Report Name: Linux Patch Wednesday April 2025
Generated: 2025-04-30 17:08:18
Product Name | Prevalence | U | C | H | M | L | A | Comment |
---|---|---|---|---|---|---|---|---|
Linux Kernel | 0.9 | 99 | 65 | 164 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |||
.NET Core | 0.8 | 1 | 1 | .NET Core | ||||
Chromium | 0.8 | 5 | 5 | 10 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |||
GLPI | 0.8 | 3 | 3 | 6 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |||
Mozilla Firefox | 0.8 | 3 | 3 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | ||||
Netty | 0.8 | 1 | 1 | Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients | ||||
PHP | 0.8 | 1 | 1 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | ||||
Safari | 0.8 | 1 | 7 | 8 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |||
MariaDB | 0.7 | 1 | 1 | MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system, intended to remain free and open-source software under the GNU General Public License | ||||
MediaWiki | 0.7 | 4 | 1 | 5 | MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL) | |||
Exim | 0.6 | 1 | 1 | 2 | Exim is a mail transfer agent (MTA) used on Unix-like operating systems | |||
Libsoup | 0.6 | 1 | 4 | 5 | libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools. | |||
MongoDB | 0.6 | 1 | 1 | 2 | MongoDB is a source-available, cross-platform, document-oriented database program | |||
Nextcloud | 0.6 | 1 | 1 | Nextcloud server is a self hosted personal cloud system | ||||
Nokogiri | 0.6 | 1 | 1 | Nokogiri is an open source XML and HTML library for the Ruby programming language | ||||
Oracle Java SE | 0.6 | 3 | 3 | Oracle Java SE | ||||
Perl | 0.6 | 1 | 1 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | ||||
Vault | 0.6 | 1 | 1 | Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing | ||||
Opensearch | 0.5 | 1 | 3 | 4 | Product detected by a:amazon:opensearch (exists in CPE dict) | |||
TLS | 0.5 | 1 | 1 | TLS | ||||
smartdns | 0.5 | 2 | 2 | Product detected by a:pymumu:smartdns (does NOT exist in CPE dict) | ||||
Git | 0.4 | 1 | 1 | Git | ||||
GitHub | 0.2 | 1 | 1 | GitHub, Inc. is an Internet hosting service for software development and version control using Git | ||||
Unknown Product | 0 | 16 | 10 | 26 | Unknown Product |
Vulnerability Type | Criticality | U | C | H | M | L | A |
---|---|---|---|---|---|---|---|
Remote Code Execution | 1.0 | 2 | 1 | 3 | |||
Authentication Bypass | 0.98 | 3 | 4 | 7 | |||
Code Injection | 0.97 | 2 | 2 | ||||
Command Injection | 0.97 | 1 | 1 | ||||
Security Feature Bypass | 0.9 | 4 | 4 | 8 | |||
Elevation of Privilege | 0.85 | 1 | 1 | 2 | |||
Information Disclosure | 0.83 | 1 | 8 | 9 | |||
Cross Site Scripting | 0.8 | 9 | 9 | ||||
Denial of Service | 0.7 | 3 | 10 | 3 | 16 | ||
Path Traversal | 0.7 | 2 | 2 | ||||
Incorrect Calculation | 0.5 | 6 | 6 | ||||
Memory Corruption | 0.5 | 3 | 73 | 2 | 78 | ||
Spoofing | 0.4 | 3 | 3 | ||||
Unknown Vulnerability Type | 0 | 33 | 72 | 105 |
Source | U | C | H | M | L | A |
---|---|---|---|---|---|---|
almalinux | 5 | 10 | 1 | 16 | ||
debian | 11 | 77 | 33 | 121 | ||
oraclelinux | 5 | 12 | 1 | 18 | ||
redhat | 5 | 14 | 1 | 20 | ||
redos | 2 | 7 | 16 | 2 | 27 | |
ubuntu | 5 | 78 | 45 | 128 |
1. Code Injection - Exim (CVE-2025-26794) - Critical [689]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:OSCARBATAILLE:CVE-2025-26794, Vulners:PublicExploit:1337DAY-ID-39931, Vulners:PublicExploit:PACKETSTORM:189388, BDU:PublicExploit websites | |
0.97 | 15 | Code Injection | |
0.6 | 14 | Exim is a mail transfer agent (MTA) used on Unix-like operating systems | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
1.0 | 10 | EPSS Probability is 0.42904, EPSS Percentile is 0.97284 |
redos: CVE-2025-26794 was patched at 2025-04-03
2. Code Injection - MariaDB (CVE-2023-39593) - Critical [635]
Description: Insecure permissions in the sys_exec function of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:ANT1SEC-OPS:CVE-2023-39593, BDU:PublicExploit websites | |
0.97 | 15 | Code Injection | |
0.7 | 14 | MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system, intended to remain free and open-source software under the GNU General Public License | |
0.6 | 10 | CVSS Base Score is 5.6. According to NVD data source | |
0.6 | 10 | EPSS Probability is 0.00358, EPSS Percentile is 0.57047 |
redos: CVE-2023-39593 was patched at 2025-03-26
3. Information Disclosure - GLPI (CVE-2025-21626) - High [591]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00081, EPSS Percentile is 0.24982 |
redos: CVE-2025-21626 was patched at 2025-04-02
