Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-0461
Vulnerability from csaf_certbund
Published
2025-02-27 23:00
Modified
2025-08-26 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und um nicht näher spezifizierte Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und um nicht n\u00e4her spezifizierte Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0461 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0461.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0461 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0461"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58022",
"url": "https://lore.kernel.org/linux-cve-announce/2025022748-CVE-2024-58022-60ab@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58034",
"url": "https://lore.kernel.org/linux-cve-announce/2025022751-CVE-2024-58034-36fb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58042",
"url": "https://lore.kernel.org/linux-cve-announce/2025022751-CVE-2024-58042-c5ba@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21798",
"url": "https://lore.kernel.org/linux-cve-announce/2025022751-CVE-2025-21798-5fcb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21799",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21799-0420@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21800",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21800-d1e6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21801",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21801-5496@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21802",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21802-0cc5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21803",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21803-e8ea@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21804",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21804-dea6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21805",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21805-7256@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21806",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21806-7910@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21807",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21807-a4bb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21808",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21808-b8bf@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21809",
"url": "https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21809-4258@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21810",
"url": "https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21810-0c14@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21811",
"url": "https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21811-beb7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21812",
"url": "https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21812-9b17@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21813",
"url": "https://lore.kernel.org/linux-cve-announce/2025022709-CVE-2025-21813-9e46@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21814",
"url": "https://lore.kernel.org/linux-cve-announce/2025022709-CVE-2025-21814-d723@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21815",
"url": "https://lore.kernel.org/linux-cve-announce/2025022709-CVE-2025-21815-19c9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21816",
"url": "https://lore.kernel.org/linux-cve-announce/2025022709-CVE-2025-21816-bbd4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21817",
"url": "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21817-2fc8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21818",
"url": "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21818-27ee@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21819",
"url": "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21819-5549@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21820",
"url": "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21820-f4ab@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21821",
"url": "https://lore.kernel.org/linux-cve-announce/2025022707-CVE-2025-21821-ae41@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21822",
"url": "https://lore.kernel.org/linux-cve-announce/2025022707-CVE-2025-21822-88c0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21823",
"url": "https://lore.kernel.org/linux-cve-announce/2025022708-CVE-2025-21823-9027@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21824",
"url": "https://lore.kernel.org/linux-cve-announce/2025022708-CVE-2025-21824-1a04@gregkh/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0847-1 vom 2025-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020505.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020508.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0955-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020563.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4102 vom 2025-04-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1177-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1178-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020674.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1180-1 vom 2025-04-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DGJ23MSZWYIA7MJ47RNVV6T27Z324VKA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1293-1 vom 2025-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020712.html"
},
{
"category": "external",
"summary": "Container-Optimized OS release notes vom 2025-04-16",
"url": "https://cloud.google.com/container-optimized-os/docs/release-notes#April_14_2025"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2025-088 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-088.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7489-1 vom 2025-05-06",
"url": "https://ubuntu.com/security/notices/USN-7489-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7491-1 vom 2025-05-06",
"url": "https://ubuntu.com/security/notices/USN-7491-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7499-1 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7499-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7489-2 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7489-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7510-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1573-1 vom 2025-05-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020836.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7516-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7512-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7512-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7510-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7511-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7511-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7511-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7517-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7518-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7518-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7521-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7521-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-5 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7516-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-4 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7511-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7511-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01600-1 vom 2025-05-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020854.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01640-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020861.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01627-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020866.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01614-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020870.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01620-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020867.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-2 vom 2025-05-21",
"url": "https://ubuntu.com/security/notices/USN-7517-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-4 vom 2025-05-21",
"url": "https://ubuntu.com/security/notices/USN-7516-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7521-2 vom 2025-05-22",
"url": "https://ubuntu.com/security/notices/USN-7521-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-5 vom 2025-05-23",
"url": "https://ubuntu.com/security/notices/USN-7516-5"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4178 vom 2025-05-26",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01707-1 vom 2025-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020902.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-6 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7516-6"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-3 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7517-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-6 vom 2025-05-27",
"url": "https://ubuntu.com/security/notices/USN-7510-6"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7539-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7539-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7521-3 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7521-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-7 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7510-7"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7540-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7540-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-7 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-7"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-8 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7510-8"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20343-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020965.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-9 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-9"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-8 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-8"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20344-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020964.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20354-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021016.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20355-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021015.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20283-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021049.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20260-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20270-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20192-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20206-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021137.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20190-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021154.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-236 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-236.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-237 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-237.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-238 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-238.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-235 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-235.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-234 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-234.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01919-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021477.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01951-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021509.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01964-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021531.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01965-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021535.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01967-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021533.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01972-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021537.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20408-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021550.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20413-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021547.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01983-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021538.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01982-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021539.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01995-1 vom 2025-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021572.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02000-1 vom 2025-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021568.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20419-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021591.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20421-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021590.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7593-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7593-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7602-1 vom 2025-06-26",
"url": "https://ubuntu.com/security/notices/USN-7602-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-237 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-237.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-234 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-234.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-238 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-238.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-236 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-236.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-235 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-235.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20406 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-20406.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02254-1 vom 2025-07-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021770.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02307-1 vom 2025-07-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021804.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02333-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021830.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7640-1 vom 2025-07-16",
"url": "https://ubuntu.com/security/notices/USN-7640-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7653-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7653-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7652-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7652-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7651-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-2 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7651-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-3 vom 2025-07-22",
"url": "https://ubuntu.com/security/notices/USN-7651-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-4 vom 2025-07-22",
"url": "https://ubuntu.com/security/notices/USN-7651-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-5 vom 2025-07-24",
"url": "https://ubuntu.com/security/notices/USN-7651-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-6 vom 2025-07-24",
"url": "https://ubuntu.com/security/notices/USN-7651-6"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5973 vom 2025-08-12",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00137.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7703-1 vom 2025-08-20",
"url": "https://ubuntu.com/security/notices/USN-7703-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7703-2 vom 2025-08-20",
"url": "https://ubuntu.com/security/notices/USN-7703-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7703-3 vom 2025-08-21",
"url": "https://ubuntu.com/security/notices/USN-7703-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7719-1 vom 2025-08-26",
"url": "https://ubuntu.com/security/notices/USN-7719-1"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-26T22:00:00.000+00:00",
"generator": {
"date": "2025-08-27T11:46:53.972+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0461",
"initial_release_date": "2025-02-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-31T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-05-06T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-07T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-05-19T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-05-21T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-05-22T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Debian, SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-11T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-16T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-19T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-23T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-26T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-07-14T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-17T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-22T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-24T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "37",
"summary": "Referenz(en) aufgenommen:"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-20T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-21T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-26T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "42"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.13.4",
"product": {
"name": "Open Source Linux Kernel \u003c6.13.4",
"product_id": "T041378"
}
},
{
"category": "product_version",
"name": "6.13.4",
"product": {
"name": "Open Source Linux Kernel 6.13.4",
"product_id": "T041378-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.13.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.12.16",
"product": {
"name": "Open Source Linux Kernel \u003c6.12.16",
"product_id": "T041379"
}
},
{
"category": "product_version",
"name": "6.12.16",
"product": {
"name": "Open Source Linux Kernel 6.12.16",
"product_id": "T041379-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.12.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.6.79",
"product": {
"name": "Open Source Linux Kernel \u003c6.6.79",
"product_id": "T041380"
}
},
{
"category": "product_version",
"name": "6.6.79",
"product": {
"name": "Open Source Linux Kernel 6.6.79",
"product_id": "T041380-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.6.79"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.1.129",
"product": {
"name": "Open Source Linux Kernel \u003c6.1.129",
"product_id": "T041381"
}
},
{
"category": "product_version",
"name": "6.1.129",
"product": {
"name": "Open Source Linux Kernel 6.1.129",
"product_id": "T041381-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.1.129"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.14-rc3",
"product": {
"name": "Open Source Linux Kernel \u003c6.14-rc3",
"product_id": "T041490"
}
},
{
"category": "product_version",
"name": "6.14-rc3",
"product": {
"name": "Open Source Linux Kernel 6.14-rc3",
"product_id": "T041490-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.14-rc3"
}
}
}
],
"category": "product_name",
"name": "Linux Kernel"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-58022",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2024-58022"
},
{
"cve": "CVE-2024-58034",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58042",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2024-58042"
},
{
"cve": "CVE-2025-21798",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21798"
},
{
"cve": "CVE-2025-21799",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21800",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21800"
},
{
"cve": "CVE-2025-21801",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21801"
},
{
"cve": "CVE-2025-21802",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21803",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21803"
},
{
"cve": "CVE-2025-21804",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21805",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21805"
},
{
"cve": "CVE-2025-21806",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21807",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21807"
},
{
"cve": "CVE-2025-21808",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21808"
},
{
"cve": "CVE-2025-21809",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21809"
},
{
"cve": "CVE-2025-21810",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21811",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21811"
},
{
"cve": "CVE-2025-21812",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21812"
},
{
"cve": "CVE-2025-21813",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21813"
},
{
"cve": "CVE-2025-21814",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21814"
},
{
"cve": "CVE-2025-21815",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21816",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21816"
},
{
"cve": "CVE-2025-21817",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21817"
},
{
"cve": "CVE-2025-21818",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21818"
},
{
"cve": "CVE-2025-21819",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21822",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21822"
},
{
"cve": "CVE-2025-21823",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21824",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21824"
}
]
}
CVE-2025-21814 (GCVE-0-2025-21814)
Vulnerability from cvelistv5
Published
2025-02-27 20:04
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ptp: Ensure info->enable callback is always set
The ioctl and sysfs handlers unconditionally call the ->enable callback.
Not all drivers implement that callback, leading to NULL dereferences.
Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.
Instead use a dummy callback if no better was specified by the driver.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: d94ba80ebbea17f036cecb104398fbcd788aa742 Version: d94ba80ebbea17f036cecb104398fbcd788aa742 Version: d94ba80ebbea17f036cecb104398fbcd788aa742 Version: d94ba80ebbea17f036cecb104398fbcd788aa742 Version: d94ba80ebbea17f036cecb104398fbcd788aa742 Version: d94ba80ebbea17f036cecb104398fbcd788aa742 Version: d94ba80ebbea17f036cecb104398fbcd788aa742 Version: d94ba80ebbea17f036cecb104398fbcd788aa742 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ptp/ptp_clock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fdc1e72487781dd7705bcbe30878bee7d5d1f3e8",
"status": "affected",
"version": "d94ba80ebbea17f036cecb104398fbcd788aa742",
"versionType": "git"
},
{
"lessThan": "9df3a9284f39bfd51a9f72a6a165c79e2aa5066b",
"status": "affected",
"version": "d94ba80ebbea17f036cecb104398fbcd788aa742",
"versionType": "git"
},
{
"lessThan": "1334c64a5d1de6666e0c9f984db6745083df1eb4",
"status": "affected",
"version": "d94ba80ebbea17f036cecb104398fbcd788aa742",
"versionType": "git"
},
{
"lessThan": "5d1041c76de656f9f8d5a192218039a9acf9bd00",
"status": "affected",
"version": "d94ba80ebbea17f036cecb104398fbcd788aa742",
"versionType": "git"
},
{
"lessThan": "81846070cba17125a866e8023c01d3465b153339",
"status": "affected",
"version": "d94ba80ebbea17f036cecb104398fbcd788aa742",
"versionType": "git"
},
{
"lessThan": "8441aea46445252df5d2eed6deb6d5246fc24002",
"status": "affected",
"version": "d94ba80ebbea17f036cecb104398fbcd788aa742",
"versionType": "git"
},
{
"lessThan": "755caf4ee1c615ee5717862e427124370f46b1f3",
"status": "affected",
"version": "d94ba80ebbea17f036cecb104398fbcd788aa742",
"versionType": "git"
},
{
"lessThan": "fd53aa40e65f518453115b6f56183b0c201db26b",
"status": "affected",
"version": "d94ba80ebbea17f036cecb104398fbcd788aa742",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ptp/ptp_clock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.78",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Ensure info-\u003eenable callback is always set\n\nThe ioctl and sysfs handlers unconditionally call the -\u003eenable callback.\nNot all drivers implement that callback, leading to NULL dereferences.\nExample of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.\n\nInstead use a dummy callback if no better was specified by the driver."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:45.201Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fdc1e72487781dd7705bcbe30878bee7d5d1f3e8"
},
{
"url": "https://git.kernel.org/stable/c/9df3a9284f39bfd51a9f72a6a165c79e2aa5066b"
},
{
"url": "https://git.kernel.org/stable/c/1334c64a5d1de6666e0c9f984db6745083df1eb4"
},
{
"url": "https://git.kernel.org/stable/c/5d1041c76de656f9f8d5a192218039a9acf9bd00"
},
{
"url": "https://git.kernel.org/stable/c/81846070cba17125a866e8023c01d3465b153339"
},
{
"url": "https://git.kernel.org/stable/c/8441aea46445252df5d2eed6deb6d5246fc24002"
},
{
"url": "https://git.kernel.org/stable/c/755caf4ee1c615ee5717862e427124370f46b1f3"
},
{
"url": "https://git.kernel.org/stable/c/fd53aa40e65f518453115b6f56183b0c201db26b"
}
],
"title": "ptp: Ensure info-\u003eenable callback is always set",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21814",
"datePublished": "2025-02-27T20:04:14.089Z",
"dateReserved": "2024-12-29T08:45:45.774Z",
"dateUpdated": "2025-05-04T07:21:45.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21811 (GCVE-0-2025-21811)
Vulnerability from cvelistv5
Published
2025-02-27 20:01
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: protect access to buffers with no active references
nilfs_lookup_dirty_data_buffers(), which iterates through the buffers
attached to dirty data folios/pages, accesses the attached buffers without
locking the folios/pages.
For data cache, nilfs_clear_folio_dirty() may be called asynchronously
when the file system degenerates to read only, so
nilfs_lookup_dirty_data_buffers() still has the potential to cause use
after free issues when buffers lose the protection of their dirty state
midway due to this asynchronous clearing and are unintentionally freed by
try_to_free_buffers().
Eliminate this race issue by adjusting the lock section in this function.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T18:01:20.629324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T18:07:17.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e1fc4a90a90ea8514246c45435662531975937d9",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "72cf688d0ce7e642b12ddc9b2a42524737ec1b4a",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "d8ff250e085a4c4cdda4ad1cdd234ed110393143",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "58c27fa7a610b6e8d44e6220e7dbddfbaccaf439",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "8e1b9201c9a24638cf09c6e1c9f224157328010b",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "4b08d23d7d1917bef4fbee8ad81372f49b006656",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "c437dfac9f7a5a46ac2a5e6d6acd3059e9f68188",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "367a9bffabe08c04f6d725032cce3d891b2b9e1a",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect access to buffers with no active references\n\nnilfs_lookup_dirty_data_buffers(), which iterates through the buffers\nattached to dirty data folios/pages, accesses the attached buffers without\nlocking the folios/pages.\n\nFor data cache, nilfs_clear_folio_dirty() may be called asynchronously\nwhen the file system degenerates to read only, so\nnilfs_lookup_dirty_data_buffers() still has the potential to cause use\nafter free issues when buffers lose the protection of their dirty state\nmidway due to this asynchronous clearing and are unintentionally freed by\ntry_to_free_buffers().\n\nEliminate this race issue by adjusting the lock section in this function."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:41.820Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e1fc4a90a90ea8514246c45435662531975937d9"
},
{
"url": "https://git.kernel.org/stable/c/72cf688d0ce7e642b12ddc9b2a42524737ec1b4a"
},
{
"url": "https://git.kernel.org/stable/c/d8ff250e085a4c4cdda4ad1cdd234ed110393143"
},
{
"url": "https://git.kernel.org/stable/c/58c27fa7a610b6e8d44e6220e7dbddfbaccaf439"
},
{
"url": "https://git.kernel.org/stable/c/8e1b9201c9a24638cf09c6e1c9f224157328010b"
},
{
"url": "https://git.kernel.org/stable/c/4b08d23d7d1917bef4fbee8ad81372f49b006656"
},
{
"url": "https://git.kernel.org/stable/c/c437dfac9f7a5a46ac2a5e6d6acd3059e9f68188"
},
{
"url": "https://git.kernel.org/stable/c/367a9bffabe08c04f6d725032cce3d891b2b9e1a"
}
],
"title": "nilfs2: protect access to buffers with no active references",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21811",
"datePublished": "2025-02-27T20:01:02.256Z",
"dateReserved": "2024-12-29T08:45:45.772Z",
"dateUpdated": "2025-05-04T07:21:41.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21824 (GCVE-0-2025-21824)
Vulnerability from cvelistv5
Published
2025-02-27 20:06
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpu: host1x: Fix a use of uninitialized mutex
commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra")
caused a use of uninitialized mutex leading to below warning when
CONFIG_DEBUG_MUTEXES and CONFIG_DEBUG_LOCK_ALLOC are enabled.
