigns an address of an allocated string to the ring buffer and then\nreferences it in TP_printk(), which can be executed hours later when the\nstring is free, the function test_event_printk() runs on all events as\nthey are registered to make sure there\u0027s no unwanted dereferencing.\n\nIt calls process_string() to handle cases in TP_printk() format that has\n\"%s\". It returns whether or not the string is safe. But it can have some\nfalse positives.\n\nFor instance, xe_bo_move() has:\n\n TP_printk(\"move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s\",\n __entry-\u003emove_lacks_source ? \"yes\" : \"no\", __entry-\u003ebo, __entry-\u003esize,\n xe_mem_type_to_name[__entry-\u003eold_placement],\n xe_mem_type_to_name[__entry-\u003enew_placement], __get_str(device_id))\n\nWhere the \"%s\" references into xe_mem_type_to_name[]. This is an array of\npointers that should be safe for the event to access. Instead of flagging\nthis as a bad reference, if a reference points to an array, where the\nrecord field is the index, consider it safe."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:06:53.594Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3bcdc9039a6e9e6e47ed689a37b8d57894a3c571"
},
{
"url": "https://git.kernel.org/stable/c/631b1e09e213c86d5a4ce23d45c81af473bb0ac7"
},
{
"url": "https://git.kernel.org/stable/c/a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b"
},
{
"url": "https://git.kernel.org/stable/c/92bd18c74624e5eb9f96e70076aa46293f4b626f"
},
{
"url": "https://git.kernel.org/stable/c/afc6717628f959941d7b33728570568b4af1c4b8"
}
],
"title": "tracing: Have process_string() also allow arrays",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57930",
"datePublished": "2025-01-21T12:01:27.807Z",
"dateReserved": "2025-01-19T11:50:08.376Z",
"dateUpdated": "2025-05-04T10:06:53.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57936 (GCVE-0-2024-57936)
Vulnerability from cvelistv5
Published
2025-01-21 12:01
Modified
2025-05-04 10:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix max SGEs for the Work Request
Gen P7 supports up to 13 SGEs for now. WQE software structure
can hold only 6 now. Since the max send sge is reported as
13, the stack can give requests up to 13 SGEs. This is causing
traffic failures and system crashes.
Use the define for max SGE supported for variable size. This
will work for both static and variable WQEs.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_fp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3de1b50f055dc2ca7072a526cdda21f691c22dd9",
"status": "affected",
"version": "36e1b6890f228ccfc867031ecedffe50958b25e4",
"versionType": "git"
},
{
"lessThan": "9a479088e0c8f6140b8c7752b563bc8c6c6dcc8c",
"status": "affected",
"version": "227f51743b61fe3f6fc481f0fb8086bf8c49b8c9",
"versionType": "git"
},
{
"lessThan": "79d330fbdffd8cee06d8bdf38d82cb62d8363a27",
"status": "affected",
"version": "227f51743b61fe3f6fc481f0fb8086bf8c49b8c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_fp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.9",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix max SGEs for the Work Request\n\nGen P7 supports up to 13 SGEs for now. WQE software structure\ncan hold only 6 now. Since the max send sge is reported as\n13, the stack can give requests up to 13 SGEs. This is causing\ntraffic failures and system crashes.\n\nUse the define for max SGE supported for variable size. This\nwill work for both static and variable WQEs."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:07:02.896Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3de1b50f055dc2ca7072a526cdda21f691c22dd9"
},
{
"url": "https://git.kernel.org/stable/c/9a479088e0c8f6140b8c7752b563bc8c6c6dcc8c"
},
{
"url": "https://git.kernel.org/stable/c/79d330fbdffd8cee06d8bdf38d82cb62d8363a27"
}
],
"title": "RDMA/bnxt_re: Fix max SGEs for the Work Request",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57936",
"datePublished": "2025-01-21T12:01:31.907Z",
"dateReserved": "2025-01-19T11:50:08.377Z",
"dateUpdated": "2025-05-04T10:07:02.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21656 (GCVE-0-2025-21656)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 07:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur
scsi_execute_cmd() function can return both negative (linux codes) and
positive (scsi_cmnd result field) error codes.
Currently the driver just passes error codes of scsi_execute_cmd() to
hwmon core, which is incorrect because hwmon only checks for negative
error codes. This leads to hwmon reporting uninitialized data to
userspace in case of SCSI errors (for example if the disk drive was
disconnected).
This patch checks scsi_execute_cmd() output and returns -EIO if it's
error code is positive.
[groeck: Avoid inline variable declaration for portability]
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/drivetemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "53e25b10a28edaf8c2a1d3916fd8929501a50dfc",
"status": "affected",
"version": "5b46903d8bf372e563bf2150d46b87fff197a109",
"versionType": "git"
},
{
"lessThan": "42268d885e44af875a6474f7bba519cc6cea6a9d",
"status": "affected",
"version": "5b46903d8bf372e563bf2150d46b87fff197a109",
"versionType": "git"
},
{
"lessThan": "82163d63ae7a4c36142cd252388737205bb7e4b9",
"status": "affected",
"version": "5b46903d8bf372e563bf2150d46b87fff197a109",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/drivetemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur\n\nscsi_execute_cmd() function can return both negative (linux codes) and\npositive (scsi_cmnd result field) error codes.\n\nCurrently the driver just passes error codes of scsi_execute_cmd() to\nhwmon core, which is incorrect because hwmon only checks for negative\nerror codes. This leads to hwmon reporting uninitialized data to\nuserspace in case of SCSI errors (for example if the disk drive was\ndisconnected).\n\nThis patch checks scsi_execute_cmd() output and returns -EIO if it\u0027s\nerror code is positive.\n\n[groeck: Avoid inline variable declaration for portability]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:18:21.781Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/53e25b10a28edaf8c2a1d3916fd8929501a50dfc"
},
{
"url": "https://git.kernel.org/stable/c/42268d885e44af875a6474f7bba519cc6cea6a9d"
},
{
"url": "https://git.kernel.org/stable/c/82163d63ae7a4c36142cd252388737205bb7e4b9"
}
],
"title": "hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21656",
"datePublished": "2025-01-21T12:18:13.222Z",
"dateReserved": "2024-12-29T08:45:45.729Z",
"dateUpdated": "2025-05-04T07:18:21.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21663 (GCVE-0-2025-21663)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 07:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: dwmac-tegra: Read iommu stream id from device tree
Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SID) to be
written to the MGBE_WRAP_AXI_ASID0_CTRL register.
The current driver is hard coded to use MGBE0's SID for all controllers.
This causes softirq time outs and kernel panics when using controllers
other than MGBE0.
Example dmesg errors when an ethernet cable is connected to MGBE1:
[ 116.133290] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx
[ 121.851283] tegra-mgbe 6910000.ethernet eth1: NETDEV WATCHDOG: CPU: 5: transmit queue 0 timed out 5690 ms
[ 121.851782] tegra-mgbe 6910000.ethernet eth1: Reset adapter.