4. Security Feature Bypass - GLPI (CVE-2025-23024) - High [555]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00034, EPSS Percentile is 0.08304 |
redos: CVE-2025-23024 was patched at 2025-04-02
5. Denial of Service - Perl (CVE-2024-56406) - High [546]
Description: A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.9 | 10 | CVSS Base Score is 8.6. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00038, EPSS Percentile is 0.10712 |
debian: CVE-2024-56406 was patched at 2025-04-13, 2025-04-23
ubuntu: CVE-2024-56406 was patched at 2025-04-14, 2025-04-23
6. Memory Corruption - Mozilla Firefox (CVE-2025-3028) - High [544]
Description: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:bugzilla.mozilla.org website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00109, EPSS Percentile is 0.30521 |
almalinux: CVE-2025-3028 was patched at 2025-04-03, 2025-04-24
debian: CVE-2025-3028 was patched at 2025-04-02, 2025-04-03, 2025-04-23
oraclelinux: CVE-2025-3028 was patched at 2025-04-03, 2025-04-22, 2025-04-24
redhat: CVE-2025-3028 was patched at 2025-04-03, 2025-04-07, 2025-04-23, 2025-04-24
redos: CVE-2025-3028 was patched at 2025-04-17
7. Memory Corruption - Chromium (CVE-2025-2476) - High [526]
Description: Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.8 | 10 | EPSS Probability is 0.02587, EPSS Percentile is 0.8472 |
debian: CVE-2025-2476 was patched at 2025-03-20, 2025-04-23
redos: CVE-2025-2476 was patched at 2025-04-24
8. Command Injection - Nextcloud (CVE-2022-24838) - High [499]
Description: Nextcloud Calendar is a calendar application for the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Command Injection | |
0.6 | 14 | Nextcloud server is a self hosted personal cloud system | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.9 | 10 | EPSS Probability is 0.06027, EPSS Percentile is 0.90165 |
redos: CVE-2022-24838 was patched at 2025-03-26
9. Memory Corruption - Libsoup (CVE-2025-32050) - High [486]
Description: A flaw was found in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.6 | 14 | libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools. | |
0.6 | 10 | CVSS Base Score is 5.9. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16391 |
debian: CVE-2025-32050 was patched at 2025-04-23
ubuntu: CVE-2025-32050 was patched at 2025-04-10
10. Remote Code Execution - PHP (CVE-2024-11235) - High [478]
Description: In
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.9 | 10 | CVSS Base Score is 9.2. According to Vulners data source | |
0.5 | 10 | EPSS Probability is 0.00269, EPSS Percentile is 0.50065 |
ubuntu: CVE-2024-11235 was patched at 2025-03-31
11. Denial of Service - .NET Core (CVE-2025-26682) - High [448]
Description: Allocation of resources without limits or throttling in ASP.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | .NET Core | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.8 | 10 | EPSS Probability is 0.0214, EPSS Percentile is 0.83232 |
ubuntu: CVE-2025-26682 was patched at 2025-04-08
12. Security Feature Bypass - Chromium (CVE-2025-3068) - High [436]
Description: Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00086, EPSS Percentile is 0.26054 |
debian: CVE-2025-3068 was patched at 2025-04-03, 2025-04-23
13. Security Feature Bypass - Chromium (CVE-2025-3069) - High [436]
Description: Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00086, EPSS Percentile is 0.26202 |
almalinux: CVE-2025-30691 was patched at 2025-04-16
almalinux: CVE-2025-30698 was patched at 2025-04-16
debian: CVE-2025-3069 was patched at 2025-04-03, 2025-04-23
debian: CVE-2025-30691 was patched at 2025-04-23
debian: CVE-2025-30698 was patched at 2025-04-23
oraclelinux: CVE-2025-30691 was patched at 2025-04-17
oraclelinux: CVE-2025-30698 was patched at 2025-04-17
redhat: CVE-2025-30691 was patched at 2025-04-16
redhat: CVE-2025-30698 was patched at 2025-04-16
14. Remote Code Execution - Mozilla Firefox (CVE-2025-3030) - High [430]
Description: Memory safety bugs present in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.8 | 10 | CVSS Base Score is 8.1. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.0007, EPSS Percentile is 0.22185 |
almalinux: CVE-2025-3030 was patched at 2025-04-03, 2025-04-24
debian: CVE-2025-3030 was patched at 2025-04-02, 2025-04-03, 2025-04-23
oraclelinux: CVE-2025-3030 was patched at 2025-04-03, 2025-04-22, 2025-04-24
redhat: CVE-2025-3030 was patched at 2025-04-03, 2025-04-07, 2025-04-23, 2025-04-24
15. Authentication Bypass - GLPI (CVE-2025-23046) - High [427]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00066, EPSS Percentile is 0.21093 |
redos: CVE-2025-23046 was patched at 2025-04-02