[ 41.662843] ------------[ cut here ]------------
[ 41.663012] DEBUG_LOCKS_WARN_ON(lock->magic != lock)
[ 41.663035] WARNING: CPU: 4 PID: 794 at kernel/locking/mutex.c:587 __mutex_lock+0x670/0x878
[ 41.663458] Modules linked in: rtw88_8822c(+) bluetooth(+) rtw88_pci rtw88_core mac80211 aquantia libarc4 crc_itu_t cfg80211 tegra194_cpufreq dwmac_tegra(+) arm_dsu_pmu stmmac_platform stmmac pcs_xpcs rfkill at24 host1x(+) tegra_bpmp_thermal ramoops reed_solomon fuse loop nfnetlink xfs mmc_block rpmb_core ucsi_ccg ina3221 crct10dif_ce xhci_tegra ghash_ce lm90 sha2_ce sha256_arm64 sha1_ce sdhci_tegra pwm_fan sdhci_pltfm sdhci gpio_keys rtc_tegra cqhci mmc_core phy_tegra_xusb i2c_tegra tegra186_gpc_dma i2c_tegra_bpmp spi_tegra114 dm_mirror dm_region_hash dm_log dm_mod
[ 41.665078] CPU: 4 UID: 0 PID: 794 Comm: (udev-worker) Not tainted 6.11.0-29.31_1538613708.el10.aarch64+debug #1
[ 41.665838] Hardware name: NVIDIA NVIDIA Jetson AGX Orin Developer Kit/Jetson, BIOS 36.3.0-gcid-35594366 02/26/2024
[ 41.672555] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 41.679636] pc : __mutex_lock+0x670/0x878
[ 41.683834] lr : __mutex_lock+0x670/0x878
[ 41.688035] sp : ffff800084b77090
[ 41.691446] x29: ffff800084b77160 x28: ffffdd4bebf7b000 x27: ffffdd4be96b1000
[ 41.698799] x26: 1fffe0002308361c x25: 1ffff0001096ee18 x24: 0000000000000000
[ 41.706149] x23: 0000000000000000 x22: 0000000000000002 x21: ffffdd4be6e3c7a0
[ 41.713500] x20: ffff800084b770f0 x19: ffff00011841b1e8 x18: 0000000000000000
[ 41.720675] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720
[ 41.728023] x14: 0000000000000000 x13: 0000000000000001 x12: ffff6001a96eaab3
[ 41.735375] x11: 1fffe001a96eaab2 x10: ffff6001a96eaab2 x9 : ffffdd4be4838bbc
[ 41.742723] x8 : 00009ffe5691554e x7 : ffff000d4b755593 x6 : 0000000000000001
[ 41.749985] x5 : ffff000d4b755590 x4 : 1fffe0001d88f001 x3 : dfff800000000000
[ 41.756988] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000ec478000
[ 41.764251] Call trace:
[ 41.766695] __mutex_lock+0x670/0x878
[ 41.770373] mutex_lock_nested+0x2c/0x40
[ 41.774134] host1x_intr_start+0x54/0xf8 [host1x]
[ 41.778863] host1x_runtime_resume+0x150/0x228 [host1x]
[ 41.783935] pm_generic_runtime_resume+0x84/0xc8
[ 41.788485] __rpm_callback+0xa0/0x478
[ 41.792422] rpm_callback+0x15c/0x1a8
[ 41.795922] rpm_resume+0x698/0xc08
[ 41.799597] __pm_runtime_resume+0xa8/0x140
[ 41.803621] host1x_probe+0x810/0xbc0 [host1x]
[ 41.807909] platform_probe+0xcc/0x1a8
[ 41.811845] really_probe+0x188/0x800
[ 41.815347] __driver_probe_device+0x164/0x360
[ 41.819810] driver_probe_device+0x64/0x1a8
[ 41.823834] __driver_attach+0x180/0x490
[ 41.827773] bus_for_each_dev+0x104/0x1a0
[ 41.831797] driver_attach+0x44/0x68
[ 41.835296] bus_add_driver+0x23c/0x4e8
[ 41.839235] driver_register+0x15c/0x3a8
[ 41.843170] __platform_register_drivers+0xa4/0x208
[ 41.848159] tegra_host1x_init+0x4c/0xff8 [host1x]
[ 41.853147] do_one_initcall+0xd4/0x380
[ 41.856997] do_init_module+0x1dc/0x698
[ 41.860758] load_module+0xc70/0x1300
[ 41.864435] __do_sys_init_module+0x1a8/0x1d0
[ 41.868721] __arm64_sys_init_module+0x74/0xb0
[ 41.873183] invoke_syscall.constprop.0+0xdc/0x1e8
[ 41.877997] do_el0_svc+0x154/0x1d0
[ 41.881671] el0_svc+0x54/0x140
[ 41.884820] el0t_64_sync_handler+0x120/0x130
[ 41.889285] el0t_64_sync+0x1a4/0x1a8
[ 41.892960] irq event stamp: 69737
[ 41.896370] hardirqs last enabled at (69737): [<ffffdd4be6d7768c>] _raw_spin_unlock_irqrestore+0x44/0xe8
[ 41.905739] hardirqs last disabled at (69736):
---truncated---
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/host1x/dev.c",
"drivers/gpu/host1x/intr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "396d8e5136b4476672bc15b83ba312486bb4bf76",
"status": "affected",
"version": "c8347f915e6779f6c861e7a041adf3559d51b363",
"versionType": "git"
},
{
"lessThan": "127e91638ddcd02b80de92fec2240609a9f90426",
"status": "affected",
"version": "c8347f915e6779f6c861e7a041adf3559d51b363",
"versionType": "git"
},
{
"lessThan": "02458fbfaa0170aabf8506f7d4ed054f02414251",
"status": "affected",
"version": "c8347f915e6779f6c861e7a041adf3559d51b363",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/host1x/dev.c",
"drivers/gpu/host1x/intr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.16",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.4",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: host1x: Fix a use of uninitialized mutex\n\ncommit c8347f915e67 (\"gpu: host1x: Fix boot regression for Tegra\")\ncaused a use of uninitialized mutex leading to below warning when\nCONFIG_DEBUG_MUTEXES and CONFIG_DEBUG_LOCK_ALLOC are enabled.\n\n[ 41.662843] ------------[ cut here ]------------\n[ 41.663012] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n[ 41.663035] WARNING: CPU: 4 PID: 794 at kernel/locking/mutex.c:587 __mutex_lock+0x670/0x878\n[ 41.663458] Modules linked in: rtw88_8822c(+) bluetooth(+) rtw88_pci rtw88_core mac80211 aquantia libarc4 crc_itu_t cfg80211 tegra194_cpufreq dwmac_tegra(+) arm_dsu_pmu stmmac_platform stmmac pcs_xpcs rfkill at24 host1x(+) tegra_bpmp_thermal ramoops reed_solomon fuse loop nfnetlink xfs mmc_block rpmb_core ucsi_ccg ina3221 crct10dif_ce xhci_tegra ghash_ce lm90 sha2_ce sha256_arm64 sha1_ce sdhci_tegra pwm_fan sdhci_pltfm sdhci gpio_keys rtc_tegra cqhci mmc_core phy_tegra_xusb i2c_tegra tegra186_gpc_dma i2c_tegra_bpmp spi_tegra114 dm_mirror dm_region_hash dm_log dm_mod\n[ 41.665078] CPU: 4 UID: 0 PID: 794 Comm: (udev-worker) Not tainted 6.11.0-29.31_1538613708.el10.aarch64+debug #1\n[ 41.665838] Hardware name: NVIDIA NVIDIA Jetson AGX Orin Developer Kit/Jetson, BIOS 36.3.0-gcid-35594366 02/26/2024\n[ 41.672555] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 41.679636] pc : __mutex_lock+0x670/0x878\n[ 41.683834] lr : __mutex_lock+0x670/0x878\n[ 41.688035] sp : ffff800084b77090\n[ 41.691446] x29: ffff800084b77160 x28: ffffdd4bebf7b000 x27: ffffdd4be96b1000\n[ 41.698799] x26: 1fffe0002308361c x25: 1ffff0001096ee18 x24: 0000000000000000\n[ 41.706149] x23: 0000000000000000 x22: 0000000000000002 x21: ffffdd4be6e3c7a0\n[ 41.713500] x20: ffff800084b770f0 x19: ffff00011841b1e8 x18: 0000000000000000\n[ 41.720675] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[ 41.728023] x14: 0000000000000000 x13: 0000000000000001 x12: ffff6001a96eaab3\n[ 41.735375] x11: 1fffe001a96eaab2 x10: ffff6001a96eaab2 x9 : ffffdd4be4838bbc\n[ 41.742723] x8 : 00009ffe5691554e x7 : ffff000d4b755593 x6 : 0000000000000001\n[ 41.749985] x5 : ffff000d4b755590 x4 : 1fffe0001d88f001 x3 : dfff800000000000\n[ 41.756988] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000ec478000\n[ 41.764251] Call trace:\n[ 41.766695] __mutex_lock+0x670/0x878\n[ 41.770373] mutex_lock_nested+0x2c/0x40\n[ 41.774134] host1x_intr_start+0x54/0xf8 [host1x]\n[ 41.778863] host1x_runtime_resume+0x150/0x228 [host1x]\n[ 41.783935] pm_generic_runtime_resume+0x84/0xc8\n[ 41.788485] __rpm_callback+0xa0/0x478\n[ 41.792422] rpm_callback+0x15c/0x1a8\n[ 41.795922] rpm_resume+0x698/0xc08\n[ 41.799597] __pm_runtime_resume+0xa8/0x140\n[ 41.803621] host1x_probe+0x810/0xbc0 [host1x]\n[ 41.807909] platform_probe+0xcc/0x1a8\n[ 41.811845] really_probe+0x188/0x800\n[ 41.815347] __driver_probe_device+0x164/0x360\n[ 41.819810] driver_probe_device+0x64/0x1a8\n[ 41.823834] __driver_attach+0x180/0x490\n[ 41.827773] bus_for_each_dev+0x104/0x1a0\n[ 41.831797] driver_attach+0x44/0x68\n[ 41.835296] bus_add_driver+0x23c/0x4e8\n[ 41.839235] driver_register+0x15c/0x3a8\n[ 41.843170] __platform_register_drivers+0xa4/0x208\n[ 41.848159] tegra_host1x_init+0x4c/0xff8 [host1x]\n[ 41.853147] do_one_initcall+0xd4/0x380\n[ 41.856997] do_init_module+0x1dc/0x698\n[ 41.860758] load_module+0xc70/0x1300\n[ 41.864435] __do_sys_init_module+0x1a8/0x1d0\n[ 41.868721] __arm64_sys_init_module+0x74/0xb0\n[ 41.873183] invoke_syscall.constprop.0+0xdc/0x1e8\n[ 41.877997] do_el0_svc+0x154/0x1d0\n[ 41.881671] el0_svc+0x54/0x140\n[ 41.884820] el0t_64_sync_handler+0x120/0x130\n[ 41.889285] el0t_64_sync+0x1a4/0x1a8\n[ 41.892960] irq event stamp: 69737\n[ 41.896370] hardirqs last enabled at (69737): [\u003cffffdd4be6d7768c\u003e] _raw_spin_unlock_irqrestore+0x44/0xe8\n[ 41.905739] hardirqs last disabled at (69736):\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:55.704Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/396d8e5136b4476672bc15b83ba312486bb4bf76"
},
{
"url": "https://git.kernel.org/stable/c/127e91638ddcd02b80de92fec2240609a9f90426"
},
{
"url": "https://git.kernel.org/stable/c/02458fbfaa0170aabf8506f7d4ed054f02414251"
}
],
"title": "gpu: host1x: Fix a use of uninitialized mutex",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21824",
"datePublished": "2025-02-27T20:06:14.720Z",
"dateReserved": "2024-12-29T08:45:45.775Z",
"dateUpdated": "2025-05-04T07:21:55.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21812 (GCVE-0-2025-21812)
Vulnerability from cvelistv5
Published
2025-02-27 20:01
Modified
2025-05-04 13:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ax25: rcu protect dev->ax25_ptr
syzbot found a lockdep issue [1].
We should remove ax25 RTNL dependency in ax25_setsockopt()
This should also fix a variety of possible UAF in ax25.