[ 121.892464] tegra-mgbe 6910000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0
[ 121.905920] tegra-mgbe 6910000.ethernet eth1: PHY [stmmac-1:00] driver [Aquantia AQR113] (irq=171)
[ 121.907356] tegra-mgbe 6910000.ethernet eth1: Enabling Safety Features
[ 121.907578] tegra-mgbe 6910000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported
[ 121.908399] tegra-mgbe 6910000.ethernet eth1: registered PTP clock
[ 121.908582] tegra-mgbe 6910000.ethernet eth1: configuring for phy/10gbase-r link mode
[ 125.961292] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx
[ 181.921198] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 181.921404] rcu: 7-....: (1 GPs behind) idle=540c/1/0x4000000000000002 softirq=1748/1749 fqs=2337
[ 181.921684] rcu: (detected by 4, t=6002 jiffies, g=1357, q=1254 ncpus=8)
[ 181.921878] Sending NMI from CPU 4 to CPUs 7:
[ 181.921886] NMI backtrace for cpu 7
[ 181.922131] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Kdump: loaded Not tainted 6.13.0-rc3+ #6
[ 181.922390] Hardware name: NVIDIA CTI Forge + Orin AGX/Jetson, BIOS 202402.1-Unknown 10/28/2024
[ 181.922658] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 181.922847] pc : handle_softirqs+0x98/0x368
[ 181.922978] lr : __do_softirq+0x18/0x20
[ 181.923095] sp : ffff80008003bf50
[ 181.923189] x29: ffff80008003bf50 x28: 0000000000000008 x27: 0000000000000000
[ 181.923379] x26: ffffce78ea277000 x25: 0000000000000000 x24: 0000001c61befda0
[ 181.924486] x23: 0000000060400009 x22: ffffce78e99918bc x21: ffff80008018bd70
[ 181.925568] x20: ffffce78e8bb00d8 x19: ffff80008018bc20 x18: 0000000000000000
[ 181.926655] x17: ffff318ebe7d3000 x16: ffff800080038000 x15: 0000000000000000
[ 181.931455] x14: ffff000080816680 x13: ffff318ebe7d3000 x12: 000000003464d91d
[ 181.938628] x11: 0000000000000040 x10: ffff000080165a70 x9 : ffffce78e8bb0160
[ 181.945804] x8 : ffff8000827b3160 x7 : f9157b241586f343 x6 : eeb6502a01c81c74
[ 181.953068] x5 : a4acfcdd2e8096bb x4 : ffffce78ea277340 x3 : 00000000ffffd1e1
[ 181.960329] x2 : 0000000000000101 x1 : ffffce78ea277340 x0 : ffff318ebe7d3000
[ 181.967591] Call trace:
[ 181.970043] handle_softirqs+0x98/0x368 (P)
[ 181.974240] __do_softirq+0x18/0x20
[ 181.977743] ____do_softirq+0x14/0x28
[ 181.981415] call_on_irq_stack+0x24/0x30
[ 181.985180] do_softirq_own_stack+0x20/0x30
[ 181.989379] __irq_exit_rcu+0x114/0x140
[ 181.993142] irq_exit_rcu+0x14/0x28
[ 181.996816] el1_interrupt+0x44/0xb8
[ 182.000316] el1h_64_irq_handler+0x14/0x20
[ 182.004343] el1h_64_irq+0x80/0x88
[ 182.007755] cpuidle_enter_state+0xc4/0x4a8 (P)
[ 182.012305] cpuidle_enter+0x3c/0x58
[ 182.015980] cpuidle_idle_call+0x128/0x1c0
[ 182.020005] do_idle+0xe0/0xf0
[ 182.023155] cpu_startup_entry+0x3c/0x48
[ 182.026917] secondary_start_kernel+0xdc/0x120
[ 182.031379] __secondary_switched+0x74/0x78
[ 212.971162] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 7-.... } 6103 jiffies s: 417 root: 0x80/.
[ 212.985935] rcu: blocking rcu_node structures (internal RCU debug):
[ 212.992758] Sending NMI from CPU 0 to CPUs 7:
[ 212.998539] NMI backtrace for cpu 7
[ 213.004304] CPU: 7 UID: 0 PI
---truncated---
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "235419f0956e8c60e597aa1619ded8bda7460bb4",
"status": "affected",
"version": "d8ca113724e79b324f553914cefa9dd6961de152",
"versionType": "git"
},
{
"lessThan": "b04d33cdbc958a3fd57f3544d4f78b99d9d11909",
"status": "affected",
"version": "d8ca113724e79b324f553914cefa9dd6961de152",
"versionType": "git"
},
{
"lessThan": "426046e2d62dd19533808661e912b8e8a9eaec16",
"status": "affected",
"version": "d8ca113724e79b324f553914cefa9dd6961de152",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: dwmac-tegra: Read iommu stream id from device tree\n\nNvidia\u0027s Tegra MGBE controllers require the IOMMU \"Stream ID\" (SID) to be\nwritten to the MGBE_WRAP_AXI_ASID0_CTRL register.\n\nThe current driver is hard coded to use MGBE0\u0027s SID for all controllers.\nThis causes softirq time outs and kernel panics when using controllers\nother than MGBE0.\n\nExample dmesg errors when an ethernet cable is connected to MGBE1:\n\n[ 116.133290] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx\n[ 121.851283] tegra-mgbe 6910000.ethernet eth1: NETDEV WATCHDOG: CPU: 5: transmit queue 0 timed out 5690 ms\n[ 121.851782] tegra-mgbe 6910000.ethernet eth1: Reset adapter.\n[ 121.892464] tegra-mgbe 6910000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0\n[ 121.905920] tegra-mgbe 6910000.ethernet eth1: PHY [stmmac-1:00] driver [Aquantia AQR113] (irq=171)\n[ 121.907356] tegra-mgbe 6910000.ethernet eth1: Enabling Safety Features\n[ 121.907578] tegra-mgbe 6910000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported\n[ 121.908399] tegra-mgbe 6910000.ethernet eth1: registered PTP clock\n[ 121.908582] tegra-mgbe 6910000.ethernet eth1: configuring for phy/10gbase-r link mode\n[ 125.961292] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx\n[ 181.921198] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:\n[ 181.921404] rcu: \t7-....: (1 GPs behind) idle=540c/1/0x4000000000000002 softirq=1748/1749 fqs=2337\n[ 181.921684] rcu: \t(detected by 4, t=6002 jiffies, g=1357, q=1254 ncpus=8)\n[ 181.921878] Sending NMI from CPU 4 to CPUs 7:\n[ 181.921886] NMI backtrace for cpu 7\n[ 181.922131] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Kdump: loaded Not tainted 6.13.0-rc3+ #6\n[ 181.922390] Hardware name: NVIDIA CTI Forge + Orin AGX/Jetson, BIOS 202402.1-Unknown 10/28/2024\n[ 181.922658] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 181.922847] pc : handle_softirqs+0x98/0x368\n[ 181.922978] lr : __do_softirq+0x18/0x20\n[ 181.923095] sp : ffff80008003bf50\n[ 181.923189] x29: ffff80008003bf50 x28: 0000000000000008 x27: 0000000000000000\n[ 181.923379] x26: ffffce78ea277000 x25: 0000000000000000 x24: 0000001c61befda0\n[ 181.924486] x23: 0000000060400009 x22: ffffce78e99918bc x21: ffff80008018bd70\n[ 181.925568] x20: ffffce78e8bb00d8 x19: ffff80008018bc20 x18: 0000000000000000\n[ 181.926655] x17: ffff318ebe7d3000 x16: ffff800080038000 x15: 0000000000000000\n[ 181.931455] x14: ffff000080816680 x13: ffff318ebe7d3000 x12: 000000003464d91d\n[ 181.938628] x11: 0000000000000040 x10: ffff000080165a70 x9 : ffffce78e8bb0160\n[ 181.945804] x8 : ffff8000827b3160 x7 : f9157b241586f343 x6 : eeb6502a01c81c74\n[ 181.953068] x5 : a4acfcdd2e8096bb x4 : ffffce78ea277340 x3 : 00000000ffffd1e1\n[ 181.960329] x2 : 0000000000000101 x1 : ffffce78ea277340 x0 : ffff318ebe7d3000\n[ 181.967591] Call trace:\n[ 181.970043] handle_softirqs+0x98/0x368 (P)\n[ 181.974240] __do_softirq+0x18/0x20\n[ 181.977743] ____do_softirq+0x14/0x28\n[ 181.981415] call_on_irq_stack+0x24/0x30\n[ 181.985180] do_softirq_own_stack+0x20/0x30\n[ 181.989379] __irq_exit_rcu+0x114/0x140\n[ 181.993142] irq_exit_rcu+0x14/0x28\n[ 181.996816] el1_interrupt+0x44/0xb8\n[ 182.000316] el1h_64_irq_handler+0x14/0x20\n[ 182.004343] el1h_64_irq+0x80/0x88\n[ 182.007755] cpuidle_enter_state+0xc4/0x4a8 (P)\n[ 182.012305] cpuidle_enter+0x3c/0x58\n[ 182.015980] cpuidle_idle_call+0x128/0x1c0\n[ 182.020005] do_idle+0xe0/0xf0\n[ 182.023155] cpu_startup_entry+0x3c/0x48\n[ 182.026917] secondary_start_kernel+0xdc/0x120\n[ 182.031379] __secondary_switched+0x74/0x78\n[ 212.971162] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 7-.... } 6103 jiffies s: 417 root: 0x80/.