16. Authentication Bypass - Mozilla Firefox (CVE-2025-3029) - High [427]
Description: A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.7 | 10 | CVSS Base Score is 7.3. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00091, EPSS Percentile is 0.2718 |
almalinux: CVE-2025-3029 was patched at 2025-04-03, 2025-04-24
debian: CVE-2025-3029 was patched at 2025-04-02, 2025-04-03, 2025-04-23
oraclelinux: CVE-2025-3029 was patched at 2025-04-03, 2025-04-22, 2025-04-24
redhat: CVE-2025-3029 was patched at 2025-04-03, 2025-04-07, 2025-04-23, 2025-04-24
17. Elevation of Privilege - Chromium (CVE-2025-3067) - High [427]
Description: Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00083, EPSS Percentile is 0.25375 |
debian: CVE-2025-3067 was patched at 2025-04-03, 2025-04-23
18. Authentication Bypass - Opensearch (CVE-2023-23612) - High [401]
Description: OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and trailing whitespace is trimmed, allowing users to potentially claim roles they are not assigned to if any role matches the whitespace-stripped version of the roles they are a member of. This issue is only present for authenticated users, and it requires either the existence of roles that match, not considering leading/trailing whitespace, or the ability for users to create said matching roles. In addition, the Identity Provider must allow leading and trailing spaces in role names. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. There are no known workarounds for this issue.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.5 | 14 | Product detected by a:amazon:opensearch (exists in CPE dict) | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00093, EPSS Percentile is 0.27635 |
redos: CVE-2023-23612 was patched at 2025-04-03
19. Denial of Service - Safari (CVE-2024-54551) - High [401]
Description: The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00182, EPSS Percentile is 0.40568 |
almalinux: CVE-2024-54551 was patched at 2025-04-08, 2025-04-17
debian: CVE-2024-54551 was patched at 2025-04-10, 2025-04-23
oraclelinux: CVE-2024-54551 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2024-54551 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2024-54551 was patched at 2025-04-14
20. Security Feature Bypass - Chromium (CVE-2025-3070) - High [401]
Description: Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00064, EPSS Percentile is 0.20364 |
debian: CVE-2025-3070 was patched at 2025-04-03, 2025-04-23
21. Information Disclosure - GLPI (CVE-2025-25192) - Medium [388]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00051, EPSS Percentile is 0.15824 |
redos: CVE-2025-25192 was patched at 2025-04-02
22. Path Traversal - GLPI (CVE-2025-27147) - Medium [377]
Description: The
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Path Traversal | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.8 | 10 | CVSS Base Score is 8.2. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.19101 |
redos: CVE-2025-27147 was patched at 2025-04-03
23. Information Disclosure - Safari (CVE-2024-54467) - Medium [376]
Description: A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.1107 |
almalinux: CVE-2024-54467 was patched at 2025-04-08, 2025-04-17
debian: CVE-2024-54467 was patched at 2025-03-23, 2025-04-23
oraclelinux: CVE-2024-54467 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2024-54467 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2024-54467 was patched at 2025-03-31
24. Cross Site Scripting - GLPI (CVE-2025-21627) - Medium [371]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00058, EPSS Percentile is 0.18319 |
redos: CVE-2025-21627 was patched at 2025-04-02
25. Authentication Bypass - Oracle Java SE (CVE-2025-21587) - Medium [370]
Description: Vulnerability in the Oracle
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.6 | 14 | Oracle Java SE | |
0.7 | 10 | CVSS Base Score is 7.4. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.11123 |
almalinux: CVE-2025-21587 was patched at 2025-04-16
debian: CVE-2025-21587 was patched at 2025-04-23
oraclelinux: CVE-2025-21587 was patched at 2025-04-17
redhat: CVE-2025-21587 was patched at 2025-04-16
26. Memory Corruption - Chromium (CVE-2025-3066) - Medium [365]
Description: Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.31139 |
debian: CVE-2025-3066 was patched at 2025-04-09, 2025-04-23
27. Information Disclosure - Opensearch (CVE-2023-23613) - Medium [362]