[1]
WARNING: possible circular locking dependency detected
6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted
------------------------------------------------------
syz.5.1818/12806 is trying to acquire lock:
ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680
but task is already holding lock:
ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]
ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (sk_lock-AF_AX25){+.+.}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
lock_sock_nested+0x48/0x100 net/core/sock.c:3642
lock_sock include/net/sock.h:1618 [inline]
ax25_kill_by_device net/ax25/af_ax25.c:101 [inline]
ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146
notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85
__dev_notify_flags+0x207/0x400
dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026
dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563
dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820
sock_do_ioctl+0x240/0x460 net/socket.c:1234
sock_ioctl+0x626/0x8e0 net/socket.c:1339
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680
do_sock_setsockopt+0x3af/0x720 net/socket.c:2324
__sys_setsockopt net/socket.c:2349 [inline]
__do_sys_setsockopt net/socket.c:2355 [inline]
__se_sys_setsockopt net/socket.c:2352 [inline]
__x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sk_lock-AF_AX25);
lock(rtnl_mutex);
lock(sk_lock-AF_AX25);
lock(rtnl_mutex);
*** DEADLOCK ***
1 lock held by syz.5.1818/12806:
#0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]
#0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574
stack backtrace:
CPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/lockin
---truncated---
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: c433570458e49bccea5c551df628d058b3526289 Version: c433570458e49bccea5c551df628d058b3526289 Version: c433570458e49bccea5c551df628d058b3526289 Version: c433570458e49bccea5c551df628d058b3526289 Version: c433570458e49bccea5c551df628d058b3526289 Version: 7f93d703e276311dd289c9a520ce9e8c8fa2858c Version: c0e93a6d36135d5082cb3af8352f5b69c9f58d6e Version: c39b8fd4997bf99503b8e48d8cb0eedb1d9a54f0 Version: 26a5adc8eb26d170058645c3cccd4d19165bec16 Version: 3e881d8764ed9b04ae3e5c3e5d132acb75ef91ba Version: 77768c96dcf860c43b970b87b2a09229f84ea560 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T18:00:00.916644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T18:07:17.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/netdevice.h",
"include/net/ax25.h",
"net/ax25/af_ax25.c",
"net/ax25/ax25_dev.c",
"net/ax25/ax25_ip.c",
"net/ax25/ax25_out.c",
"net/ax25/ax25_route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2802ed4ced27ebd474828fc67ffd7d66f11e3605",
"status": "affected",
"version": "c433570458e49bccea5c551df628d058b3526289",
"versionType": "git"
},
{
"lessThan": "7705d8a7f2c26c80973c81093db07c6022b2b30e",
"status": "affected",
"version": "c433570458e49bccea5c551df628d058b3526289",
"versionType": "git"
},
{
"lessThan": "8937f5e38a218531dce2a89fae60e3adcc2311e1",
"status": "affected",
"version": "c433570458e49bccea5c551df628d058b3526289",
"versionType": "git"
},
{
"lessThan": "c2531db6de3c95551be58878f859c6a053b7eb2e",
"status": "affected",
"version": "c433570458e49bccea5c551df628d058b3526289",
"versionType": "git"
},
{
"lessThan": "95fc45d1dea8e1253f8ec58abc5befb71553d666",
"status": "affected",
"version": "c433570458e49bccea5c551df628d058b3526289",
"versionType": "git"
},
{
"status": "affected",
"version": "7f93d703e276311dd289c9a520ce9e8c8fa2858c",
"versionType": "git"
},
{
"status": "affected",
"version": "c0e93a6d36135d5082cb3af8352f5b69c9f58d6e",
"versionType": "git"
},
{
"status": "affected",
"version": "c39b8fd4997bf99503b8e48d8cb0eedb1d9a54f0",
"versionType": "git"
},
{
"status": "affected",
"version": "26a5adc8eb26d170058645c3cccd4d19165bec16",
"versionType": "git"
},
{
"status": "affected",
"version": "3e881d8764ed9b04ae3e5c3e5d132acb75ef91ba",
"versionType": "git"
},
{
"status": "affected",
"version": "77768c96dcf860c43b970b87b2a09229f84ea560",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/netdevice.h",
"include/net/ax25.h",
"net/ax25/af_ax25.c",
"net/ax25/ax25_dev.c",
"net/ax25/ax25_ip.c",
"net/ax25/ax25_out.c",
"net/ax25/ax25_route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: rcu protect dev-\u003eax25_ptr\n\nsyzbot found a lockdep issue [1].\n\nWe should remove ax25 RTNL dependency in ax25_setsockopt()\n\nThis should also fix a variety of possible UAF in ax25.\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted\n------------------------------------------------------\nsyz.5.1818/12806 is trying to acquire lock:\n ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n\nbut task is already holding lock:\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (sk_lock-AF_AX25){+.+.}-{0:0}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n lock_sock_nested+0x48/0x100 net/core/sock.c:3642\n lock_sock include/net/sock.h:1618 [inline]\n ax25_kill_by_device net/ax25/af_ax25.c:101 [inline]\n ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146\n notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85\n __dev_notify_flags+0x207/0x400\n dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026\n dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563\n dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820\n sock_do_ioctl+0x240/0x460 net/socket.c:1234\n sock_ioctl+0x626/0x8e0 net/socket.c:1339\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (rtnl_mutex){+.+.}-{4:4}:\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/locking/lockdep.c:3280 [inline]\n validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904\n __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735\n ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2324\n __sys_setsockopt net/socket.c:2349 [inline]\n __do_sys_setsockopt net/socket.c:2355 [inline]\n __se_sys_setsockopt net/socket.c:2352 [inline]\n __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n\n *** DEADLOCK ***\n\n1 lock held by syz.5.1818/12806:\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074\n check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/lockin\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T13:06:36.402Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2802ed4ced27ebd474828fc67ffd7d66f11e3605"
},
{
"url": "https://git.kernel.org/stable/c/7705d8a7f2c26c80973c81093db07c6022b2b30e"
},
{
"url": "https://git.kernel.org/stable/c/8937f5e38a218531dce2a89fae60e3adcc2311e1"
},
{
"url": "https://git.kernel.org/stable/c/c2531db6de3c95551be58878f859c6a053b7eb2e"
},
{
"url": "https://git.kernel.org/stable/c/95fc45d1dea8e1253f8ec58abc5befb71553d666"
}
],
"title": "ax25: rcu protect dev-\u003eax25_ptr",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21812",
"datePublished": "2025-02-27T20:01:02.837Z",
"dateReserved": "2024-12-29T08:45:45.774Z",
"dateUpdated": "2025-05-04T13:06:36.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21804 (GCVE-0-2025-21804)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
The rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()
macro to request a needed resource. A string variable that lives on the
stack is then used to store a dynamically computed resource name, which
is then passed on as one of the macro arguments. This can lead to
undefined behavior.
Depending on the current contents of the memory, the manifestations of
errors may vary. One possible output may be as follows:
$ cat /proc/iomem
30000000-37ffffff :
38000000-3fffffff :
Sometimes, garbage may appear after the colon.
In very rare cases, if no NULL-terminator is found in memory, the system
might crash because the string iterator will overrun which can lead to
access of unmapped memory above the stack.
Thus, fix this by replacing outbound_name with the name of the previously
requested resource. With the changes applied, the output will be as
follows:
$ cat /proc/iomem
30000000-37ffffff : memory2
38000000-3fffffff : memory3
[kwilczynski: commit log]
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 2a6d0d63d99956a66f6605832f11755d74a41951 Version: 2a6d0d63d99956a66f6605832f11755d74a41951 Version: 2a6d0d63d99956a66f6605832f11755d74a41951 Version: 2a6d0d63d99956a66f6605832f11755d74a41951 Version: 2a6d0d63d99956a66f6605832f11755d74a41951 Version: 2a6d0d63d99956a66f6605832f11755d74a41951 Version: 2a6d0d63d99956a66f6605832f11755d74a41951 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/pcie-rcar-ep.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7a47e14c5fb0b6dba7073be7b0119fb8fe864e01",
"status": "affected",
"version": "2a6d0d63d99956a66f6605832f11755d74a41951",
"versionType": "git"
},
{
"lessThan": "6987e021b64cbb49981d140bb72d9d1466f191c4",
"status": "affected",
"version": "2a6d0d63d99956a66f6605832f11755d74a41951",
"versionType": "git"
},
{
"lessThan": "24576899c49509c0d533bcf569139f691d8f7af7",
"status": "affected",
"version": "2a6d0d63d99956a66f6605832f11755d74a41951",
"versionType": "git"
},
{
"lessThan": "2c54b9fca1755e80a343ccfde0652dc5ea4744b2",
"status": "affected",
"version": "2a6d0d63d99956a66f6605832f11755d74a41951",
"versionType": "git"
},
{
"lessThan": "9ff46b0bfeb6e0724a4ace015aa7a0b887cdb7c1",
"status": "affected",
"version": "2a6d0d63d99956a66f6605832f11755d74a41951",
"versionType": "git"
},
{
"lessThan": "44708208c2a4b828a57a2abe7799c9d3962e7eaa",
"status": "affected",
"version": "2a6d0d63d99956a66f6605832f11755d74a41951",
"versionType": "git"
},
{
"lessThan": "2d2da5a4c1b4509f6f7e5a8db015cd420144beb4",
"status": "affected",
"version": "2a6d0d63d99956a66f6605832f11755d74a41951",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/pcie-rcar-ep.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:34.136Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7a47e14c5fb0b6dba7073be7b0119fb8fe864e01"
},
{
"url": "https://git.kernel.org/stable/c/6987e021b64cbb49981d140bb72d9d1466f191c4"
},
{
"url": "https://git.kernel.org/stable/c/24576899c49509c0d533bcf569139f691d8f7af7"
},
{
"url": "https://git.kernel.org/stable/c/2c54b9fca1755e80a343ccfde0652dc5ea4744b2"
},
{
"url": "https://git.kernel.org/stable/c/9ff46b0bfeb6e0724a4ace015aa7a0b887cdb7c1"
},
{
"url": "https://git.kernel.org/stable/c/44708208c2a4b828a57a2abe7799c9d3962e7eaa"
},
{
"url": "https://git.kernel.org/stable/c/2d2da5a4c1b4509f6f7e5a8db015cd420144beb4"
}
],
"title": "PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21804",
"datePublished": "2025-02-27T20:00:57.639Z",
"dateReserved": "2024-12-29T08:45:45.771Z",
"dateUpdated": "2025-05-04T07:21:34.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21809 (GCVE-0-2025-21809)
Vulnerability from cvelistv5
Published
2025-02-27 20:01
Modified
2025-05-04 13:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rxrpc, afs: Fix peer hash locking vs RCU callback
In its address list, afs now retains pointers to and refs on one or more
rxrpc_peer objects. The address list is freed under RCU and at this time,
it puts the refs on those peers.
Now, when an rxrpc_peer object runs out of refs, it gets removed from the
peer hash table and, for that, rxrpc has to take a spinlock. However, it
is now being called from afs's RCU cleanup, which takes place in BH
context - but it is just taking an ordinary spinlock.
The put may also be called from non-BH context, and so there exists the
possibility of deadlock if the BH-based RCU cleanup happens whilst the hash
spinlock is held. This led to the attached lockdep complaint.
Fix this by changing spinlocks of rxnet->peer_hash_lock back to
BH-disabling locks.
================================
WARNING: inconsistent lock state
6.13.0-rc5-build2+ #1223 Tainted: G E
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff88810babe228 (&rxnet->peer_hash_lock){+.?.}-{3:3}, at: rxrpc_put_peer+0xcb/0x180
{SOFTIRQ-ON-W} state was registered at:
mark_usage+0x164/0x180
__lock_acquire+0x544/0x990
lock_acquire.part.0+0x103/0x280
_raw_spin_lock+0x2f/0x40
rxrpc_peer_keepalive_worker+0x144/0x440
process_one_work+0x486/0x7c0
process_scheduled_works+0x73/0x90
worker_thread+0x1c8/0x2a0
kthread+0x19b/0x1b0
ret_from_fork+0x24/0x40
ret_from_fork_asm+0x1a/0x30
irq event stamp: 972402
hardirqs last enabled at (972402): [<ffffffff8244360e>] _raw_spin_unlock_irqrestore+0x2e/0x50
hardirqs last disabled at (972401): [<ffffffff82443328>] _raw_spin_lock_irqsave+0x18/0x60
softirqs last enabled at (972300): [<ffffffff810ffbbe>] handle_softirqs+0x3ee/0x430
softirqs last disabled at (972313): [<ffffffff810ffc54>] __irq_exit_rcu+0x44/0x110
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&rxnet->peer_hash_lock);
<Interrupt>
lock(&rxnet->peer_hash_lock);
*** DEADLOCK ***
1 lock held by swapper/1/0:
#0: ffffffff83576be0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire+0x7/0x30
stack backtrace:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G E 6.13.0-rc5-build2+ #1223
Tainted: [E]=UNSIGNED_MODULE
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
Call Trace:
<IRQ>
dump_stack_lvl+0x57/0x80
print_usage_bug.part.0+0x227/0x240
valid_state+0x53/0x70
mark_lock_irq+0xa5/0x2f0
mark_lock+0xf7/0x170
mark_usage+0xe1/0x180
__lock_acquire+0x544/0x990
lock_acquire.part.0+0x103/0x280
_raw_spin_lock+0x2f/0x40
rxrpc_put_peer+0xcb/0x180
afs_free_addrlist+0x46/0x90 [kafs]
rcu_do_batch+0x2d2/0x640
rcu_core+0x2f7/0x350
handle_softirqs+0x1ee/0x430
__irq_exit_rcu+0x44/0x110
irq_exit_rcu+0xa/0x30
sysvec_apic_timer_interrupt+0x7f/0xa0
</IRQ>
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rxrpc/peer_event.c",
"net/rxrpc/peer_object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10ba5a3d57af20e494e0d979d1894260989235dd",
"status": "affected",
"version": "72904d7b9bfbf2dd146254edea93958bc35bbbfe",
"versionType": "git"
},
{
"lessThan": "0e77dd41689637ac4e1b8fe0f27541f373640855",
"status": "affected",
"version": "72904d7b9bfbf2dd146254edea93958bc35bbbfe",
"versionType": "git"
},
{
"lessThan": "79d458c13056559d49b5e41fbc4b6890e68cf65b",
"status": "affected",
"version": "72904d7b9bfbf2dd146254edea93958bc35bbbfe",
"versionType": "git"
},
{
"status": "affected",
"version": "056fc740be000d39a7dba700a935f3bbfbc664e6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rxrpc/peer_event.c",
"net/rxrpc/peer_object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc, afs: Fix peer hash locking vs RCU callback\n\nIn its address list, afs now retains pointers to and refs on one or more\nrxrpc_peer objects. The address list is freed under RCU and at this time,\nit puts the refs on those peers.\n\nNow, when an rxrpc_peer object runs out of refs, it gets removed from the\npeer hash table and, for that, rxrpc has to take a spinlock. However, it\nis now being called from afs\u0027s RCU cleanup, which takes place in BH\ncontext - but it is just taking an ordinary spinlock.\n\nThe put may also be called from non-BH context, and so there exists the\npossibility of deadlock if the BH-based RCU cleanup happens whilst the hash\nspinlock is held. This led to the attached lockdep complaint.\n\nFix this by changing spinlocks of rxnet-\u003epeer_hash_lock back to\nBH-disabling locks.\n\n ================================\n WARNING: inconsistent lock state\n 6.13.0-rc5-build2+ #1223 Tainted: G E\n --------------------------------\n inconsistent {SOFTIRQ-ON-W} -\u003e {IN-SOFTIRQ-W} usage.\n swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes:\n ffff88810babe228 (\u0026rxnet-\u003epeer_hash_lock){+.?.}-{3:3}, at: rxrpc_put_peer+0xcb/0x180\n {SOFTIRQ-ON-W} state was registered at:\n mark_usage+0x164/0x180\n __lock_acquire+0x544/0x990\n lock_acquire.part.0+0x103/0x280\n _raw_spin_lock+0x2f/0x40\n rxrpc_peer_keepalive_worker+0x144/0x440\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x19b/0x1b0\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n irq event stamp: 972402\n hardirqs last enabled at (972402): [\u003cffffffff8244360e\u003e] _raw_spin_unlock_irqrestore+0x2e/0x50\n hardirqs last disabled at (972401): [\u003cffffffff82443328\u003e] _raw_spin_lock_irqsave+0x18/0x60\n softirqs last enabled at (972300): [\u003cffffffff810ffbbe\u003e] handle_softirqs+0x3ee/0x430\n softirqs last disabled at (972313): [\u003cffffffff810ffc54\u003e] __irq_exit_rcu+0x44/0x110\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n CPU0\n ----\n lock(\u0026rxnet-\u003epeer_hash_lock);\n \u003cInterrupt\u003e\n lock(\u0026rxnet-\u003epeer_hash_lock);\n\n *** DEADLOCK ***\n 1 lock held by swapper/1/0:\n #0: ffffffff83576be0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire+0x7/0x30\n\n stack backtrace:\n CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G E 6.13.0-rc5-build2+ #1223\n Tainted: [E]=UNSIGNED_MODULE\n Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x57/0x80\n print_usage_bug.part.0+0x227/0x240\n valid_state+0x53/0x70\n mark_lock_irq+0xa5/0x2f0\n mark_lock+0xf7/0x170\n mark_usage+0xe1/0x180\n __lock_acquire+0x544/0x990\n lock_acquire.part.0+0x103/0x280\n _raw_spin_lock+0x2f/0x40\n rxrpc_put_peer+0xcb/0x180\n afs_free_addrlist+0x46/0x90 [kafs]\n rcu_do_batch+0x2d2/0x640\n rcu_core+0x2f7/0x350\n handle_softirqs+0x1ee/0x430\n __irq_exit_rcu+0x44/0x110\n irq_exit_rcu+0xa/0x30\n sysvec_apic_timer_interrupt+0x7f/0xa0\n \u003c/IRQ\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T13:06:34.795Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10ba5a3d57af20e494e0d979d1894260989235dd"
},
{
"url": "https://git.kernel.org/stable/c/0e77dd41689637ac4e1b8fe0f27541f373640855"
},
{
"url": "https://git.kernel.org/stable/c/79d458c13056559d49b5e41fbc4b6890e68cf65b"
}
],
"title": "rxrpc, afs: Fix peer hash locking vs RCU callback",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21809",
"datePublished": "2025-02-27T20:01:00.969Z",
"dateReserved": "2024-12-29T08:45:45.772Z",
"dateUpdated": "2025-05-04T13:06:34.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21801 (GCVE-0-2025-21801)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ravb: Fix missing rtnl lock in suspend/resume path
Fix the suspend/resume path by ensuring the rtnl lock is held where
required. Calls to ravb_open, ravb_close and wol operations must be
performed under the rtnl lock to prevent conflicts with ongoing ndo
operations.
Without this fix, the following warning is triggered:
[ 39.032969] =============================
[ 39.032983] WARNING: suspicious RCU usage
[ 39.033019] -----------------------------
[ 39.033033] drivers/net/phy/phy_device.c:2004 suspicious
rcu_dereference_protected() usage!
...