\n[ 212.985935] rcu: blocking rcu_node structures (internal RCU debug):\n[ 212.992758] Sending NMI from CPU 0 to CPUs 7:\n[ 212.998539] NMI backtrace for cpu 7\n[ 213.004304] CPU: 7 UID: 0 PI\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:18:29.588Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/235419f0956e8c60e597aa1619ded8bda7460bb4"
},
{
"url": "https://git.kernel.org/stable/c/b04d33cdbc958a3fd57f3544d4f78b99d9d11909"
},
{
"url": "https://git.kernel.org/stable/c/426046e2d62dd19533808661e912b8e8a9eaec16"
}
],
"title": "net: stmmac: dwmac-tegra: Read iommu stream id from device tree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21663",
"datePublished": "2025-01-21T12:18:18.347Z",
"dateReserved": "2024-12-29T08:45:45.732Z",
"dateUpdated": "2025-05-04T07:18:29.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57945 (GCVE-0-2024-57945)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-22 12:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: mm: Fix the out of bound issue of vmemmap address
In sparse vmemmap model, the virtual address of vmemmap is calculated as:
((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)).
And the struct page's va can be calculated with an offset:
(vmemmap + (pfn)).
However, when initializing struct pages, kernel actually starts from the
first page from the same section that phys_ram_base belongs to. If the
first page's physical address is not (phys_ram_base >> PAGE_SHIFT), then
we get an va below VMEMMAP_START when calculating va for it's struct page.
For example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the
first page in the same section is actually pfn 0x80000. During
init_unavailable_range(), we will initialize struct page for pfn 0x80000
with virtual address ((struct page *)VMEMMAP_START - 0x2000), which is
below VMEMMAP_START as well as PCI_IO_END.
This commit fixes this bug by introducing a new variable
'vmemmap_start_pfn' which is aligned with memory section size and using
it to calculate vmemmap address instead of phys_ram_base.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 8310080799b40fd9f2a8b808c657269678c149af Version: a278d5c60f21aa15d540abb2f2da6e6d795c3e6e Version: a11dd49dcb9376776193e15641f84fcc1e5980c9 Version: a11dd49dcb9376776193e15641f84fcc1e5980c9 Version: 8af1c121b0102041809bc137ec600d1865eaeedd Version: 5941a90c55d3bfba732b32208d58d997600b44ef Version: 2a1728c15ec4f45ed9248ae22f626541c179bfbe |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/include/asm/page.h",
"arch/riscv/include/asm/pgtable.h",
"arch/riscv/mm/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "92f08673d3f1893191323572f60e3c62f2e57c2f",
"status": "affected",
"version": "8310080799b40fd9f2a8b808c657269678c149af",
"versionType": "git"
},
{
"lessThan": "a4a7ac3d266008018f05fae53060fcb331151a14",
"status": "affected",
"version": "a278d5c60f21aa15d540abb2f2da6e6d795c3e6e",
"versionType": "git"
},
{
"lessThan": "d2bd51954ac8377c2f1eb1813e694788998add66",
"status": "affected",
"version": "a11dd49dcb9376776193e15641f84fcc1e5980c9",
"versionType": "git"
},
{
"lessThan": "f754f27e98f88428aaf6be6e00f5cbce97f62d4b",
"status": "affected",
"version": "a11dd49dcb9376776193e15641f84fcc1e5980c9",
"versionType": "git"
},
{
"status": "affected",
"version": "8af1c121b0102041809bc137ec600d1865eaeedd",
"versionType": "git"
},
{
"status": "affected",
"version": "5941a90c55d3bfba732b32208d58d997600b44ef",
"versionType": "git"
},
{
"status": "affected",
"version": "2a1728c15ec4f45ed9248ae22f626541c179bfbe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/include/asm/page.h",
"arch/riscv/include/asm/pgtable.h",
"arch/riscv/mm/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.140",
"versionStartIncluding": "6.1.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "6.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: mm: Fix the out of bound issue of vmemmap address\n\nIn sparse vmemmap model, the virtual address of vmemmap is calculated as:\n((struct page *)VMEMMAP_START - (phys_ram_base \u003e\u003e PAGE_SHIFT)).\nAnd the struct page\u0027s va can be calculated with an offset:\n(vmemmap + (pfn)).\n\nHowever, when initializing struct pages, kernel actually starts from the\nfirst page from the same section that phys_ram_base belongs to. If the\nfirst page\u0027s physical address is not (phys_ram_base \u003e\u003e PAGE_SHIFT), then\nwe get an va below VMEMMAP_START when calculating va for it\u0027s struct page.\n\nFor example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the\nfirst page in the same section is actually pfn 0x80000. During\ninit_unavailable_range(), we will initialize struct page for pfn 0x80000\nwith virtual address ((struct page *)VMEMMAP_START - 0x2000), which is\nbelow VMEMMAP_START as well as PCI_IO_END.\n\nThis commit fixes this bug by introducing a new variable\n\u0027vmemmap_start_pfn\u0027 which is aligned with memory section size and using\nit to calculate vmemmap address instead of phys_ram_base."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:40:03.484Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/92f08673d3f1893191323572f60e3c62f2e57c2f"
},
{
"url": "https://git.kernel.org/stable/c/a4a7ac3d266008018f05fae53060fcb331151a14"
},
{
"url": "https://git.kernel.org/stable/c/d2bd51954ac8377c2f1eb1813e694788998add66"
},
{
"url": "https://git.kernel.org/stable/c/f754f27e98f88428aaf6be6e00f5cbce97f62d4b"
}
],
"title": "riscv: mm: Fix the out of bound issue of vmemmap address",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57945",
"datePublished": "2025-01-21T12:18:12.548Z",
"dateReserved": "2025-01-19T11:50:08.380Z",
"dateUpdated": "2025-05-22T12:40:03.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57937 (GCVE-0-2024-57937)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-01-22T12:50:28.180Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57937",