Description: OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their auto-generated .keyword fields. This issue is only present for authenticated users with read access to the indexes containing the restricted fields. This may expose data which may otherwise not be accessible to the user. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. Users unable to upgrade may write explicit exclusion rules as a workaround. Policies authored in this way are not subject to this issue.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | Product detected by a:amazon:opensearch (exists in CPE dict) | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00191, EPSS Percentile is 0.41528 |
redos: CVE-2023-23613 was patched at 2025-04-03
28. Cross Site Scripting - Safari (CVE-2025-24208) - Medium [359]
Description: A permissions issue was addressed with additional restrictions. This issue is fixed in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.1285 |
almalinux: CVE-2025-24208 was patched at 2025-04-08, 2025-04-17
debian: CVE-2025-24208 was patched at 2025-04-10, 2025-04-23
oraclelinux: CVE-2025-24208 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2025-24208 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2025-24208 was patched at 2025-04-14
29. Authentication Bypass - Oracle Java SE (CVE-2025-30698) - Medium [358]
Description: Vulnerability in the Oracle
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.6 | 14 | Oracle Java SE | |
0.6 | 10 | CVSS Base Score is 5.6. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00047, EPSS Percentile is 0.1438 |
almalinux: CVE-2025-30698 was patched at 2025-04-16
debian: CVE-2025-30698 was patched at 2025-04-23
oraclelinux: CVE-2025-30698 was patched at 2025-04-17
redhat: CVE-2025-30698 was patched at 2025-04-16
30. Denial of Service - Linux Kernel (CVE-2024-56649) - Medium [358]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00029, EPSS Percentile is 0.06488 |
ubuntu: CVE-2024-56649 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
31. Elevation of Privilege - Exim (CVE-2025-30232) - Medium [358]
Description: A use-after-free in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.6 | 14 | Exim is a mail transfer agent (MTA) used on Unix-like operating systems | |
0.8 | 10 | CVSS Base Score is 8.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06322 |
debian: CVE-2025-30232 was patched at 2025-03-26, 2025-04-23
redos: CVE-2025-30232 was patched at 2025-04-17
ubuntu: CVE-2025-30232 was patched at 2025-03-26
32. Denial of Service - Safari (CVE-2024-44192) - Medium [353]
Description: The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00037, EPSS Percentile is 0.10113 |
almalinux: CVE-2024-44192 was patched at 2025-04-08, 2025-04-17
debian: CVE-2024-44192 was patched at 2025-03-23, 2025-04-23
oraclelinux: CVE-2024-44192 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2024-44192 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2024-44192 was patched at 2025-03-31
33. Security Feature Bypass - Chromium (CVE-2025-3071) - Medium [353]
Description: Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00013, EPSS Percentile is 0.01359 |
debian: CVE-2025-3071 was patched at 2025-04-03, 2025-04-23
34. Information Disclosure - Opensearch (CVE-2023-25806) - Medium [350]
Description: OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | Product detected by a:amazon:opensearch (exists in CPE dict) | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00227, EPSS Percentile is 0.45468 |
redos: CVE-2023-25806 was patched at 2025-04-03
35. Authentication Bypass - Oracle Java SE (CVE-2025-30691) - Medium [346]
Description: Vulnerability in Oracle
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.6 | 14 | Oracle Java SE | |
0.5 | 10 | CVSS Base Score is 4.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00035, EPSS Percentile is 0.0872 |
almalinux: CVE-2025-30691 was patched at 2025-04-16
debian: CVE-2025-30691 was patched at 2025-04-23
oraclelinux: CVE-2025-30691 was patched at 2025-04-17
redhat: CVE-2025-30691 was patched at 2025-04-16
36. Memory Corruption - Linux Kernel (CVE-2024-56561) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05375 |
ubuntu: CVE-2024-56561 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24
37. Memory Corruption - Linux Kernel (CVE-2024-56652) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05375 |
ubuntu: CVE-2024-56652 was patched at 2025-03-27, 2025-04-01
38. Memory Corruption - Linux Kernel (CVE-2024-56653) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00038, EPSS Percentile is 0.10696 |
ubuntu: CVE-2024-56653 was patched at 2025-03-27, 2025-04-01
39. Memory Corruption - Linux Kernel (CVE-2024-56669) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05375 |
ubuntu: CVE-2024-56669 was patched at 2025-03-27, 2025-04-01