[ 39.033597] stack backtrace:
[ 39.033613] CPU: 0 UID: 0 PID: 174 Comm: python3 Not tainted
6.13.0-rc7-next-20250116-arm64-renesas-00002-g35245dfdc62c #7
[ 39.033623] Hardware name: Renesas SMARC EVK version 2 based on
r9a08g045s33 (DT)
[ 39.033628] Call trace:
[ 39.033633] show_stack+0x14/0x1c (C)
[ 39.033652] dump_stack_lvl+0xb4/0xc4
[ 39.033664] dump_stack+0x14/0x1c
[ 39.033671] lockdep_rcu_suspicious+0x16c/0x22c
[ 39.033682] phy_detach+0x160/0x190
[ 39.033694] phy_disconnect+0x40/0x54
[ 39.033703] ravb_close+0x6c/0x1cc
[ 39.033714] ravb_suspend+0x48/0x120
[ 39.033721] dpm_run_callback+0x4c/0x14c
[ 39.033731] device_suspend+0x11c/0x4dc
[ 39.033740] dpm_suspend+0xdc/0x214
[ 39.033748] dpm_suspend_start+0x48/0x60
[ 39.033758] suspend_devices_and_enter+0x124/0x574
[ 39.033769] pm_suspend+0x1ac/0x274
[ 39.033778] state_store+0x88/0x124
[ 39.033788] kobj_attr_store+0x14/0x24
[ 39.033798] sysfs_kf_write+0x48/0x6c
[ 39.033808] kernfs_fop_write_iter+0x118/0x1a8
[ 39.033817] vfs_write+0x27c/0x378
[ 39.033825] ksys_write+0x64/0xf4
[ 39.033833] __arm64_sys_write+0x18/0x20
[ 39.033841] invoke_syscall+0x44/0x104
[ 39.033852] el0_svc_common.constprop.0+0xb4/0xd4
[ 39.033862] do_el0_svc+0x18/0x20
[ 39.033870] el0_svc+0x3c/0xf0
[ 39.033880] el0t_64_sync_handler+0xc0/0xc4
[ 39.033888] el0t_64_sync+0x154/0x158
[ 39.041274] ravb 11c30000.ethernet eth0: Link is Down
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/renesas/ravb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0296981941cf291edfbc318d3255a93439f368e4",
"status": "affected",
"version": "0184165b2f42c4b032da9dd11546bfbaeb5afd4e",
"versionType": "git"
},
{
"lessThan": "ad19522c007bb24ed874468f8baa1503c4662cf4",
"status": "affected",
"version": "0184165b2f42c4b032da9dd11546bfbaeb5afd4e",
"versionType": "git"
},
{
"lessThan": "2c2ebb2b49573e5f8726112ad06b1dffc3c9ea03",
"status": "affected",
"version": "0184165b2f42c4b032da9dd11546bfbaeb5afd4e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/renesas/ravb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ravb: Fix missing rtnl lock in suspend/resume path\n\nFix the suspend/resume path by ensuring the rtnl lock is held where\nrequired. Calls to ravb_open, ravb_close and wol operations must be\nperformed under the rtnl lock to prevent conflicts with ongoing ndo\noperations.\n\nWithout this fix, the following warning is triggered:\n[ 39.032969] =============================\n[ 39.032983] WARNING: suspicious RCU usage\n[ 39.033019] -----------------------------\n[ 39.033033] drivers/net/phy/phy_device.c:2004 suspicious\nrcu_dereference_protected() usage!\n...\n[ 39.033597] stack backtrace:\n[ 39.033613] CPU: 0 UID: 0 PID: 174 Comm: python3 Not tainted\n6.13.0-rc7-next-20250116-arm64-renesas-00002-g35245dfdc62c #7\n[ 39.033623] Hardware name: Renesas SMARC EVK version 2 based on\nr9a08g045s33 (DT)\n[ 39.033628] Call trace:\n[ 39.033633] show_stack+0x14/0x1c (C)\n[ 39.033652] dump_stack_lvl+0xb4/0xc4\n[ 39.033664] dump_stack+0x14/0x1c\n[ 39.033671] lockdep_rcu_suspicious+0x16c/0x22c\n[ 39.033682] phy_detach+0x160/0x190\n[ 39.033694] phy_disconnect+0x40/0x54\n[ 39.033703] ravb_close+0x6c/0x1cc\n[ 39.033714] ravb_suspend+0x48/0x120\n[ 39.033721] dpm_run_callback+0x4c/0x14c\n[ 39.033731] device_suspend+0x11c/0x4dc\n[ 39.033740] dpm_suspend+0xdc/0x214\n[ 39.033748] dpm_suspend_start+0x48/0x60\n[ 39.033758] suspend_devices_and_enter+0x124/0x574\n[ 39.033769] pm_suspend+0x1ac/0x274\n[ 39.033778] state_store+0x88/0x124\n[ 39.033788] kobj_attr_store+0x14/0x24\n[ 39.033798] sysfs_kf_write+0x48/0x6c\n[ 39.033808] kernfs_fop_write_iter+0x118/0x1a8\n[ 39.033817] vfs_write+0x27c/0x378\n[ 39.033825] ksys_write+0x64/0xf4\n[ 39.033833] __arm64_sys_write+0x18/0x20\n[ 39.033841] invoke_syscall+0x44/0x104\n[ 39.033852] el0_svc_common.constprop.0+0xb4/0xd4\n[ 39.033862] do_el0_svc+0x18/0x20\n[ 39.033870] el0_svc+0x3c/0xf0\n[ 39.033880] el0t_64_sync_handler+0xc0/0xc4\n[ 39.033888] el0t_64_sync+0x154/0x158\n[ 39.041274] ravb 11c30000.ethernet eth0: Link is Down"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:30.922Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0296981941cf291edfbc318d3255a93439f368e4"
},
{
"url": "https://git.kernel.org/stable/c/ad19522c007bb24ed874468f8baa1503c4662cf4"
},
{
"url": "https://git.kernel.org/stable/c/2c2ebb2b49573e5f8726112ad06b1dffc3c9ea03"
}
],
"title": "net: ravb: Fix missing rtnl lock in suspend/resume path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21801",
"datePublished": "2025-02-27T20:00:55.572Z",
"dateReserved": "2024-12-29T08:45:45.770Z",
"dateUpdated": "2025-05-04T07:21:30.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21823 (GCVE-0-2025-21823)
Vulnerability from cvelistv5
Published
2025-02-27 20:06
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: Drop unmanaged ELP metric worker
The ELP worker needs to calculate new metric values for all neighbors
"reachable" over an interface. Some of the used metric sources require
locks which might need to sleep. This sleep is incompatible with the RCU
list iterator used for the recorded neighbors. The initial approach to work
around of this problem was to queue another work item per neighbor and then
run this in a new context.
Even when this solved the RCU vs might_sleep() conflict, it has a major
problems: Nothing was stopping the work item in case it is not needed
anymore - for example because one of the related interfaces was removed or
the batman-adv module was unloaded - resulting in potential invalid memory
accesses.
Directly canceling the metric worker also has various problems:
* cancel_work_sync for a to-be-deactivated interface is called with
rtnl_lock held. But the code in the ELP metric worker also tries to use
rtnl_lock() - which will never return in this case. This also means that
cancel_work_sync would never return because it is waiting for the worker
to finish.
* iterating over the neighbor list for the to-be-deactivated interface is
currently done using the RCU specific methods. Which means that it is
possible to miss items when iterating over it without the associated
spinlock - a behaviour which is acceptable for a periodic metric check
but not for a cleanup routine (which must "stop" all still running
workers)
The better approch is to get rid of the per interface neighbor metric
worker and handle everything in the interface worker. The original problems
are solved by:
* creating a list of neighbors which require new metric information inside
the RCU protected context, gathering the metric according to the new list
outside the RCU protected context
* only use rcu_trylock inside metric gathering code to avoid a deadlock
when the cancel_delayed_work_sync is called in the interface removal code
(which is called with the rtnl_lock held)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: c833484e5f3872a38fe232c663586069d5ad9645 Version: c833484e5f3872a38fe232c663586069d5ad9645 Version: c833484e5f3872a38fe232c663586069d5ad9645 Version: c833484e5f3872a38fe232c663586069d5ad9645 Version: c833484e5f3872a38fe232c663586069d5ad9645 Version: c833484e5f3872a38fe232c663586069d5ad9645 Version: c833484e5f3872a38fe232c663586069d5ad9645 Version: c833484e5f3872a38fe232c663586069d5ad9645 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/batman-adv/bat_v.c",
"net/batman-adv/bat_v_elp.c",
"net/batman-adv/bat_v_elp.h",
"net/batman-adv/types.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c334629176c2d644befc31a20d4bf75542f7631",
"status": "affected",
"version": "c833484e5f3872a38fe232c663586069d5ad9645",
"versionType": "git"
},
{
"lessThan": "a0019971f340ae02ba54cf1861f72da7e03e6b66",
"status": "affected",
"version": "c833484e5f3872a38fe232c663586069d5ad9645",
"versionType": "git"
},
{
"lessThan": "3c0e0aecb78cb2a2ca1dc701982d08fedb088dc6",
"status": "affected",
"version": "c833484e5f3872a38fe232c663586069d5ad9645",
"versionType": "git"
},
{
"lessThan": "781a06fd265a8151f7601122d9c2e985663828ff",
"status": "affected",
"version": "c833484e5f3872a38fe232c663586069d5ad9645",
"versionType": "git"
},
{
"lessThan": "a7aa2317285806640c844acd4cd2cd768e395264",
"status": "affected",
"version": "c833484e5f3872a38fe232c663586069d5ad9645",
"versionType": "git"
},
{
"lessThan": "0fdc3c166ac17b26014313fa2b93696354511b24",
"status": "affected",
"version": "c833484e5f3872a38fe232c663586069d5ad9645",
"versionType": "git"
},
{
"lessThan": "af264c2a9adc37f4bdf88ca7f3affa15d8c7de9e",
"status": "affected",
"version": "c833484e5f3872a38fe232c663586069d5ad9645",
"versionType": "git"
},
{
"lessThan": "8c8ecc98f5c65947b0070a24bac11e12e47cc65d",
"status": "affected",
"version": "c833484e5f3872a38fe232c663586069d5ad9645",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/batman-adv/bat_v.c",
"net/batman-adv/bat_v_elp.c",
"net/batman-adv/bat_v_elp.h",
"net/batman-adv/types.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.79",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.16",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.4",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:54.473Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c334629176c2d644befc31a20d4bf75542f7631"
},
{
"url": "https://git.kernel.org/stable/c/a0019971f340ae02ba54cf1861f72da7e03e6b66"
},
{
"url": "https://git.kernel.org/stable/c/3c0e0aecb78cb2a2ca1dc701982d08fedb088dc6"
},
{
"url": "https://git.kernel.org/stable/c/781a06fd265a8151f7601122d9c2e985663828ff"
},
{
"url": "https://git.kernel.org/stable/c/a7aa2317285806640c844acd4cd2cd768e395264"
},
{
"url": "https://git.kernel.org/stable/c/0fdc3c166ac17b26014313fa2b93696354511b24"
},
{
"url": "https://git.kernel.org/stable/c/af264c2a9adc37f4bdf88ca7f3affa15d8c7de9e"
},
{
"url": "https://git.kernel.org/stable/c/8c8ecc98f5c65947b0070a24bac11e12e47cc65d"
}
],
"title": "batman-adv: Drop unmanaged ELP metric worker",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21823",
"datePublished": "2025-02-27T20:06:14.074Z",
"dateReserved": "2024-12-29T08:45:45.775Z",
"dateUpdated": "2025-05-04T07:21:54.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21820 (GCVE-0-2025-21820)
Vulnerability from cvelistv5
Published
2025-02-27 20:04
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: xilinx_uartps: split sysrq handling
lockdep detects the following circular locking dependency:
CPU 0 CPU 1
========================== ============================
cdns_uart_isr() printk()
uart_port_lock(port) console_lock()
cdns_uart_console_write()
if (!port->sysrq)
uart_port_lock(port)
uart_handle_break()
port->sysrq = ...
uart_handle_sysrq_char()
printk()
console_lock()
The fixed commit attempts to avoid this situation by only taking the
port lock in cdns_uart_console_write if port->sysrq unset. However, if
(as shown above) cdns_uart_console_write runs before port->sysrq is set,
then it will try to take the port lock anyway. This may result in a
deadlock.
Fix this by splitting sysrq handling into two parts. We use the prepare
helper under the port lock and defer handling until we release the lock.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 74ea66d4ca061a3cd4c0e924e51b60e924644852 Version: 74ea66d4ca061a3cd4c0e924e51b60e924644852 Version: 74ea66d4ca061a3cd4c0e924e51b60e924644852 Version: 74ea66d4ca061a3cd4c0e924e51b60e924644852 Version: 74ea66d4ca061a3cd4c0e924e51b60e924644852 Version: 74ea66d4ca061a3cd4c0e924e51b60e924644852 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/xilinx_uartps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e22a97700901ba5e8bf8db68056a0d50f9440cae",
"status": "affected",
"version": "74ea66d4ca061a3cd4c0e924e51b60e924644852",
"versionType": "git"
},
{
"lessThan": "de5bd24197bd9ee37ec1e379a3d882bbd15c5065",
"status": "affected",
"version": "74ea66d4ca061a3cd4c0e924e51b60e924644852",
"versionType": "git"
},
{
"lessThan": "8ea0e7b3d7b8f2f0fc9db491ff22a0abe120801c",
"status": "affected",
"version": "74ea66d4ca061a3cd4c0e924e51b60e924644852",
"versionType": "git"
},
{
"lessThan": "9b88a7c4584ba67267a051069b8abe44fc9595b2",
"status": "affected",
"version": "74ea66d4ca061a3cd4c0e924e51b60e924644852",
"versionType": "git"
},
{
"lessThan": "4410dba9807a17a93f649a9f5870ceaf30a675a3",
"status": "affected",
"version": "74ea66d4ca061a3cd4c0e924e51b60e924644852",
"versionType": "git"
},
{
"lessThan": "b06f388994500297bb91be60ffaf6825ecfd2afe",
"status": "affected",
"version": "74ea66d4ca061a3cd4c0e924e51b60e924644852",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/xilinx_uartps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.78",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:51.032Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e22a97700901ba5e8bf8db68056a0d50f9440cae"
},
{
"url": "https://git.kernel.org/stable/c/de5bd24197bd9ee37ec1e379a3d882bbd15c5065"
},
{
"url": "https://git.kernel.org/stable/c/8ea0e7b3d7b8f2f0fc9db491ff22a0abe120801c"
},
{
"url": "https://git.kernel.org/stable/c/9b88a7c4584ba67267a051069b8abe44fc9595b2"
},
{
"url": "https://git.kernel.org/stable/c/4410dba9807a17a93f649a9f5870ceaf30a675a3"
},
{
"url": "https://git.kernel.org/stable/c/b06f388994500297bb91be60ffaf6825ecfd2afe"
}
],
"title": "tty: xilinx_uartps: split sysrq handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21820",
"datePublished": "2025-02-27T20:04:17.930Z",
"dateReserved": "2024-12-29T08:45:45.775Z",
"dateUpdated": "2025-05-04T07:21:51.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21803 (GCVE-0-2025-21803)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Fix warnings during S3 suspend
The enable_gpe_wakeup() function calls acpi_enable_all_wakeup_gpes(),
and the later one may call the preempt_schedule_common() function,
resulting in a thread switch and causing the CPU to be in an interrupt
enabled state after the enable_gpe_wakeup() function returns, leading
to the warnings as follow.
[ C0] WARNING: ... at kernel/time/timekeeping.c:845 ktime_get+0xbc/0xc8
[ C0] ...