"datePublished": "2025-01-21T12:09:14.482Z",
"dateRejected": "2025-01-22T12:50:28.180Z",
"dateReserved": "2025-01-19T11:50:08.377Z",
"dateUpdated": "2025-01-22T12:50:28.180Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57944 (GCVE-0-2024-57944)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 10:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ti-ads1298: Add NULL check in ads1298_init
devm_kasprintf() can return a NULL pointer on failure. A check on the
return value of such a call in ads1298_init() is missing. Add it.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ti-ads1298.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69b680bbac9bd611aaa308769d6c71e3e70eb3c3",
"status": "affected",
"version": "00ef7708fa6073a84f6898fdcdfe965d903b0378",
"versionType": "git"
},
{
"lessThan": "bcb394bb28e55312cace75362b8e489eb0e02a30",
"status": "affected",
"version": "00ef7708fa6073a84f6898fdcdfe965d903b0378",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ti-ads1298.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ti-ads1298: Add NULL check in ads1298_init\n\ndevm_kasprintf() can return a NULL pointer on failure. A check on the\nreturn value of such a call in ads1298_init() is missing. Add it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:07:12.524Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69b680bbac9bd611aaa308769d6c71e3e70eb3c3"
},
{
"url": "https://git.kernel.org/stable/c/bcb394bb28e55312cace75362b8e489eb0e02a30"
}
],
"title": "iio: adc: ti-ads1298: Add NULL check in ads1298_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57944",
"datePublished": "2025-01-21T12:18:11.882Z",
"dateReserved": "2025-01-19T11:50:08.379Z",
"dateUpdated": "2025-05-04T10:07:12.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57943 (GCVE-0-2024-57943)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 10:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix the new buffer was not zeroed before writing
Before writing, if a buffer_head marked as new, its data must
be zeroed, otherwise uninitialized data in the page cache will
be written.
So this commit uses folio_zero_new_buffers() to zero the new
buffers before ->write_end().
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/exfat/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "942c6f91ab8d82a41650e717940b4e577173762f",
"status": "affected",
"version": "6630ea49103c3d45461e29b0f6eb0ce750aeb8f5",
"versionType": "git"
},
{
"lessThan": "98e2fb26d1a9eafe79f46d15d54e68e014d81d8c",
"status": "affected",
"version": "6630ea49103c3d45461e29b0f6eb0ce750aeb8f5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/exfat/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix the new buffer was not zeroed before writing\n\nBefore writing, if a buffer_head marked as new, its data must\nbe zeroed, otherwise uninitialized data in the page cache will\nbe written.\n\nSo this commit uses folio_zero_new_buffers() to zero the new\nbuffers before -\u003ewrite_end()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:07:11.213Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/942c6f91ab8d82a41650e717940b4e577173762f"
},
{
"url": "https://git.kernel.org/stable/c/98e2fb26d1a9eafe79f46d15d54e68e014d81d8c"
}
],
"title": "exfat: fix the new buffer was not zeroed before writing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57943",
"datePublished": "2025-01-21T12:18:11.195Z",
"dateReserved": "2025-01-19T11:50:08.378Z",
"dateUpdated": "2025-05-04T10:07:11.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57934 (GCVE-0-2024-57934)
Vulnerability from cvelistv5
Published
2025-01-21 12:01
Modified
2025-05-04 10:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fgraph: Add READ_ONCE() when accessing fgraph_array[]
In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]
elements, which are fgraph_ops. The loop checks if an element is a
fgraph_stub to prevent using a fgraph_stub afterward.
However, if the compiler reloads fgraph_array[] after this check, it might
race with an update to fgraph_array[] that introduces a fgraph_stub. This
could result in the stub being processed, but the stub contains a null
"func_hash" field, leading to a NULL pointer dereference.
To ensure that the gops compared against the fgraph_stub matches the gops
processed later, add a READ_ONCE(). A similar patch appears in commit
63a8dfb ("function_graph: Add READ_ONCE() when accessing fgraph_array[]").
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/fgraph.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b68b2a3fbacc7be720ef589d489bcacdd05c6d38",
"status": "affected",
"version": "37238abe3cb47b8daaa8706c9949f67b2a705cf1",
"versionType": "git"
},
{
"lessThan": "d65474033740ded0a4fe9a097fce72328655b41d",
"status": "affected",
"version": "37238abe3cb47b8daaa8706c9949f67b2a705cf1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/fgraph.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.11"
},
{
"lessThan": "6.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.9",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfgraph: Add READ_ONCE() when accessing fgraph_array[]\n\nIn __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]\nelements, which are fgraph_ops. The loop checks if an element is a\nfgraph_stub to prevent using a fgraph_stub afterward.\n\nHowever, if the compiler reloads fgraph_array[] after this check, it might\nrace with an update to fgraph_array[] that introduces a fgraph_stub. This\ncould result in the stub being processed, but the stub contains a null\n\"func_hash\" field, leading to a NULL pointer dereference.\n\nTo ensure that the gops compared against the fgraph_stub matches the gops\nprocessed later, add a READ_ONCE(). A similar patch appears in commit\n63a8dfb (\"function_graph: Add READ_ONCE() when accessing fgraph_array[]\")."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:06:59.208Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b68b2a3fbacc7be720ef589d489bcacdd05c6d38"
},
{
"url": "https://git.kernel.org/stable/c/d65474033740ded0a4fe9a097fce72328655b41d"
}
],
"title": "fgraph: Add READ_ONCE() when accessing fgraph_array[]",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57934",
"datePublished": "2025-01-21T12:01:30.537Z",
"dateReserved": "2025-01-19T11:50:08.377Z",
"dateUpdated": "2025-05-04T10:06:59.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21657 (GCVE-0-2025-21657)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 07:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()
scx_ops_bypass() iterates all CPUs to re-enqueue all the scx tasks.
For each CPU, it acquires a lock using rq_lock() regardless of whether
a CPU is offline or the CPU is currently running a task in a higher
scheduler class (e.g., deadline). The rq_lock() is supposed to be used
for online CPUs, and the use of rq_lock() may trigger an unnecessary
warning in rq_pin_lock(). Therefore, replace rq_lock() to
raw_spin_rq_lock() in scx_ops_bypass().
Without this change, we observe the following warning:
===== START =====
[ 6.615205] rq->balance_callback && rq->balance_callback != &balance_push_callback
[ 6.615208] WARNING: CPU: 2 PID: 0 at kernel/sched/sched.h:1730 __schedule+0x1130/0x1c90
===== END =====
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sched/ext.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d9e446dd63cee7161717a6a8414ba9c6435af764",
"status": "affected",
"version": "0e7ffff1b8117b05635c87d3c9099f6aa9c9b689",
"versionType": "git"
},
{
"lessThan": "6268d5bc10354fc2ab8d44a0cd3b042d49a0417e",
"status": "affected",
"version": "0e7ffff1b8117b05635c87d3c9099f6aa9c9b689",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sched/ext.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()\n\nscx_ops_bypass() iterates all CPUs to re-enqueue all the scx tasks.\nFor each CPU, it acquires a lock using rq_lock() regardless of whether\na CPU is offline or the CPU is currently running a task in a higher\nscheduler class (e.g., deadline). The rq_lock() is supposed to be used\nfor online CPUs, and the use of rq_lock() may trigger an unnecessary\nwarning in rq_pin_lock(). Therefore, replace rq_lock() to\nraw_spin_rq_lock() in scx_ops_bypass().\n\nWithout this change, we observe the following warning:\n\n===== START =====\n[ 6.615205] rq-\u003ebalance_callback \u0026\u0026 rq-\u003ebalance_callback != \u0026balance_push_callback\n[ 6.615208] WARNING: CPU: 2 PID: 0 at kernel/sched/sched.h:1730 __schedule+0x1130/0x1c90\n===== END ====="
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:18:22.917Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d9e446dd63cee7161717a6a8414ba9c6435af764"
},
{
"url": "https://git.kernel.org/stable/c/6268d5bc10354fc2ab8d44a0cd3b042d49a0417e"
}
],
"title": "sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21657",
"datePublished": "2025-01-21T12:18:13.893Z",
"dateReserved": "2024-12-29T08:45:45.731Z",
"dateUpdated": "2025-05-04T07:18:22.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57931 (GCVE-0-2024-57931)
Vulnerability from cvelistv5
Published
2025-01-21 12:01
Modified
2025-05-04 10:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
selinux: ignore unknown extended permissions
When evaluating extended permissions, ignore unknown permissions instead
of calling BUG(). This commit ensures that future permissions can be
added without interfering with older kernels.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a Version: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a Version: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a Version: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a Version: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a Version: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a Version: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/selinux/ss/services.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f45a77dd24ae9ddb474303ec3975c376bd99fc51",
"status": "affected",
"version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
"versionType": "git"
},
{
"lessThan": "712137b177b45f255ce5687e679d950fcb218256",
"status": "affected",
"version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
"versionType": "git"
},
{
"lessThan": "f70e4b9ec69d9a74b84c17767a9a4eda8c901021",
"status": "affected",
"version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
"versionType": "git"
},
{
"lessThan": "c79324d42fa48372e0acb306a2761cc642bd4db0",
"status": "affected",
"version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
"versionType": "git"
},
{
"lessThan": "c1dbd28a079553de0023e1c938c713efeeee400f",
"status": "affected",
"version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
"versionType": "git"
},
{
"lessThan": "efefe36c03a73bb81c0720ce397659a5051b73fa",
"status": "affected",
"version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
"versionType": "git"
},
{
"lessThan": "900f83cf376bdaf798b6f5dcb2eae0c822e908b6",
"status": "affected",
"version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/selinux/ss/services.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.176",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.289",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.233",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.176",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.124",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.70",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.9",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: ignore unknown extended permissions\n\nWhen evaluating extended permissions, ignore unknown permissions instead\nof calling BUG(). This commit ensures that future permissions can be\nadded without interfering with older kernels."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:06:54.999Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f45a77dd24ae9ddb474303ec3975c376bd99fc51"
},
{
"url": "https://git.kernel.org/stable/c/712137b177b45f255ce5687e679d950fcb218256"
},
{
"url": "https://git.kernel.org/stable/c/f70e4b9ec69d9a74b84c17767a9a4eda8c901021"
},
{
"url": "https://git.kernel.org/stable/c/c79324d42fa48372e0acb306a2761cc642bd4db0"
},
{
"url": "https://git.kernel.org/stable/c/c1dbd28a079553de0023e1c938c713efeeee400f"
},
{
"url": "https://git.kernel.org/stable/c/efefe36c03a73bb81c0720ce397659a5051b73fa"
},
{
"url": "https://git.kernel.org/stable/c/900f83cf376bdaf798b6f5dcb2eae0c822e908b6"
}
],
"title": "selinux: ignore unknown extended permissions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57931",
"datePublished": "2025-01-21T12:01:28.539Z",
"dateReserved": "2025-01-19T11:50:08.377Z",
"dateUpdated": "2025-05-04T10:06:54.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57938 (GCVE-0-2024-57938)
Vulnerability from cvelistv5
Published
2025-01-21 12:09
Modified
2025-05-04 10:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sctp: Prevent autoclose integer overflow in sctp_association_init()
While by default max_autoclose equals to INT_MAX / HZ, one may set
net.sctp.max_autoclose to UINT_MAX. There is code in