[ C0] Call Trace:
[ C0] [<90000000002243b4>] show_stack+0x64/0x188
[ C0] [<900000000164673c>] dump_stack_lvl+0x60/0x88
[ C0] [<90000000002687e4>] __warn+0x8c/0x148
[ C0] [<90000000015e9978>] report_bug+0x1c0/0x2b0
[ C0] [<90000000016478e4>] do_bp+0x204/0x3b8
[ C0] [<90000000025b1924>] exception_handlers+0x1924/0x10000
[ C0] [<9000000000343bbc>] ktime_get+0xbc/0xc8
[ C0] [<9000000000354c08>] tick_sched_timer+0x30/0xb0
[ C0] [<90000000003408e0>] __hrtimer_run_queues+0x160/0x378
[ C0] [<9000000000341f14>] hrtimer_interrupt+0x144/0x388
[ C0] [<9000000000228348>] constant_timer_interrupt+0x38/0x48
[ C0] [<90000000002feba4>] __handle_irq_event_percpu+0x64/0x1e8
[ C0] [<90000000002fed48>] handle_irq_event_percpu+0x20/0x80
[ C0] [<9000000000306b9c>] handle_percpu_irq+0x5c/0x98
[ C0] [<90000000002fd4a0>] generic_handle_domain_irq+0x30/0x48
[ C0] [<9000000000d0c7b0>] handle_cpu_irq+0x70/0xa8
[ C0] [<9000000001646b30>] handle_loongarch_irq+0x30/0x48
[ C0] [<9000000001646bc8>] do_vint+0x80/0xe0
[ C0] [<90000000002aea1c>] finish_task_switch.isra.0+0x8c/0x2a8
[ C0] [<900000000164e34c>] __schedule+0x314/0xa48
[ C0] [<900000000164ead8>] schedule+0x58/0xf0
[ C0] [<9000000000294a2c>] worker_thread+0x224/0x498
[ C0] [<900000000029d2f0>] kthread+0xf8/0x108
[ C0] [<9000000000221f28>] ret_from_kernel_thread+0xc/0xa4
[ C0]
[ C0] ---[ end trace 0000000000000000 ]---
The root cause is acpi_enable_all_wakeup_gpes() uses a mutex to protect
acpi_hw_enable_all_wakeup_gpes(), and acpi_ut_acquire_mutex() may cause
a thread switch. Since there is no longer concurrent execution during
loongarch_acpi_suspend(), we can call acpi_hw_enable_all_wakeup_gpes()
directly in enable_gpe_wakeup().
The solution is similar to commit 22db06337f590d01 ("ACPI: sleep: Avoid
breaking S3 wakeup due to might_sleep()").
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/loongarch/power/platform.c",
"drivers/acpi/acpica/achware.h",
"include/acpi/acpixf.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d49ab6857d98266010f3446c9c2063014db5b654",
"status": "affected",
"version": "366bb35a8e48198cefcd3484ac6b2374d1347873",
"versionType": "git"
},
{
"lessThan": "194d26a5a43c26dc98a9b4e2c1d521dcb84dd1bf",
"status": "affected",
"version": "366bb35a8e48198cefcd3484ac6b2374d1347873",
"versionType": "git"
},
{
"lessThan": "8682a71a7f6de7c683f31b4334b04e19685a05f9",
"status": "affected",
"version": "366bb35a8e48198cefcd3484ac6b2374d1347873",
"versionType": "git"
},
{
"lessThan": "26c0a2d93af55d30a46d5f45d3e9c42cde730168",
"status": "affected",
"version": "366bb35a8e48198cefcd3484ac6b2374d1347873",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/loongarch/power/platform.c",
"drivers/acpi/acpica/achware.h",
"include/acpi/acpixf.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Fix warnings during S3 suspend\n\nThe enable_gpe_wakeup() function calls acpi_enable_all_wakeup_gpes(),\nand the later one may call the preempt_schedule_common() function,\nresulting in a thread switch and causing the CPU to be in an interrupt\nenabled state after the enable_gpe_wakeup() function returns, leading\nto the warnings as follow.\n\n[ C0] WARNING: ... at kernel/time/timekeeping.c:845 ktime_get+0xbc/0xc8\n[ C0] ...\n[ C0] Call Trace:\n[ C0] [\u003c90000000002243b4\u003e] show_stack+0x64/0x188\n[ C0] [\u003c900000000164673c\u003e] dump_stack_lvl+0x60/0x88\n[ C0] [\u003c90000000002687e4\u003e] __warn+0x8c/0x148\n[ C0] [\u003c90000000015e9978\u003e] report_bug+0x1c0/0x2b0\n[ C0] [\u003c90000000016478e4\u003e] do_bp+0x204/0x3b8\n[ C0] [\u003c90000000025b1924\u003e] exception_handlers+0x1924/0x10000\n[ C0] [\u003c9000000000343bbc\u003e] ktime_get+0xbc/0xc8\n[ C0] [\u003c9000000000354c08\u003e] tick_sched_timer+0x30/0xb0\n[ C0] [\u003c90000000003408e0\u003e] __hrtimer_run_queues+0x160/0x378\n[ C0] [\u003c9000000000341f14\u003e] hrtimer_interrupt+0x144/0x388\n[ C0] [\u003c9000000000228348\u003e] constant_timer_interrupt+0x38/0x48\n[ C0] [\u003c90000000002feba4\u003e] __handle_irq_event_percpu+0x64/0x1e8\n[ C0] [\u003c90000000002fed48\u003e] handle_irq_event_percpu+0x20/0x80\n[ C0] [\u003c9000000000306b9c\u003e] handle_percpu_irq+0x5c/0x98\n[ C0] [\u003c90000000002fd4a0\u003e] generic_handle_domain_irq+0x30/0x48\n[ C0] [\u003c9000000000d0c7b0\u003e] handle_cpu_irq+0x70/0xa8\n[ C0] [\u003c9000000001646b30\u003e] handle_loongarch_irq+0x30/0x48\n[ C0] [\u003c9000000001646bc8\u003e] do_vint+0x80/0xe0\n[ C0] [\u003c90000000002aea1c\u003e] finish_task_switch.isra.0+0x8c/0x2a8\n[ C0] [\u003c900000000164e34c\u003e] __schedule+0x314/0xa48\n[ C0] [\u003c900000000164ead8\u003e] schedule+0x58/0xf0\n[ C0] [\u003c9000000000294a2c\u003e] worker_thread+0x224/0x498\n[ C0] [\u003c900000000029d2f0\u003e] kthread+0xf8/0x108\n[ C0] [\u003c9000000000221f28\u003e] ret_from_kernel_thread+0xc/0xa4\n[ C0]\n[ C0] ---[ end trace 0000000000000000 ]---\n\nThe root cause is acpi_enable_all_wakeup_gpes() uses a mutex to protect\nacpi_hw_enable_all_wakeup_gpes(), and acpi_ut_acquire_mutex() may cause\na thread switch. Since there is no longer concurrent execution during\nloongarch_acpi_suspend(), we can call acpi_hw_enable_all_wakeup_gpes()\ndirectly in enable_gpe_wakeup().\n\nThe solution is similar to commit 22db06337f590d01 (\"ACPI: sleep: Avoid\nbreaking S3 wakeup due to might_sleep()\")."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:33.121Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d49ab6857d98266010f3446c9c2063014db5b654"
},
{
"url": "https://git.kernel.org/stable/c/194d26a5a43c26dc98a9b4e2c1d521dcb84dd1bf"
},
{
"url": "https://git.kernel.org/stable/c/8682a71a7f6de7c683f31b4334b04e19685a05f9"
},
{
"url": "https://git.kernel.org/stable/c/26c0a2d93af55d30a46d5f45d3e9c42cde730168"
}
],
"title": "LoongArch: Fix warnings during S3 suspend",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21803",
"datePublished": "2025-02-27T20:00:56.932Z",
"dateReserved": "2024-12-29T08:45:45.771Z",
"dateUpdated": "2025-05-04T07:21:33.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21818 (GCVE-0-2025-21818)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-03-02T14:26:37.856Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21818",
"datePublished": "2025-02-27T20:04:16.619Z",
"dateRejected": "2025-03-02T14:26:37.856Z",
"dateReserved": "2024-12-29T08:45:45.774Z",
"dateUpdated": "2025-03-02T14:26:37.856Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21813 (GCVE-0-2025-21813)
Vulnerability from cvelistv5
Published
2025-02-27 20:04
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
timers/migration: Fix off-by-one root mis-connection
Before attaching a new root to the old root, the children counter of the
new root is checked to verify that only the upcoming CPU's top group have
been connected to it. However since the recently added commit b729cc1ec21a
("timers/migration: Fix another race between hotplug and idle entry/exit")
this check is not valid anymore because the old root is pre-accounted
as a child to the new root. Therefore after connecting the upcoming
CPU's top group to the new root, the children count to be expected must
be 2 and not 1 anymore.
This omission results in the old root to not be connected to the new
root. Then eventually the system may run with more than one top level,
which defeats the purpose of a single idle migrator.
Also the old root is pre-accounted but not connected upon the new root
creation. But it can be connected to the new root later on. Therefore
the old root may be accounted twice to the new root. The propagation of
such overcommit can end up creating a double final top-level root with a
groupmask incorrectly initialized. Although harmless given that the final
top level roots will never have a parent to walk up to, this oddity
opportunistically reported the core issue:
WARNING: CPU: 8 PID: 0 at kernel/time/timer_migration.c:543 tmigr_requires_handle_remote
CPU: 8 UID: 0 PID: 0 Comm: swapper/8
RIP: 0010:tmigr_requires_handle_remote
Call Trace:
<IRQ>
? tmigr_requires_handle_remote
? hrtimer_run_queues
update_process_times
tick_periodic
tick_handle_periodic
__sysvec_apic_timer_interrupt
sysvec_apic_timer_interrupt
</IRQ>
Fix the problem by taking the old root into account in the children count
of the new root so the connection is not omitted.
Also warn when more than one top level group exists to better detect
similar issues in the future.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/time/timer_migration.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c6dd70e5b465a2b77c7a7c3d868736d302e29aec",
"status": "affected",
"version": "12ead225b7996252a8bc1a49b03aad57c0794880",
"versionType": "git"
},
{
"lessThan": "6f449d8fa1808a7f9ee644866bbc079285dbefdd",
"status": "affected",
"version": "b729cc1ec21a5899b7879ccfbe1786664928d597",
"versionType": "git"
},
{
"lessThan": "868c9037df626b3c245ee26a290a03ae1f9f58d3",
"status": "affected",
"version": "b729cc1ec21a5899b7879ccfbe1786664928d597",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/time/timer_migration.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "6.12.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntimers/migration: Fix off-by-one root mis-connection\n\nBefore attaching a new root to the old root, the children counter of the\nnew root is checked to verify that only the upcoming CPU\u0027s top group have\nbeen connected to it. However since the recently added commit b729cc1ec21a\n(\"timers/migration: Fix another race between hotplug and idle entry/exit\")\nthis check is not valid anymore because the old root is pre-accounted\nas a child to the new root. Therefore after connecting the upcoming\nCPU\u0027s top group to the new root, the children count to be expected must\nbe 2 and not 1 anymore.\n\nThis omission results in the old root to not be connected to the new\nroot. Then eventually the system may run with more than one top level,\nwhich defeats the purpose of a single idle migrator.\n\nAlso the old root is pre-accounted but not connected upon the new root\ncreation. But it can be connected to the new root later on. Therefore\nthe old root may be accounted twice to the new root. The propagation of\nsuch overcommit can end up creating a double final top-level root with a\ngroupmask incorrectly initialized. Although harmless given that the final\ntop level roots will never have a parent to walk up to, this oddity\nopportunistically reported the core issue:\n\n WARNING: CPU: 8 PID: 0 at kernel/time/timer_migration.c:543 tmigr_requires_handle_remote\n CPU: 8 UID: 0 PID: 0 Comm: swapper/8\n RIP: 0010:tmigr_requires_handle_remote\n Call Trace:\n \u003cIRQ\u003e\n ? tmigr_requires_handle_remote\n ? hrtimer_run_queues\n update_process_times\n tick_periodic\n tick_handle_periodic\n __sysvec_apic_timer_interrupt\n sysvec_apic_timer_interrupt\n \u003c/IRQ\u003e\n\nFix the problem by taking the old root into account in the children count\nof the new root so the connection is not omitted.\n\nAlso warn when more than one top level group exists to better detect\nsimilar issues in the future."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:43.981Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c6dd70e5b465a2b77c7a7c3d868736d302e29aec"
},
{
"url": "https://git.kernel.org/stable/c/6f449d8fa1808a7f9ee644866bbc079285dbefdd"
},
{
"url": "https://git.kernel.org/stable/c/868c9037df626b3c245ee26a290a03ae1f9f58d3"
}
],
"title": "timers/migration: Fix off-by-one root mis-connection",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21813",
"datePublished": "2025-02-27T20:04:13.433Z",
"dateReserved": "2024-12-29T08:45:45.774Z",
"dateUpdated": "2025-05-04T07:21:43.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21800 (GCVE-0-2025-21800)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
When bit offset for HWS_SET32 macro is negative,
UBSAN complains about the shift-out-of-bounds:
UBSAN: shift-out-of-bounds in
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c:177:2
shift exponent -8 is negative
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "92cff996624c4757d5bbace3dfa3f1567ba94143",
"status": "affected",
"version": "74a778b4a63faef9ff02aad0d332b209835f93e1",
"versionType": "git"
},
{
"lessThan": "69c676c0ded472713e6d1b3a456b3c4f52f66f0e",
"status": "affected",
"version": "74a778b4a63faef9ff02aad0d332b209835f93e1",
"versionType": "git"
},
{
"lessThan": "be482f1d10da781db9445d2753c1e3f1fd82babf",
"status": "affected",
"version": "74a778b4a63faef9ff02aad0d332b209835f93e1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, fix definer\u0027s HWS_SET32 macro for negative offset\n\nWhen bit offset for HWS_SET32 macro is negative,\nUBSAN complains about the shift-out-of-bounds:\n\n UBSAN: shift-out-of-bounds in\n drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c:177:2\n shift exponent -8 is negative"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:29.606Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/92cff996624c4757d5bbace3dfa3f1567ba94143"
},
{
"url": "https://git.kernel.org/stable/c/69c676c0ded472713e6d1b3a456b3c4f52f66f0e"
},
{
"url": "https://git.kernel.org/stable/c/be482f1d10da781db9445d2753c1e3f1fd82babf"
}
],
"title": "net/mlx5: HWS, fix definer\u0027s HWS_SET32 macro for negative offset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21800",
"datePublished": "2025-02-27T20:00:54.884Z",
"dateReserved": "2024-12-29T08:45:45.770Z",
"dateUpdated": "2025-05-04T07:21:29.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58022 (GCVE-0-2024-58022)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 10:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mailbox: th1520: Fix a NULL vs IS_ERR() bug
The devm_ioremap() function doesn't return error pointers, it returns
NULL. Update the error checking to match.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mailbox/mailbox-th1520.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ecbde88e544ff016fa08bbf2156dc431bb123e9b",
"status": "affected",
"version": "5d4d263e1c6b6b18acb4d67fd3b9af71b7404924",
"versionType": "git"
},
{
"lessThan": "d0f98e14c010bcf27898b635a54c1994ac4110a8",
"status": "affected",
"version": "5d4d263e1c6b6b18acb4d67fd3b9af71b7404924",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mailbox/mailbox-th1520.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: th1520: Fix a NULL vs IS_ERR() bug\n\nThe devm_ioremap() function doesn\u0027t return error pointers, it returns\nNULL. Update the error checking to match."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:08:39.755Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ecbde88e544ff016fa08bbf2156dc431bb123e9b"
},
{
"url": "https://git.kernel.org/stable/c/d0f98e14c010bcf27898b635a54c1994ac4110a8"
}
],
"title": "mailbox: th1520: Fix a NULL vs IS_ERR() bug",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-58022",
"datePublished": "2025-02-27T20:00:51.512Z",
"dateReserved": "2025-02-27T02:10:48.228Z",
"dateUpdated": "2025-05-04T10:08:39.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21808 (GCVE-0-2025-21808)
Vulnerability from cvelistv5
Published
2025-02-27 20:01
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: xdp: Disallow attaching device-bound programs in generic mode
Device-bound programs are used to support RX metadata kfuncs. These
kfuncs are driver-specific and rely on the driver context to read the
metadata. This means they can't work in generic XDP mode. However, there
is no check to disallow such programs from being attached in generic
mode, in which case the metadata kfuncs will be called in an invalid
context, leading to crashes.