sctp_association_init() that can consequently trigger overflow.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 9f70f46bd4c7267d48ef461a1d613ec9ec0d520c Version: 9f70f46bd4c7267d48ef461a1d613ec9ec0d520c Version: 9f70f46bd4c7267d48ef461a1d613ec9ec0d520c Version: 9f70f46bd4c7267d48ef461a1d613ec9ec0d520c Version: 9f70f46bd4c7267d48ef461a1d613ec9ec0d520c Version: 9f70f46bd4c7267d48ef461a1d613ec9ec0d520c Version: 9f70f46bd4c7267d48ef461a1d613ec9ec0d520c |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sctp/associola.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "94b7ed0a4896420988e1776942f0a3f67167873e",
"status": "affected",
"version": "9f70f46bd4c7267d48ef461a1d613ec9ec0d520c",
"versionType": "git"
},
{
"lessThan": "081bdb3a31674339313c6d702af922bc29de2c53",
"status": "affected",
"version": "9f70f46bd4c7267d48ef461a1d613ec9ec0d520c",
"versionType": "git"
},
{
"lessThan": "f9c3adb083d3278f065a83c3f667f1246c74c31f",
"status": "affected",
"version": "9f70f46bd4c7267d48ef461a1d613ec9ec0d520c",
"versionType": "git"
},
{
"lessThan": "7af63ef5fe4d480064eb22583b24ffc8b408183a",
"status": "affected",
"version": "9f70f46bd4c7267d48ef461a1d613ec9ec0d520c",
"versionType": "git"
},
{
"lessThan": "271f031f4c31c07e2a85a1ba2b4c8e734909a477",
"status": "affected",
"version": "9f70f46bd4c7267d48ef461a1d613ec9ec0d520c",
"versionType": "git"
},
{
"lessThan": "2297890b778b0e7c8200d6818154f7e461d78e94",
"status": "affected",
"version": "9f70f46bd4c7267d48ef461a1d613ec9ec0d520c",
"versionType": "git"
},
{
"lessThan": "4e86729d1ff329815a6e8a920cb554a1d4cb5b8d",
"status": "affected",
"version": "9f70f46bd4c7267d48ef461a1d613ec9ec0d520c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sctp/associola.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.176",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.289",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.233",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.176",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.124",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.70",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.9",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sctp: Prevent autoclose integer overflow in sctp_association_init()\n\nWhile by default max_autoclose equals to INT_MAX / HZ, one may set\nnet.sctp.max_autoclose to UINT_MAX. There is code in\nsctp_association_init() that can consequently trigger overflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:07:04.425Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/94b7ed0a4896420988e1776942f0a3f67167873e"
},
{
"url": "https://git.kernel.org/stable/c/081bdb3a31674339313c6d702af922bc29de2c53"
},
{
"url": "https://git.kernel.org/stable/c/f9c3adb083d3278f065a83c3f667f1246c74c31f"
},
{
"url": "https://git.kernel.org/stable/c/7af63ef5fe4d480064eb22583b24ffc8b408183a"
},
{
"url": "https://git.kernel.org/stable/c/271f031f4c31c07e2a85a1ba2b4c8e734909a477"
},
{
"url": "https://git.kernel.org/stable/c/2297890b778b0e7c8200d6818154f7e461d78e94"
},
{
"url": "https://git.kernel.org/stable/c/4e86729d1ff329815a6e8a920cb554a1d4cb5b8d"
}
],
"title": "net/sctp: Prevent autoclose integer overflow in sctp_association_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57938",
"datePublished": "2025-01-21T12:09:15.412Z",
"dateReserved": "2025-01-19T11:50:08.377Z",
"dateUpdated": "2025-05-04T10:07:04.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21660 (GCVE-0-2025-21660)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 13:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
When `ksmbd_vfs_kern_path_locked` met an error and it is not the last
entry, it will exit without restoring changed path buffer. But later this
buffer may be used as the filename for creation.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: d1b2d2a9c912fc7b788985fbaf944e80f4b3f2af Version: 6ab95e27b77730de3fa2d601db3764490c5eede2 Version: c5a709f08d40b1a082e44ffcde1aea4d2822ddd5 Version: c5a709f08d40b1a082e44ffcde1aea4d2822ddd5 Version: d205cb1a13b37b2660df70a972dedc8c4ba1c2e8 Version: c1e27b70e79050530c671b9dab688386c86f039a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/server/vfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "13e41c58c74baa71f34c0830eaa3c29d53a6e964",
"status": "affected",
"version": "d1b2d2a9c912fc7b788985fbaf944e80f4b3f2af",
"versionType": "git"
},
{
"lessThan": "65b31b9d992c0fb0685c51a0cf09993832734fc4",
"status": "affected",
"version": "6ab95e27b77730de3fa2d601db3764490c5eede2",
"versionType": "git"
},
{
"lessThan": "51669f4af5f7959565b48e55691ba92fabf5c587",
"status": "affected",
"version": "c5a709f08d40b1a082e44ffcde1aea4d2822ddd5",
"versionType": "git"
},
{
"lessThan": "2ac538e40278a2c0c051cca81bcaafc547d61372",
"status": "affected",
"version": "c5a709f08d40b1a082e44ffcde1aea4d2822ddd5",
"versionType": "git"
},
{
"status": "affected",
"version": "d205cb1a13b37b2660df70a972dedc8c4ba1c2e8",
"versionType": "git"
},
{
"status": "affected",
"version": "c1e27b70e79050530c671b9dab688386c86f039a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/server/vfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.125",
"versionStartIncluding": "6.1.113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "6.6.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked\n\nWhen `ksmbd_vfs_kern_path_locked` met an error and it is not the last\nentry, it will exit without restoring changed path buffer. But later this\nbuffer may be used as the filename for creation."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T13:06:12.428Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/13e41c58c74baa71f34c0830eaa3c29d53a6e964"
},
{
"url": "https://git.kernel.org/stable/c/65b31b9d992c0fb0685c51a0cf09993832734fc4"
},
{
"url": "https://git.kernel.org/stable/c/51669f4af5f7959565b48e55691ba92fabf5c587"
},
{
"url": "https://git.kernel.org/stable/c/2ac538e40278a2c0c051cca81bcaafc547d61372"
}
],
"title": "ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21660",
"datePublished": "2025-01-21T12:18:16.062Z",
"dateReserved": "2024-12-29T08:45:45.732Z",
"dateUpdated": "2025-05-04T13:06:12.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57946 (GCVE-0-2024-57946)
Vulnerability from cvelistv5
Published
2025-01-21 12:22
Modified
2025-09-03 12:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
virtio-blk: don't keep queue frozen during system suspend
Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before
deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk's
PM callbacks. And the motivation is to drain inflight IOs before suspending.
block layer's queue freeze looks very handy, but it is also easy to cause
deadlock, such as, any attempt to call into bio_queue_enter() may run into
deadlock if the queue is frozen in current context. There are all kinds
of ->suspend() called in suspend context, so keeping queue frozen in the
whole suspend context isn't one good idea. And Marek reported lockdep
warning[1] caused by virtio-blk's freeze queue in virtblk_freeze().
[1] https://lore.kernel.org/linux-block/ca16370e-d646-4eee-b9cc-87277c89c43c@samsung.com/
Given the motivation is to drain in-flight IOs, it can be done by calling
freeze & unfreeze, meantime restore to previous behavior by keeping queue
quiesced during suspend.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: b7bfaea8f5ecd290864f5ae4c69859b89832b4dc Version: 5fe446b245ba61ddc924d7db280bcd987c39357a Version: 2a52590ac52394540351d8289cc2af0b83cf7d31 Version: db48acce75d73dfe51c43d56893cce067b73cf08 Version: 8946924ff324853df6b7c525a7467d964dfd11c3 Version: 4ce6e2db00de8103a0687fb0f65fd17124a51aaa Version: 4ce6e2db00de8103a0687fb0f65fd17124a51aaa Version: 2b5128c714d863cd8d259aa9d87bed2d6aa6a5a8 Version: c67ed40b1b4a66e3a13b21bdfbd0151639da5240 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/virtio_blk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d738f3215bb4f88911ff4579780a44960c8e0ca5",
"status": "affected",
"version": "b7bfaea8f5ecd290864f5ae4c69859b89832b4dc",
"versionType": "git"
},
{
"lessThan": "9ca428c6397abaa8c38f5c69133a2299e1efbbf2",
"status": "affected",
"version": "5fe446b245ba61ddc924d7db280bcd987c39357a",
"versionType": "git"
},
{
"lessThan": "6dea8e3de59928974bf157dd0499d3958d744ae4",
"status": "affected",
"version": "2a52590ac52394540351d8289cc2af0b83cf7d31",
"versionType": "git"
},
{
"lessThan": "9e323f856cf4963120e0e3892a84ef8bd764a0e4",
"status": "affected",
"version": "db48acce75d73dfe51c43d56893cce067b73cf08",
"versionType": "git"
},
{
"lessThan": "12c0ddd6c551c1e438b087f874b4f1223a75f7ea",
"status": "affected",
"version": "8946924ff324853df6b7c525a7467d964dfd11c3",
"versionType": "git"
},
{
"lessThan": "92d5139b91147ab372a17daf5dc27a5b9278e516",
"status": "affected",
"version": "4ce6e2db00de8103a0687fb0f65fd17124a51aaa",
"versionType": "git"
},
{
"lessThan": "7678abee0867e6b7fb89aa40f6e9f575f755fb37",
"status": "affected",
"version": "4ce6e2db00de8103a0687fb0f65fd17124a51aaa",
"versionType": "git"
},
{
"status": "affected",
"version": "2b5128c714d863cd8d259aa9d87bed2d6aa6a5a8",
"versionType": "git"
},
{
"status": "affected",
"version": "c67ed40b1b4a66e3a13b21bdfbd0151639da5240",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/virtio_blk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.176",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.123",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.69",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.289",
"versionStartIncluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.233",
"versionStartIncluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.176",
"versionStartIncluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.123",
"versionStartIncluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.69",
"versionStartIncluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.8",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: don\u0027t keep queue frozen during system suspend\n\nCommit 4ce6e2db00de (\"virtio-blk: Ensure no requests in virtqueues before\ndeleting vqs.\") replaces queue quiesce with queue freeze in virtio-blk\u0027s\nPM callbacks. And the motivation is to drain inflight IOs before suspending.\n\nblock layer\u0027s queue freeze looks very handy, but it is also easy to cause\ndeadlock, such as, any attempt to call into bio_queue_enter() may run into\ndeadlock if the queue is frozen in current context. There are all kinds\nof -\u003esuspend() called in suspend context, so keeping queue frozen in the\nwhole suspend context isn\u0027t one good idea. And Marek reported lockdep\nwarning[1] caused by virtio-blk\u0027s freeze queue in virtblk_freeze().\n\n[1] https://lore.kernel.org/linux-block/ca16370e-d646-4eee-b9cc-87277c89c43c@samsung.com/\n\nGiven the motivation is to drain in-flight IOs, it can be done by calling\nfreeze \u0026 unfreeze, meantime restore to previous behavior by keeping queue\nquiesced during suspend."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T12:59:22.528Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d738f3215bb4f88911ff4579780a44960c8e0ca5"
},
{
"url": "https://git.kernel.org/stable/c/9ca428c6397abaa8c38f5c69133a2299e1efbbf2"
},
{
"url": "https://git.kernel.org/stable/c/6dea8e3de59928974bf157dd0499d3958d744ae4"
},
{
"url": "https://git.kernel.org/stable/c/9e323f856cf4963120e0e3892a84ef8bd764a0e4"
},
{
"url": "https://git.kernel.org/stable/c/12c0ddd6c551c1e438b087f874b4f1223a75f7ea"
},
{
"url": "https://git.kernel.org/stable/c/92d5139b91147ab372a17daf5dc27a5b9278e516"
},
{
"url": "https://git.kernel.org/stable/c/7678abee0867e6b7fb89aa40f6e9f575f755fb37"
}
],
"title": "virtio-blk: don\u0027t keep queue frozen during system suspend",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57946",
"datePublished": "2025-01-21T12:22:53.324Z",
"dateReserved": "2025-01-19T11:50:08.380Z",
"dateUpdated": "2025-09-03T12:59:22.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57939 (GCVE-0-2024-57939)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 10:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: Fix sleeping in invalid context in die()
die() can be called in exception handler, and therefore cannot sleep.
However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled.