Fix this by adding a check to disallow attaching device-bound programs
in generic mode.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b1bc4a35a04cbeb85b6ef5911ec015baa424989f",
"status": "affected",
"version": "2b3486bc2d237ec345b3942b7be5deabf8c8fed1",
"versionType": "git"
},
{
"lessThan": "557707906dd3e34b8a8c265f664d19f95799937e",
"status": "affected",
"version": "2b3486bc2d237ec345b3942b7be5deabf8c8fed1",
"versionType": "git"
},
{
"lessThan": "5a9eae683d6c36e8a7aa31e5eb8b369e41aa66e1",
"status": "affected",
"version": "2b3486bc2d237ec345b3942b7be5deabf8c8fed1",
"versionType": "git"
},
{
"lessThan": "3595599fa8360bb3c7afa7ee50c810b4a64106ea",
"status": "affected",
"version": "2b3486bc2d237ec345b3942b7be5deabf8c8fed1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: xdp: Disallow attaching device-bound programs in generic mode\n\nDevice-bound programs are used to support RX metadata kfuncs. These\nkfuncs are driver-specific and rely on the driver context to read the\nmetadata. This means they can\u0027t work in generic XDP mode. However, there\nis no check to disallow such programs from being attached in generic\nmode, in which case the metadata kfuncs will be called in an invalid\ncontext, leading to crashes.\n\nFix this by adding a check to disallow attaching device-bound programs\nin generic mode."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:38.647Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b1bc4a35a04cbeb85b6ef5911ec015baa424989f"
},
{
"url": "https://git.kernel.org/stable/c/557707906dd3e34b8a8c265f664d19f95799937e"
},
{
"url": "https://git.kernel.org/stable/c/5a9eae683d6c36e8a7aa31e5eb8b369e41aa66e1"
},
{
"url": "https://git.kernel.org/stable/c/3595599fa8360bb3c7afa7ee50c810b4a64106ea"
}
],
"title": "net: xdp: Disallow attaching device-bound programs in generic mode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21808",
"datePublished": "2025-02-27T20:01:00.328Z",
"dateReserved": "2024-12-29T08:45:45.772Z",
"dateUpdated": "2025-05-04T07:21:38.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21799 (GCVE-0-2025-21799)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
When getting the IRQ we use k3_udma_glue_tx_get_irq() which returns
negative error value on error. So not NULL check is not sufficient
to deteremine if IRQ is valid. Check that IRQ is greater then zero
to ensure it is valid.
There is no issue at probe time but at runtime user can invoke
.set_channels which results in the following call chain.
am65_cpsw_set_channels()
am65_cpsw_nuss_update_tx_rx_chns()
am65_cpsw_nuss_remove_tx_chns()
am65_cpsw_nuss_init_tx_chns()
At this point if am65_cpsw_nuss_init_tx_chns() fails due to
k3_udma_glue_tx_get_irq() then tx_chn->irq will be set to a
negative value.
Then, at subsequent .set_channels with higher channel count we
will attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()
leading to a kernel warning.
The issue is present in the original commit that introduced this driver,
although there, am65_cpsw_nuss_update_tx_rx_chns() existed as
am65_cpsw_nuss_update_tx_chns().
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ti/am65-cpsw-nuss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "321990fdf4f1bb64e818c7140688bf33d129e48d",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "ed8c0300f302338c36edb06bca99051e5be6fb2f",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "aea5cca681d268f794fa2385f9ec26a5cce025cd",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "88fd5db8c0073bd91d18391feb5741aeb0a2b475",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "8448c87b3af68bebca21e3136913f7f77e363515",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "8aae91ae1c65782a169ec070e023d4d269e5d6e6",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "4395a44acb15850e492dd1de9ec4b6479d96bc80",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ti/am65-cpsw-nuss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:28.563Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/321990fdf4f1bb64e818c7140688bf33d129e48d"
},
{
"url": "https://git.kernel.org/stable/c/ed8c0300f302338c36edb06bca99051e5be6fb2f"
},
{
"url": "https://git.kernel.org/stable/c/aea5cca681d268f794fa2385f9ec26a5cce025cd"
},
{
"url": "https://git.kernel.org/stable/c/88fd5db8c0073bd91d18391feb5741aeb0a2b475"
},
{
"url": "https://git.kernel.org/stable/c/8448c87b3af68bebca21e3136913f7f77e363515"
},
{
"url": "https://git.kernel.org/stable/c/8aae91ae1c65782a169ec070e023d4d269e5d6e6"
},
{
"url": "https://git.kernel.org/stable/c/4395a44acb15850e492dd1de9ec4b6479d96bc80"
}
],
"title": "net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21799",
"datePublished": "2025-02-27T20:00:54.223Z",
"dateReserved": "2024-12-29T08:45:45.770Z",
"dateUpdated": "2025-05-04T07:21:28.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21815 (GCVE-0-2025-21815)
Vulnerability from cvelistv5
Published
2025-02-27 20:04
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/compaction: fix UBSAN shift-out-of-bounds warning
syzkaller reported a UBSAN shift-out-of-bounds warning of (1UL << order)
in isolate_freepages_block(). The bogus compound_order can be any value
because it is union with flags. Add back the MAX_PAGE_ORDER check to fix
the warning.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/compaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4491159774d973a9e2e998d25d8fbb20fada6dfa",
"status": "affected",
"version": "3da0272a4c7d0d37b47b28e87014f421296fc2be",
"versionType": "git"
},
{
"lessThan": "10b7d3eb535098ccd4c82a182a33655d8a0e5c88",
"status": "affected",
"version": "3da0272a4c7d0d37b47b28e87014f421296fc2be",
"versionType": "git"
},
{
"lessThan": "d1366e74342e75555af2648a2964deb2d5c92200",
"status": "affected",
"version": "3da0272a4c7d0d37b47b28e87014f421296fc2be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/compaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:46.285Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4491159774d973a9e2e998d25d8fbb20fada6dfa"
},
{
"url": "https://git.kernel.org/stable/c/10b7d3eb535098ccd4c82a182a33655d8a0e5c88"
},
{
"url": "https://git.kernel.org/stable/c/d1366e74342e75555af2648a2964deb2d5c92200"
}
],
"title": "mm/compaction: fix UBSAN shift-out-of-bounds warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21815",
"datePublished": "2025-02-27T20:04:14.733Z",
"dateReserved": "2024-12-29T08:45:45.774Z",
"dateUpdated": "2025-05-04T07:21:46.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21817 (GCVE-0-2025-21817)
Vulnerability from cvelistv5
Published
2025-02-27 20:04
Modified
2025-06-19 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: mark GFP_NOIO around sysfs ->store()
sysfs ->store is called with queue freezed, meantime we have several
->store() callbacks(update_nr_requests, wbt, scheduler) to allocate
memory with GFP_KERNEL which may run into direct reclaim code path,
then potential deadlock can be caused.
Fix the issue by marking NOIO around sysfs ->store()
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2566ce907e5d5db8a039647208e029ce559baa31",
"status": "affected",
"version": "8985da5481562e96b95e94ed8e5cc9b6565eb82b",
"versionType": "git"
},
{
"lessThan": "7c0be4ead1f8f5f8be0803f347de0de81e3b8e1c",
"status": "affected",
"version": "c99f66e4084a62a2cc401c4704a84328aeddc9ec",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.13.3",
"status": "affected",
"version": "6.13.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "6.13.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: mark GFP_NOIO around sysfs -\u003estore()\n\nsysfs -\u003estore is called with queue freezed, meantime we have several\n-\u003estore() callbacks(update_nr_requests, wbt, scheduler) to allocate\nmemory with GFP_KERNEL which may run into direct reclaim code path,\nthen potential deadlock can be caused.\n\nFix the issue by marking NOIO around sysfs -\u003estore()"
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:56:45.920Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2566ce907e5d5db8a039647208e029ce559baa31"
},
{
"url": "https://git.kernel.org/stable/c/7c0be4ead1f8f5f8be0803f347de0de81e3b8e1c"
}
],
"title": "block: mark GFP_NOIO around sysfs -\u003estore()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21817",
"datePublished": "2025-02-27T20:04:15.988Z",
"dateReserved": "2024-12-29T08:45:45.774Z",
"dateUpdated": "2025-06-19T12:56:45.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21807 (GCVE-0-2025-21807)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: fix queue freeze vs limits lock order in sysfs store methods
queue_attr_store() always freezes a device queue before calling the
attribute store operation. For attributes that control queue limits, the
store operation will also lock the queue limits with a call to
queue_limits_start_update(). However, some drivers (e.g. SCSI sd) may
need to issue commands to a device to obtain limit values from the
hardware with the queue limits locked. This creates a potential ABBA
deadlock situation if a user attempts to modify a limit (thus freezing
the device queue) while the device driver starts a revalidation of the
device queue limits.
Avoid such deadlock by not freezing the queue before calling the
->store_limit() method in struct queue_sysfs_entry and instead use the
queue_limits_commit_update_frozen helper to freeze the queue after taking
the limits lock.
This also removes taking the sysfs lock for the store_limit method as
it doesn't protect anything here, but creates even more nesting.
Hopefully it will go away from the actual sysfs methods entirely soon.
(commit log adapted from a similar patch from Damien Le Moal)
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8985da5481562e96b95e94ed8e5cc9b6565eb82b",
"status": "affected",
"version": "0327ca9d53bfbb0918867313049bba7046900f73",
"versionType": "git"
},
{
"lessThan": "c99f66e4084a62a2cc401c4704a84328aeddc9ec",
"status": "affected",
"version": "0327ca9d53bfbb0918867313049bba7046900f73",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix queue freeze vs limits lock order in sysfs store methods\n\nqueue_attr_store() always freezes a device queue before calling the\nattribute store operation. For attributes that control queue limits, the\nstore operation will also lock the queue limits with a call to\nqueue_limits_start_update(). However, some drivers (e.g. SCSI sd) may\nneed to issue commands to a device to obtain limit values from the\nhardware with the queue limits locked. This creates a potential ABBA\ndeadlock situation if a user attempts to modify a limit (thus freezing\nthe device queue) while the device driver starts a revalidation of the\ndevice queue limits.\n\nAvoid such deadlock by not freezing the queue before calling the\n-\u003estore_limit() method in struct queue_sysfs_entry and instead use the\nqueue_limits_commit_update_frozen helper to freeze the queue after taking\nthe limits lock.\n\nThis also removes taking the sysfs lock for the store_limit method as\nit doesn\u0027t protect anything here, but creates even more nesting.\nHopefully it will go away from the actual sysfs methods entirely soon.\n\n(commit log adapted from a similar patch from Damien Le Moal)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:37.603Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8985da5481562e96b95e94ed8e5cc9b6565eb82b"
},
{
"url": "https://git.kernel.org/stable/c/c99f66e4084a62a2cc401c4704a84328aeddc9ec"
}
],
"title": "block: fix queue freeze vs limits lock order in sysfs store methods",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21807",
"datePublished": "2025-02-27T20:00:59.560Z",
"dateReserved": "2024-12-29T08:45:45.772Z",
"dateUpdated": "2025-05-04T07:21:37.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21819 (GCVE-0-2025-21819)
Vulnerability from cvelistv5
Published
2025-02-27 20:04
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/amd/display: Use HW lock mgr for PSR1"
This reverts commit
a2b5a9956269 ("drm/amd/display: Use HW lock mgr for PSR1")
Because it may cause system hang while connect with two edp panel.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: b7d2461858ac75c9d6bc4ab8af1a738d0814b716 Version: 758abba3dd413dc5de2016f8588403294263a30a Version: 4b46fc30b37e457d25cf3908c0c4dc3fbedd2044 Version: b5c764d6ed556c4e81fbe3fd976da77ec450c08e Version: b5c764d6ed556c4e81fbe3fd976da77ec450c08e |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "915697c2e69ac8d14dad498e6d6f43dbb7de3787",
"status": "affected",
"version": "b7d2461858ac75c9d6bc4ab8af1a738d0814b716",
"versionType": "git"
},
{
"lessThan": "dcc3f2c06d80da39eee742b51ddf0781affb260c",
"status": "affected",
"version": "758abba3dd413dc5de2016f8588403294263a30a",
"versionType": "git"
},
{
"lessThan": "95c75578c420110c43791295985abb961d6dc033",
"status": "affected",
"version": "4b46fc30b37e457d25cf3908c0c4dc3fbedd2044",
"versionType": "git"
},
{
"lessThan": "a978864653e45d2671f99b09afcc1110e45d3dd9",
"status": "affected",
"version": "b5c764d6ed556c4e81fbe3fd976da77ec450c08e",
"versionType": "git"
},
{
"lessThan": "f245b400a223a71d6d5f4c72a2cb9b573a7fc2b6",
"status": "affected",
"version": "b5c764d6ed556c4e81fbe3fd976da77ec450c08e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "6.1.128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.78",
"versionStartIncluding": "6.6.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "6.12.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:49.995Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/915697c2e69ac8d14dad498e6d6f43dbb7de3787"
},
{
"url": "https://git.kernel.org/stable/c/dcc3f2c06d80da39eee742b51ddf0781affb260c"
},
{
"url": "https://git.kernel.org/stable/c/95c75578c420110c43791295985abb961d6dc033"
},
{
"url": "https://git.kernel.org/stable/c/a978864653e45d2671f99b09afcc1110e45d3dd9"
},
{
"url": "https://git.kernel.org/stable/c/f245b400a223a71d6d5f4c72a2cb9b573a7fc2b6"
}
],
"title": "Revert \"drm/amd/display: Use HW lock mgr for PSR1\"",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21819",
"datePublished": "2025-02-27T20:04:17.284Z",
"dateReserved": "2024-12-29T08:45:45.775Z",
"dateUpdated": "2025-05-04T07:21:49.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21798 (GCVE-0-2025-21798)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firewire: test: Fix potential null dereference in firewire kunit test
kunit_kzalloc() may return a NULL pointer, dereferencing it without
NULL check may lead to NULL dereference.
Add a NULL check for test_state.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firewire/device-attribute-test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c6896bf4c611c3dd126f3e03685f2360a18b3d6f",
"status": "affected",
"version": "1c8506d62624fbc57db75414a387f365da8422e9",
"versionType": "git"
},
{
"lessThan": "70fcb25472d90dd3b87cbee74b9eb68670b0c7b8",
"status": "affected",
"version": "1c8506d62624fbc57db75414a387f365da8422e9",
"versionType": "git"
},
{
"lessThan": "352fafe97784e81a10a7c74bd508f71a19b53c2a",
"status": "affected",
"version": "1c8506d62624fbc57db75414a387f365da8422e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firewire/device-attribute-test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: test: Fix potential null dereference in firewire kunit test\n\nkunit_kzalloc() may return a NULL pointer, dereferencing it without\nNULL check may lead to NULL dereference.\nAdd a NULL check for test_state."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:27.515Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c6896bf4c611c3dd126f3e03685f2360a18b3d6f"
},
{
"url": "https://git.kernel.org/stable/c/70fcb25472d90dd3b87cbee74b9eb68670b0c7b8"
},
{
"url": "https://git.kernel.org/stable/c/352fafe97784e81a10a7c74bd508f71a19b53c2a"
}
],
"title": "firewire: test: Fix potential null dereference in firewire kunit test",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21798",
"datePublished": "2025-02-27T20:00:53.557Z",
"dateReserved": "2024-12-29T08:45:45.770Z",
"dateUpdated": "2025-05-04T07:21:27.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21806 (GCVE-0-2025-21806)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: let net.core.dev_weight always be non-zero
The following problem was encountered during stability test:
(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \
returned 1, exceeding its budget of 0.
------------[ cut here ]------------
list_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \
next=ffff88905f746e40.
WARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \
__list_add_valid_or_report+0xf3/0x130
CPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+
RIP: 0010:__list_add_valid_or_report+0xf3/0x130
Call Trace:
? __warn+0xcd/0x250
? __list_add_valid_or_report+0xf3/0x130
enqueue_to_backlog+0x923/0x1070
netif_rx_internal+0x92/0x2b0
__netif_rx+0x15/0x170
loopback_xmit+0x2ef/0x450
dev_hard_start_xmit+0x103/0x490
__dev_queue_xmit+0xeac/0x1950
ip_finish_output2+0x6cc/0x1620
ip_output+0x161/0x270
ip_push_pending_frames+0x155/0x1a0
raw_sendmsg+0xe13/0x1550
__sys_sendto+0x3bf/0x4e0
__x64_sys_sendto+0xdc/0x1b0
do_syscall_64+0x5b/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
The reproduction command is as follows:
sysctl -w net.core.dev_weight=0
ping 127.0.0.1
This is because when the napi's weight is set to 0, process_backlog() may
return 0 and clear the NAPI_STATE_SCHED bit of napi->state, causing this
napi to be re-polled in net_rx_action() until __do_softirq() times out.