That causes the following warning:
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex
preempt_count: 110001, expected: 0
RCU nest depth: 0, expected: 0
CPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
dump_backtrace+0x1c/0x24
show_stack+0x2c/0x38
dump_stack_lvl+0x5a/0x72
dump_stack+0x14/0x1c
__might_resched+0x130/0x13a
rt_spin_lock+0x2a/0x5c
die+0x24/0x112
do_trap_insn_illegal+0xa0/0xea
_new_vmalloc_restore_context_a0+0xcc/0xd8
Oops - illegal instruction [#1]
Switch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT
enabled.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 Version: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 Version: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 Version: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 Version: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 Version: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/traps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c38baa03ac8e18140faf36a3b955d30cad48e74",
"status": "affected",
"version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
"versionType": "git"
},
{
"lessThan": "10c24df2e303f517fab0359392c11b6b1d553f2b",
"status": "affected",
"version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
"versionType": "git"
},
{
"lessThan": "c21df31fc2a4afc02a6e56511364e9e793ea92ec",
"status": "affected",
"version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
"versionType": "git"
},
{
"lessThan": "f48f060a4b36b5e96628f6c3fb1540f1e8dedb69",
"status": "affected",
"version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
"versionType": "git"
},
{
"lessThan": "76ab0afcdbe8c9685b589016ee1c0e25fe596707",
"status": "affected",
"version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
"versionType": "git"
},
{
"lessThan": "6a97f4118ac07cfdc316433f385dbdc12af5025e",
"status": "affected",
"version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/traps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.234",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.234",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.177",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.125",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix sleeping in invalid context in die()\n\ndie() can be called in exception handler, and therefore cannot sleep.\nHowever, die() takes spinlock_t which can sleep with PREEMPT_RT enabled.\nThat causes the following warning:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex\npreempt_count: 110001, expected: 0\nRCU nest depth: 0, expected: 0\nCPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n dump_backtrace+0x1c/0x24\n show_stack+0x2c/0x38\n dump_stack_lvl+0x5a/0x72\n dump_stack+0x14/0x1c\n __might_resched+0x130/0x13a\n rt_spin_lock+0x2a/0x5c\n die+0x24/0x112\n do_trap_insn_illegal+0xa0/0xea\n _new_vmalloc_restore_context_a0+0xcc/0xd8\nOops - illegal instruction [#1]\n\nSwitch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT\nenabled."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:07:05.839Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c38baa03ac8e18140faf36a3b955d30cad48e74"
},
{
"url": "https://git.kernel.org/stable/c/10c24df2e303f517fab0359392c11b6b1d553f2b"
},
{
"url": "https://git.kernel.org/stable/c/c21df31fc2a4afc02a6e56511364e9e793ea92ec"
},
{
"url": "https://git.kernel.org/stable/c/f48f060a4b36b5e96628f6c3fb1540f1e8dedb69"
},
{
"url": "https://git.kernel.org/stable/c/76ab0afcdbe8c9685b589016ee1c0e25fe596707"
},
{
"url": "https://git.kernel.org/stable/c/6a97f4118ac07cfdc316433f385dbdc12af5025e"
}
],
"title": "riscv: Fix sleeping in invalid context in die()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57939",
"datePublished": "2025-01-21T12:18:08.433Z",
"dateReserved": "2025-01-19T11:50:08.378Z",
"dateUpdated": "2025-05-04T10:07:05.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57935 (GCVE-0-2024-57935)
Vulnerability from cvelistv5
Published
2025-01-21 12:01
Modified
2025-05-04 13:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix accessing invalid dip_ctx during destroying QP
If it fails to modify QP to RTR, dip_ctx will not be attached. And
during detroying QP, the invalid dip_ctx pointer will be accessed.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a448c775f0aec6cfbee4bda561447c707153504a",
"status": "affected",
"version": "f48084857b9e3d73c1d290307b5a11f61e6f666a",
"versionType": "git"
},
{
"lessThan": "0572eccf239ce4bd89bd531767ec5ab20e249290",
"status": "affected",
"version": "faa62440a5772b40bb7d78bf9e29556a82ecf153",
"versionType": "git"
},
{
"status": "affected",
"version": "84707ec6f651df98a141cad59f726d30e6f15574",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.12.9",
"status": "affected",
"version": "6.12.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.9",
"versionStartIncluding": "6.12.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix accessing invalid dip_ctx during destroying QP\n\nIf it fails to modify QP to RTR, dip_ctx will not be attached. And\nduring detroying QP, the invalid dip_ctx pointer will be accessed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T13:01:41.875Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a448c775f0aec6cfbee4bda561447c707153504a"
},
{
"url": "https://git.kernel.org/stable/c/0572eccf239ce4bd89bd531767ec5ab20e249290"
}
],
"title": "RDMA/hns: Fix accessing invalid dip_ctx during destroying QP",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57935",
"datePublished": "2025-01-21T12:01:31.236Z",
"dateReserved": "2025-01-19T11:50:08.377Z",
"dateUpdated": "2025-05-04T13:01:41.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57933 (GCVE-0-2024-57933)
Vulnerability from cvelistv5
Published
2025-01-21 12:01
Modified
2025-05-04 10:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gve: guard XSK operations on the existence of queues
This patch predicates the enabling and disabling of XSK pools on the
existence of queues. As it stands, if the interface is down, disabling
or enabling XSK pools would result in a crash, as the RX queue pointer
would be NULL. XSK pool registration will occur as part of the next
interface up.
Similarly, xsk_wakeup needs be guarded against queues disappearing
while the function is executing, so a check against the
GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the
disabling of the bit and the synchronize_net() in gve_turndown.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/google/gve/gve_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "771d66f2bd8c4dba1286a9163ab982cecd825718",
"status": "affected",
"version": "fd8e40321a12391e6f554cc637d0c4b6109682a9",
"versionType": "git"
},
{
"lessThan": "8e8d7037c89437af12725f454e2eaf40e8166c0f",
"status": "affected",
"version": "fd8e40321a12391e6f554cc637d0c4b6109682a9",
"versionType": "git"
},
{
"lessThan": "40338d7987d810fcaa95c500b1068a52b08eec9b",
"status": "affected",
"version": "fd8e40321a12391e6f554cc637d0c4b6109682a9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/google/gve/gve_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.70",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.9",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: guard XSK operations on the existence of queues\n\nThis patch predicates the enabling and disabling of XSK pools on the\nexistence of queues. As it stands, if the interface is down, disabling\nor enabling XSK pools would result in a crash, as the RX queue pointer\nwould be NULL. XSK pool registration will occur as part of the next\ninterface up.\n\nSimilarly, xsk_wakeup needs be guarded against queues disappearing\nwhile the function is executing, so a check against the\nGVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the\ndisabling of the bit and the synchronize_net() in gve_turndown."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:06:57.881Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/771d66f2bd8c4dba1286a9163ab982cecd825718"
},
{
"url": "https://git.kernel.org/stable/c/8e8d7037c89437af12725f454e2eaf40e8166c0f"
},
{
"url": "https://git.kernel.org/stable/c/40338d7987d810fcaa95c500b1068a52b08eec9b"
}
],
"title": "gve: guard XSK operations on the existence of queues",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57933",
"datePublished": "2025-01-21T12:01:29.882Z",
"dateReserved": "2025-01-19T11:50:08.377Z",
"dateUpdated": "2025-05-04T10:06:57.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21659 (GCVE-0-2025-21659)
Vulnerability from cvelistv5
Published
2025-01-21 12:18
Modified
2025-05-04 07:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netdev: prevent accessing NAPI instances from another namespace
The NAPI IDs were not fully exposed to user space prior to the netlink
API, so they were never namespaced. The netlink API must ensure that
at the very least NAPI instance belongs to the same netns as the owner
of the genl sock.
napi_by_id() can become static now, but it needs to move because of
dev_get_by_napi_id().
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/dev.c",
"net/core/dev.h",
"net/core/netdev-genl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b683ba0df11ff563cc237eb1b74d6adfa77226bf",
"status": "affected",
"version": "27f91aaf49b3a50e5a02ad5fa27b7c453d029a72",
"versionType": "git"
},
{
"lessThan": "d1cacd74776895f6435941f86a1130e58f6dd226",
"status": "affected",
"version": "27f91aaf49b3a50e5a02ad5fa27b7c453d029a72",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/dev.c",
"net/core/dev.h",
"net/core/netdev-genl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:18:25.265Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b683ba0df11ff563cc237eb1b74d6adfa77226bf"
},
{
"url": "https://git.kernel.org/stable/c/d1cacd74776895f6435941f86a1130e58f6dd226"
}
],
"title": "netdev: prevent accessing NAPI instances from another namespace",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21659",
"datePublished": "2025-01-21T12:18:15.407Z",
"dateReserved": "2024-12-29T08:45:45.732Z",
"dateUpdated": "2025-05-04T07:18:25.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…