Since the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can
be retriggered in enqueue_to_backlog(), causing this issue.
Making the napi's weight always non-zero solves this problem.
Triggering this issue requires system-wide admin (setting is
not namespaced).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: e3876605450979fe52a1a03e7eb78a89bf59e76a Version: e3876605450979fe52a1a03e7eb78a89bf59e76a Version: e3876605450979fe52a1a03e7eb78a89bf59e76a Version: e3876605450979fe52a1a03e7eb78a89bf59e76a Version: e3876605450979fe52a1a03e7eb78a89bf59e76a Version: e3876605450979fe52a1a03e7eb78a89bf59e76a Version: e3876605450979fe52a1a03e7eb78a89bf59e76a Version: e3876605450979fe52a1a03e7eb78a89bf59e76a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/sysctl_net_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d0e0f9c8218826926d7692980c98236d9f21fd3c",
"status": "affected",
"version": "e3876605450979fe52a1a03e7eb78a89bf59e76a",
"versionType": "git"
},
{
"lessThan": "c337c08819a4ec49edfdcd8fc46fbee120d8a5b2",
"status": "affected",
"version": "e3876605450979fe52a1a03e7eb78a89bf59e76a",
"versionType": "git"
},
{
"lessThan": "0e2f1d93d287d544d26f8ff293ea820a8079b9f8",
"status": "affected",
"version": "e3876605450979fe52a1a03e7eb78a89bf59e76a",
"versionType": "git"
},
{
"lessThan": "5860abbf15eeb61838b5e32e721ba67b0aa84450",
"status": "affected",
"version": "e3876605450979fe52a1a03e7eb78a89bf59e76a",
"versionType": "git"
},
{
"lessThan": "6ce38b5a6a49e65bad163162a54cb3f104c40b48",
"status": "affected",
"version": "e3876605450979fe52a1a03e7eb78a89bf59e76a",
"versionType": "git"
},
{
"lessThan": "33e2168788f8fb5cb8bd4f36cb1ef37d1d34dada",
"status": "affected",
"version": "e3876605450979fe52a1a03e7eb78a89bf59e76a",
"versionType": "git"
},
{
"lessThan": "1489824e5226a26841c70639ebd2d1aed390764b",
"status": "affected",
"version": "e3876605450979fe52a1a03e7eb78a89bf59e76a",
"versionType": "git"
},
{
"lessThan": "d1f9f79fa2af8e3b45cffdeef66e05833480148a",
"status": "affected",
"version": "e3876605450979fe52a1a03e7eb78a89bf59e76a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/sysctl_net_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n sysctl -w net.core.dev_weight=0\n ping 127.0.0.1\n\nThis is because when the napi\u0027s weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi-\u003estate, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi\u0027s weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:36.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d0e0f9c8218826926d7692980c98236d9f21fd3c"
},
{
"url": "https://git.kernel.org/stable/c/c337c08819a4ec49edfdcd8fc46fbee120d8a5b2"
},
{
"url": "https://git.kernel.org/stable/c/0e2f1d93d287d544d26f8ff293ea820a8079b9f8"
},
{
"url": "https://git.kernel.org/stable/c/5860abbf15eeb61838b5e32e721ba67b0aa84450"
},
{
"url": "https://git.kernel.org/stable/c/6ce38b5a6a49e65bad163162a54cb3f104c40b48"
},
{
"url": "https://git.kernel.org/stable/c/33e2168788f8fb5cb8bd4f36cb1ef37d1d34dada"
},
{
"url": "https://git.kernel.org/stable/c/1489824e5226a26841c70639ebd2d1aed390764b"
},
{
"url": "https://git.kernel.org/stable/c/d1f9f79fa2af8e3b45cffdeef66e05833480148a"
}
],
"title": "net: let net.core.dev_weight always be non-zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21806",
"datePublished": "2025-02-27T20:00:58.918Z",
"dateReserved": "2024-12-29T08:45:45.771Z",
"dateUpdated": "2025-05-04T07:21:36.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21816 (GCVE-0-2025-21816)
Vulnerability from cvelistv5
Published
2025-02-27 20:04
Modified
2025-06-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
hrtimers are migrated away from the dying CPU to any online target at
the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers
handling tasks involved in the CPU hotplug forward progress.
However wakeups can still be performed by the outgoing CPU after
CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being
armed. Depending on several considerations (crystal ball power management
based election, earliest timer already enqueued, timer migration enabled or
not), the target may eventually be the current CPU even if offline. If that
happens, the timer is eventually ignored.
The most notable example is RCU which had to deal with each and every of
those wake-ups by deferring them to an online CPU, along with related
workarounds:
_ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying)
_ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU)
_ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq)
The problem isn't confined to RCU though as the stop machine kthread
(which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end
of its work through cpu_stop_signal_done() and performs a wake up that
eventually arms the deadline server timer:
WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0
CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted
Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0
RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0
Call Trace:
<TASK>
start_dl_timer
enqueue_dl_entity
dl_server_start
enqueue_task_fair
enqueue_task
ttwu_do_activate
try_to_wake_up
complete
cpu_stopper_thread
Instead of providing yet another bandaid to work around the situation, fix
it in the hrtimers infrastructure instead: always migrate away a timer to
an online target whenever it is enqueued from an offline CPU.
This will also allow to revert all the above RCU disgraceful hacks.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 75b5016ce325f1ef9c63e5398a1064cf8a7a7354 Version: 53f408cad05bb987af860af22f4151e5a18e6ee8 Version: 5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94 Version: 5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94 Version: 5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94 Version: 9a2fc41acb69dd4e2a58d0c04346c3333c2341fc Version: 54d0d83a53508d687fd4a225f8aa1f18559562d0 Version: 7f4c89400d2997939f6971c7981cc780a219e36b Version: 6fcbcc6c8e52650749692c7613cbe71bf601670d |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/hrtimer_defs.h",
"kernel/time/hrtimer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "82ac6adbbb2aad14548a71d5e2e37f4964a15e38",
"status": "affected",
"version": "75b5016ce325f1ef9c63e5398a1064cf8a7a7354",
"versionType": "git"
},
{
"lessThan": "63815bef47ec25f5a125019ca480882481ee1553",
"status": "affected",
"version": "53f408cad05bb987af860af22f4151e5a18e6ee8",
"versionType": "git"
},
{
"lessThan": "e456a88bddae4030ba962447bb84be6669f2a0c1",
"status": "affected",
"version": "5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94",
"versionType": "git"
},
{
"lessThan": "2aecec58e9040ce3d2694707889f9914a2374955",
"status": "affected",
"version": "5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94",
"versionType": "git"
},
{
"lessThan": "53dac345395c0d2493cbc2f4c85fe38aef5b63f5",
"status": "affected",
"version": "5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94",
"versionType": "git"
},
{
"status": "affected",
"version": "9a2fc41acb69dd4e2a58d0c04346c3333c2341fc",
"versionType": "git"
},
{
"status": "affected",
"version": "54d0d83a53508d687fd4a225f8aa1f18559562d0",
"versionType": "git"
},
{
"status": "affected",
"version": "7f4c89400d2997939f6971c7981cc780a219e36b",
"versionType": "git"
},
{
"status": "affected",
"version": "6fcbcc6c8e52650749692c7613cbe71bf601670d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/hrtimer_defs.h",
"kernel/time/hrtimer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.141",
"versionStartIncluding": "6.1.68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.93",
"versionStartIncluding": "6.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.143",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING\n\nhrtimers are migrated away from the dying CPU to any online target at\nthe CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers\nhandling tasks involved in the CPU hotplug forward progress.\n\nHowever wakeups can still be performed by the outgoing CPU after\nCPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being\narmed. Depending on several considerations (crystal ball power management\nbased election, earliest timer already enqueued, timer migration enabled or\nnot), the target may eventually be the current CPU even if offline. If that\nhappens, the timer is eventually ignored.\n\nThe most notable example is RCU which had to deal with each and every of\nthose wake-ups by deferring them to an online CPU, along with related\nworkarounds:\n\n_ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying)\n_ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU)\n_ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq)\n\nThe problem isn\u0027t confined to RCU though as the stop machine kthread\n(which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end\nof its work through cpu_stop_signal_done() and performs a wake up that\neventually arms the deadline server timer:\n\n WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0\n CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted\n Stopper: multi_cpu_stop+0x0/0x120 \u003c- stop_machine_cpuslocked+0x66/0xc0\n RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0\n Call Trace:\n \u003cTASK\u003e\n start_dl_timer\n enqueue_dl_entity\n dl_server_start\n enqueue_task_fair\n enqueue_task\n ttwu_do_activate\n try_to_wake_up\n complete\n cpu_stopper_thread\n\nInstead of providing yet another bandaid to work around the situation, fix\nit in the hrtimers infrastructure instead: always migrate away a timer to\nan online target whenever it is enqueued from an offline CPU.\n\nThis will also allow to revert all the above RCU disgraceful hacks."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T12:57:22.282Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/82ac6adbbb2aad14548a71d5e2e37f4964a15e38"
},
{
"url": "https://git.kernel.org/stable/c/63815bef47ec25f5a125019ca480882481ee1553"
},
{
"url": "https://git.kernel.org/stable/c/e456a88bddae4030ba962447bb84be6669f2a0c1"
},
{
"url": "https://git.kernel.org/stable/c/2aecec58e9040ce3d2694707889f9914a2374955"
},
{
"url": "https://git.kernel.org/stable/c/53dac345395c0d2493cbc2f4c85fe38aef5b63f5"
}
],
"title": "hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21816",
"datePublished": "2025-02-27T20:04:15.356Z",
"dateReserved": "2024-12-29T08:45:45.774Z",
"dateUpdated": "2025-06-04T12:57:22.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21822 (GCVE-0-2025-21822)
Vulnerability from cvelistv5
Published
2025-02-27 20:06
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ptp: vmclock: Set driver data before its usage
If vmclock_ptp_register() fails during probing, vmclock_remove() is
called to clean up the ptp clock and misc device.
It uses dev_get_drvdata() to access the vmclock state.
However the driver data is not yet set at this point.
Assign the driver data earlier.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ptp/ptp_vmclock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6dbd8b91a065d1d8001446a28e72cd140f9acef0",
"status": "affected",
"version": "20503272422693d793b84f88bf23fe4e955d3a33",
"versionType": "git"
},
{
"lessThan": "f7d07cd4f77d77f366c8ffbb8ba8b61f614e5fce",
"status": "affected",
"version": "20503272422693d793b84f88bf23fe4e955d3a33",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ptp/ptp_vmclock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.4",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: vmclock: Set driver data before its usage\n\nIf vmclock_ptp_register() fails during probing, vmclock_remove() is\ncalled to clean up the ptp clock and misc device.\nIt uses dev_get_drvdata() to access the vmclock state.\nHowever the driver data is not yet set at this point.\n\nAssign the driver data earlier."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:53.360Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6dbd8b91a065d1d8001446a28e72cd140f9acef0"
},
{
"url": "https://git.kernel.org/stable/c/f7d07cd4f77d77f366c8ffbb8ba8b61f614e5fce"
}
],
"title": "ptp: vmclock: Set driver data before its usage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21822",
"datePublished": "2025-02-27T20:06:13.422Z",
"dateReserved": "2024-12-29T08:45:45.775Z",
"dateUpdated": "2025-05-04T07:21:53.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21821 (GCVE-0-2025-21821)
Vulnerability from cvelistv5
Published
2025-02-27 20:06
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: omap: use threaded IRQ for LCD DMA
When using touchscreen and framebuffer, Nokia 770 crashes easily with:
BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000
Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd
CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2
Hardware name: Nokia 770
Call trace:
unwind_backtrace from show_stack+0x10/0x14
show_stack from dump_stack_lvl+0x54/0x5c
dump_stack_lvl from __schedule_bug+0x50/0x70
__schedule_bug from __schedule+0x4d4/0x5bc
__schedule from schedule+0x34/0xa0
schedule from schedule_preempt_disabled+0xc/0x10
schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4
__mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4
clk_prepare_lock from clk_set_rate+0x18/0x154
clk_set_rate from sossi_read_data+0x4c/0x168
sossi_read_data from hwa742_read_reg+0x5c/0x8c
hwa742_read_reg from send_frame_handler+0xfc/0x300
send_frame_handler from process_pending_requests+0x74/0xd0
process_pending_requests from lcd_dma_irq_handler+0x50/0x74
lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130
__handle_irq_event_percpu from handle_irq_event+0x28/0x68
handle_irq_event from handle_level_irq+0x9c/0x170
handle_level_irq from generic_handle_domain_irq+0x2c/0x3c
generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c
omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c
generic_handle_arch_irq from call_with_stack+0x1c/0x24
call_with_stack from __irq_svc+0x94/0xa8
Exception stack(0xc5255da0 to 0xc5255de8)
5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248
5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94
5de0: 60000013 ffffffff
__irq_svc from clk_prepare_lock+0x4c/0xe4
clk_prepare_lock from clk_get_rate+0x10/0x74
clk_get_rate from uwire_setup_transfer+0x40/0x180
uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c
spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664
spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498
__spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8
__spi_sync from spi_sync+0x24/0x40
spi_sync from ads7846_halfd_read_state+0x5c/0x1c0
ads7846_halfd_read_state from ads7846_irq+0x58/0x348
ads7846_irq from irq_thread_fn+0x1c/0x78
irq_thread_fn from irq_thread+0x120/0x228
irq_thread from kthread+0xc8/0xe8
kthread from ret_from_fork+0x14/0x28
As a quick fix, switch to a threaded IRQ which provides a stable system.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/omap/lcd_dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7bbbd311dd503653a2cc86d9226740883051dc92",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fb6a5edb60921887d7d10619fcdcbee9759552cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "aa8e22cbedeb626f2a6bda0aea362353d627cd0a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8392ea100f0b86c234c739c6662f39f0ccc0cefd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e4b6b665df815b4841e71b72f06446884e8aad40",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/omap/lcd_dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:52.069Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7bbbd311dd503653a2cc86d9226740883051dc92"
},
{
"url": "https://git.kernel.org/stable/c/fb6a5edb60921887d7d10619fcdcbee9759552cb"
},
{
"url": "https://git.kernel.org/stable/c/aa8e22cbedeb626f2a6bda0aea362353d627cd0a"
},
{
"url": "https://git.kernel.org/stable/c/8392ea100f0b86c234c739c6662f39f0ccc0cefd"
},
{
"url": "https://git.kernel.org/stable/c/e4b6b665df815b4841e71b72f06446884e8aad40"
}
],
"title": "fbdev: omap: use threaded IRQ for LCD DMA",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21821",
"datePublished": "2025-02-27T20:06:12.722Z",
"dateReserved": "2024-12-29T08:45:45.775Z",
"dateUpdated": "2025-05-04T07:21:52.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21810 (GCVE-0-2025-21810)
Vulnerability from cvelistv5
Published
2025-02-27 20:01
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
There are a potential wild pointer dereferences issue regarding APIs
class_dev_iter_(init|next|exit)(), as explained by below typical usage:
// All members of @iter are wild pointers.
struct class_dev_iter iter;
// class_dev_iter_init(@iter, @class, ...) checks parameter @class for
// potential class_to_subsys() error, and it returns void type and does
// not initialize its output parameter @iter, so caller can not detect
// the error and continues to invoke class_dev_iter_next(@iter) even if
// @iter still contains wild pointers.
class_dev_iter_init(&iter, ...);
// Dereference these wild pointers in @iter here once suffer the error.
while (dev = class_dev_iter_next(&iter)) { ... };
// Also dereference these wild pointers here.
class_dev_iter_exit(&iter);
Actually, all callers of these APIs have such usage pattern in kernel tree.
Fix by:
- Initialize output parameter @iter by memset() in class_dev_iter_init()
and give callers prompt by pr_crit() for the error.
- Check if @iter is valid in class_dev_iter_next().
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/class.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f4b9bc823b0cfdebfed479c0e87d6939c7562e87",
"status": "affected",
"version": "7b884b7f24b42fa25e92ed724ad82f137610afaf",
"versionType": "git"
},
{
"lessThan": "1614e75d1a1b63db6421c7a4bf37004720c7376c",
"status": "affected",
"version": "7b884b7f24b42fa25e92ed724ad82f137610afaf",
"versionType": "git"
},
{
"lessThan": "5c504e9767b947cf7d4e29b811c0c8b3c53242b7",
"status": "affected",
"version": "7b884b7f24b42fa25e92ed724ad82f137610afaf",
"versionType": "git"
},
{
"lessThan": "e128f82f7006991c99a58114f70ef61e937b1ac1",
"status": "affected",
"version": "7b884b7f24b42fa25e92ed724ad82f137610afaf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/class.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:40.730Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f4b9bc823b0cfdebfed479c0e87d6939c7562e87"
},
{
"url": "https://git.kernel.org/stable/c/1614e75d1a1b63db6421c7a4bf37004720c7376c"
},
{
"url": "https://git.kernel.org/stable/c/5c504e9767b947cf7d4e29b811c0c8b3c53242b7"
},
{
"url": "https://git.kernel.org/stable/c/e128f82f7006991c99a58114f70ef61e937b1ac1"
}
],
"title": "driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21810",
"datePublished": "2025-02-27T20:01:01.630Z",
"dateReserved": "2024-12-29T08:45:45.772Z",
"dateUpdated": "2025-05-04T07:21:40.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58042 (GCVE-0-2024-58042)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 10:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Move the hash table growth check and work scheduling outside the
rht lock to prevent a possible circular locking dependency.
The original implementation could trigger a lockdep warning due to
a potential deadlock scenario involving nested locks between
rhashtable bucket, rq lock, and dsq lock. By relocating the
growth check and work scheduling after releasing the rth lock, we break
this potential deadlock chain.
This change expands the flexibility of rhashtable by removing
restrictive locking that previously limited its use in scheduler
and workqueue contexts.
Import to say that this calls rht_grow_above_75(), which reads from
struct rhashtable without holding the lock, if this is a problem, we can
move the check to the lock, and schedule the workqueue after the lock.
Modified so that atomic_inc is also moved outside of the bucket
lock along with the growth above 75% check.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/rhashtable.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eb2e58484b838fb4e777ee9721bb9e20e6ca971d",
"status": "affected",
"version": "f0e1a0643a59bf1f922fa209cec86a170b784f3f",
"versionType": "git"
},
{
"lessThan": "ced8ce3c83a7150c5f5d371a8c332d7bc7f9b66d",
"status": "affected",
"version": "f0e1a0643a59bf1f922fa209cec86a170b784f3f",
"versionType": "git"
},
{
"lessThan": "e1d3422c95f003eba241c176adfe593c33e8a8f6",
"status": "affected",
"version": "f0e1a0643a59bf1f922fa209cec86a170b784f3f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/rhashtable.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrhashtable: Fix potential deadlock by moving schedule_work outside lock\n\nMove the hash table growth check and work scheduling outside the\nrht lock to prevent a possible circular locking dependency.\n\nThe original implementation could trigger a lockdep warning due to\na potential deadlock scenario involving nested locks between\nrhashtable bucket, rq lock, and dsq lock. By relocating the\ngrowth check and work scheduling after releasing the rth lock, we break\nthis potential deadlock chain.\n\nThis change expands the flexibility of rhashtable by removing\nrestrictive locking that previously limited its use in scheduler\nand workqueue contexts.\n\nImport to say that this calls rht_grow_above_75(), which reads from\nstruct rhashtable without holding the lock, if this is a problem, we can\nmove the check to the lock, and schedule the workqueue after the lock.\n\n\nModified so that atomic_inc is also moved outside of the bucket\nlock along with the growth above 75% check."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:08:42.647Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eb2e58484b838fb4e777ee9721bb9e20e6ca971d"
},
{
"url": "https://git.kernel.org/stable/c/ced8ce3c83a7150c5f5d371a8c332d7bc7f9b66d"
},
{
"url": "https://git.kernel.org/stable/c/e1d3422c95f003eba241c176adfe593c33e8a8f6"
}
],
"title": "rhashtable: Fix potential deadlock by moving schedule_work outside lock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-58042",
"datePublished": "2025-02-27T20:00:52.879Z",
"dateReserved": "2025-02-27T02:16:34.106Z",
"dateUpdated": "2025-05-04T10:08:42.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21802 (GCVE-0-2025-21802)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 13:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix oops when unload drivers paralleling
When unload hclge driver, it tries to disable sriov first for each
ae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at
the time, because it removes all the ae_dev nodes, and it may cause
oops.
But we can't simply use hnae3_common_lock for this. Because in the
process flow of pci_disable_sriov(), it will trigger the remove flow
of VF, which will also take hnae3_common_lock.
To fixes it, introduce a new mutex to protect the unload process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: d36b15e3e7b5937cb1f6ac590a85facc3a320642 Version: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 Version: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 Version: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 Version: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 Version: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 Version: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 Version: b06ad258e01389ca3ff13bc180f3fcd6a608f1cd Version: c4b64011e458aa2b246cd4e42012cfd83d2d9a5c Version: 9b5a29f0acefa3eb1dbe2fa302b393eeff64d933 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hnae3.c",
"drivers/net/ethernet/hisilicon/hns3/hnae3.h",
"drivers/net/ethernet/hisilicon/hns3/hns3_enet.c",
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c",
"drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "622d92a67656e5c4d2d6ccac02d688ed995418c6",
"status": "affected",
"version": "d36b15e3e7b5937cb1f6ac590a85facc3a320642",
"versionType": "git"
},
{
"lessThan": "8c640dd3d900cc8988a39c007591f1deee776df4",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"lessThan": "e876522659012ef2e73834a0b9f1cbe3f74d5fad",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"lessThan": "b5a8bc47aa0a4aa8bca5466dfa2d12dbb5b3cd0c",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"lessThan": "82736bb83fb0221319c85c2e9917d0189cd84e1e",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"lessThan": "cafe9a27e22736d4a01b3933e36225f9857c7988",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"lessThan": "92e5995773774a3e70257e9c95ea03518268bea5",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"status": "affected",
"version": "b06ad258e01389ca3ff13bc180f3fcd6a608f1cd",
"versionType": "git"
},
{
"status": "affected",
"version": "c4b64011e458aa2b246cd4e42012cfd83d2d9a5c",
"versionType": "git"
},
{
"status": "affected",
"version": "9b5a29f0acefa3eb1dbe2fa302b393eeff64d933",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hnae3.c",
"drivers/net/ethernet/hisilicon/hns3/hnae3.h",
"drivers/net/ethernet/hisilicon/hns3/hns3_enet.c",
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c",
"drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.10.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T13:06:33.466Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/622d92a67656e5c4d2d6ccac02d688ed995418c6"
},
{
"url": "https://git.kernel.org/stable/c/8c640dd3d900cc8988a39c007591f1deee776df4"
},
{
"url": "https://git.kernel.org/stable/c/e876522659012ef2e73834a0b9f1cbe3f74d5fad"
},
{
"url": "https://git.kernel.org/stable/c/b5a8bc47aa0a4aa8bca5466dfa2d12dbb5b3cd0c"
},
{
"url": "https://git.kernel.org/stable/c/82736bb83fb0221319c85c2e9917d0189cd84e1e"
},
{
"url": "https://git.kernel.org/stable/c/cafe9a27e22736d4a01b3933e36225f9857c7988"
},
{
"url": "https://git.kernel.org/stable/c/92e5995773774a3e70257e9c95ea03518268bea5"
}
],
"title": "net: hns3: fix oops when unload drivers paralleling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21802",
"datePublished": "2025-02-27T20:00:56.292Z",
"dateReserved": "2024-12-29T08:45:45.771Z",
"dateUpdated": "2025-05-04T13:06:33.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21805 (GCVE-0-2025-21805)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rtrs: Add missing deinit() call
A warning is triggered when repeatedly connecting and disconnecting the
rnbd:
list_add corruption. prev->next should be next (ffff88800b13e480), but was ffff88801ecd1338. (prev=ffff88801ecd1340).
WARNING: CPU: 1 PID: 36562 at lib/list_debug.c:32 __list_add_valid_or_report+0x7f/0xa0
Workqueue: ib_cm cm_work_handler [ib_cm]
RIP: 0010:__list_add_valid_or_report+0x7f/0xa0
? __list_add_valid_or_report+0x7f/0xa0
ib_register_event_handler+0x65/0x93 [ib_core]
rtrs_srv_ib_dev_init+0x29/0x30 [rtrs_server]
rtrs_ib_dev_find_or_add+0x124/0x1d0 [rtrs_core]
__alloc_path+0x46c/0x680 [rtrs_server]
? rtrs_rdma_connect+0xa6/0x2d0 [rtrs_server]
? rcu_is_watching+0xd/0x40
? __mutex_lock+0x312/0xcf0
? get_or_create_srv+0xad/0x310 [rtrs_server]
? rtrs_rdma_connect+0xa6/0x2d0 [rtrs_server]
rtrs_rdma_connect+0x23c/0x2d0 [rtrs_server]
? __lock_release+0x1b1/0x2d0
cma_cm_event_handler+0x4a/0x1a0 [rdma_cm]
cma_ib_req_handler+0x3a0/0x7e0 [rdma_cm]
cm_process_work+0x28/0x1a0 [ib_cm]
? _raw_spin_unlock_irq+0x2f/0x50
cm_req_handler+0x618/0xa60 [ib_cm]
cm_work_handler+0x71/0x520 [ib_cm]
Commit 667db86bcbe8 ("RDMA/rtrs: Register ib event handler") introduced a
new element .deinit but never used it at all. Fix it by invoking the
`deinit()` to appropriately unregister the IB event handler.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/rtrs/rtrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a79cc9bc961fafe90787f86e8f53ba6fad8d63b",
"status": "affected",
"version": "667db86bcbe82e789d82c2e8c8c40756ec2e1999",
"versionType": "git"
},
{
"lessThan": "1af2c769032b6b334cd2a867d7d8c7cbbc527b2d",
"status": "affected",
"version": "667db86bcbe82e789d82c2e8c8c40756ec2e1999",
"versionType": "git"
},
{
"lessThan": "81468c4058a62e84e475433b83b3edc613294f5e",
"status": "affected",
"version": "667db86bcbe82e789d82c2e8c8c40756ec2e1999",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/rtrs/rtrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs: Add missing deinit() call\n\nA warning is triggered when repeatedly connecting and disconnecting the\nrnbd:\n list_add corruption. prev-\u003enext should be next (ffff88800b13e480), but was ffff88801ecd1338. (prev=ffff88801ecd1340).\n WARNING: CPU: 1 PID: 36562 at lib/list_debug.c:32 __list_add_valid_or_report+0x7f/0xa0\n Workqueue: ib_cm cm_work_handler [ib_cm]\n RIP: 0010:__list_add_valid_or_report+0x7f/0xa0\n ? __list_add_valid_or_report+0x7f/0xa0\n ib_register_event_handler+0x65/0x93 [ib_core]\n rtrs_srv_ib_dev_init+0x29/0x30 [rtrs_server]\n rtrs_ib_dev_find_or_add+0x124/0x1d0 [rtrs_core]\n __alloc_path+0x46c/0x680 [rtrs_server]\n ? rtrs_rdma_connect+0xa6/0x2d0 [rtrs_server]\n ? rcu_is_watching+0xd/0x40\n ? __mutex_lock+0x312/0xcf0\n ? get_or_create_srv+0xad/0x310 [rtrs_server]\n ? rtrs_rdma_connect+0xa6/0x2d0 [rtrs_server]\n rtrs_rdma_connect+0x23c/0x2d0 [rtrs_server]\n ? __lock_release+0x1b1/0x2d0\n cma_cm_event_handler+0x4a/0x1a0 [rdma_cm]\n cma_ib_req_handler+0x3a0/0x7e0 [rdma_cm]\n cm_process_work+0x28/0x1a0 [ib_cm]\n ? _raw_spin_unlock_irq+0x2f/0x50\n cm_req_handler+0x618/0xa60 [ib_cm]\n cm_work_handler+0x71/0x520 [ib_cm]\n\nCommit 667db86bcbe8 (\"RDMA/rtrs: Register ib event handler\") introduced a\nnew element .deinit but never used it at all. Fix it by invoking the\n`deinit()` to appropriately unregister the IB event handler."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:35.428Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a79cc9bc961fafe90787f86e8f53ba6fad8d63b"
},
{
"url": "https://git.kernel.org/stable/c/1af2c769032b6b334cd2a867d7d8c7cbbc527b2d"
},
{
"url": "https://git.kernel.org/stable/c/81468c4058a62e84e475433b83b3edc613294f5e"
}
],
"title": "RDMA/rtrs: Add missing deinit() call",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21805",
"datePublished": "2025-02-27T20:00:58.290Z",
"dateReserved": "2024-12-29T08:45:45.771Z",
"dateUpdated": "2025-05-04T07:21:35.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58034 (GCVE-0-2024-58034)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 10:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
As of_find_node_by_name() release the reference of the argument device
node, tegra_emc_find_node_by_ram_code() releases some device nodes while
still in use, resulting in possible UAFs. According to the bindings and
the in-tree DTS files, the "emc-tables" node is always device's child
node with the property "nvidia,use-ram-code", and the "lpddr2" node is a
child of the "emc-tables" node. Thus utilize the
for_each_child_of_node() macro and of_get_child_by_name() instead of
of_find_node_by_name() to simplify the code.
This bug was found by an experimental verification tool that I am
developing.
[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 96e5da7c842424bcf64afe1082b960b42b96190b Version: 96e5da7c842424bcf64afe1082b960b42b96190b Version: 96e5da7c842424bcf64afe1082b960b42b96190b Version: 96e5da7c842424bcf64afe1082b960b42b96190b Version: 96e5da7c842424bcf64afe1082b960b42b96190b Version: 96e5da7c842424bcf64afe1082b960b42b96190b |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-58034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T17:59:56.831079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T18:07:17.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/memory/tegra/tegra20-emc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c3def10c610ae046aaa61d00528e7bd15e4ad8d3",
"status": "affected",
"version": "96e5da7c842424bcf64afe1082b960b42b96190b",
"versionType": "git"
},
{
"lessThan": "e9d07e91de140679eeaf275f47ad154467cb9e05",
"status": "affected",
"version": "96e5da7c842424bcf64afe1082b960b42b96190b",
"versionType": "git"
},
{
"lessThan": "c144423cb07e4e227a8572d5742ca2b36ada770d",
"status": "affected",
"version": "96e5da7c842424bcf64afe1082b960b42b96190b",
"versionType": "git"
},
{
"lessThan": "3b02273446e23961d910b50cc12528faec649fb2",
"status": "affected",
"version": "96e5da7c842424bcf64afe1082b960b42b96190b",
"versionType": "git"
},
{
"lessThan": "755e44538c190c31de9090d8e8821d228fcfd416",
"status": "affected",
"version": "96e5da7c842424bcf64afe1082b960b42b96190b",
"versionType": "git"
},
{
"lessThan": "b9784e5cde1f9fb83661a70e580e381ae1264d12",
"status": "affected",
"version": "96e5da7c842424bcf64afe1082b960b42b96190b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/memory/tegra/tegra20-emc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:08:41.276Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c3def10c610ae046aaa61d00528e7bd15e4ad8d3"
},
{
"url": "https://git.kernel.org/stable/c/e9d07e91de140679eeaf275f47ad154467cb9e05"
},
{
"url": "https://git.kernel.org/stable/c/c144423cb07e4e227a8572d5742ca2b36ada770d"
},
{
"url": "https://git.kernel.org/stable/c/3b02273446e23961d910b50cc12528faec649fb2"
},
{
"url": "https://git.kernel.org/stable/c/755e44538c190c31de9090d8e8821d228fcfd416"
},
{
"url": "https://git.kernel.org/stable/c/b9784e5cde1f9fb83661a70e580e381ae1264d12"
}
],
"title": "memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-58034",
"datePublished": "2025-02-27T20:00:52.226Z",
"dateReserved": "2025-02-27T02:16:34.052Z",
"dateUpdated": "2025-05-04T10:08:41.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…