40. Memory Corruption - Linux Kernel (CVE-2025-21652) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06048 |
ubuntu: CVE-2025-21652 was patched at 2025-03-27, 2025-04-01
41. Memory Corruption - Libsoup (CVE-2025-2784) - Medium [344]
Description: A flaw was found in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.6 | 14 | libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools. | |
0.7 | 10 | CVSS Base Score is 7.0. According to NVD data source | |
0.6 | 10 | EPSS Probability is 0.00491, EPSS Percentile is 0.64262 |
debian: CVE-2025-2784 was patched at 2025-04-23
ubuntu: CVE-2025-2784 was patched at 2025-04-10
42. Denial of Service - Netty (CVE-2024-47535) - Medium [341]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.1091 |
redhat: CVE-2024-47535 was patched at 2025-03-27, 2025-04-01
43. Memory Corruption - Safari (CVE-2025-24209) - Medium [341]
Description: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.7 | 10 | CVSS Base Score is 7.0. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.0011, EPSS Percentile is 0.30555 |
almalinux: CVE-2025-24209 was patched at 2025-04-08, 2025-04-17
debian: CVE-2025-24209 was patched at 2025-04-10, 2025-04-23
oraclelinux: CVE-2025-24209 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2025-24209 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2025-24209 was patched at 2025-04-14
44. Denial of Service - TLS (CVE-2025-2704) - Medium [339]
Description: OpenVPN version 2.6.1 through 2.6.13 in server mode using
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | TLS | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00096, EPSS Percentile is 0.28164 |
debian: CVE-2025-2704 was patched at 2025-04-23
ubuntu: CVE-2025-2704 was patched at 2025-04-03
45. Memory Corruption - Linux Kernel (CVE-2024-53185) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00018, EPSS Percentile is 0.0306 |
redos: CVE-2024-53185 was patched at 2025-04-09
ubuntu: CVE-2024-53185 was patched at 2025-04-23, 2025-04-24
46. Memory Corruption - Linux Kernel (CVE-2024-56635) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00023, EPSS Percentile is 0.0438 |
ubuntu: CVE-2024-56635 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
47. Memory Corruption - Linux Kernel (CVE-2024-56764) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03282 |
ubuntu: CVE-2024-56764 was patched at 2025-03-27, 2025-04-01
48. Memory Corruption - Linux Kernel (CVE-2024-56772) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03282 |
ubuntu: CVE-2024-56772 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
49. Memory Corruption - Linux Kernel (CVE-2024-57801) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03988 |
ubuntu: CVE-2024-57801 was patched at 2025-03-27, 2025-04-01
50. Memory Corruption - Linux Kernel (CVE-2024-57926) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03988 |
ubuntu: CVE-2024-57926 was patched at 2025-03-27, 2025-04-01
51. Memory Corruption - Linux Kernel (CVE-2025-21633) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03282 |
ubuntu: CVE-2025-21633 was patched at 2025-03-27, 2025-04-01
52. Memory Corruption - Linux Kernel (CVE-2025-21650) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03282 |
ubuntu: CVE-2025-21650 was patched at 2025-03-27, 2025-04-01
53. Memory Corruption - Linux Kernel (CVE-2025-21867) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00013, EPSS Percentile is 0.01442 |
debian: CVE-2025-21867 was patched at 2025-04-12, 2025-04-23
54. Memory Corruption - Linux Kernel (CVE-2025-21887) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00012, EPSS Percentile is 0.01084 |
debian: CVE-2025-21887 was patched at 2025-04-12, 2025-04-23
55. Memory Corruption - Linux Kernel (CVE-2025-21919) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00014, EPSS Percentile is 0.0152 |
debian: CVE-2025-21919 was patched at 2025-04-12, 2025-04-23
56. Memory Corruption - Linux Kernel (CVE-2025-21928) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00014, EPSS Percentile is 0.01704 |
debian: CVE-2025-21928 was patched at 2025-04-12, 2025-04-23
57. Memory Corruption - Linux Kernel (CVE-2025-21934) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00014, EPSS Percentile is 0.01704 |
debian: CVE-2025-21934 was patched at 2025-04-12, 2025-04-23
58. Memory Corruption - Linux Kernel (CVE-2025-21945) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00012, EPSS Percentile is 0.01057 |
debian: CVE-2025-21945 was patched at 2025-04-12, 2025-04-23
59. Memory Corruption - Linux Kernel (CVE-2025-21968) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00012, EPSS Percentile is 0.0107 |
debian: CVE-2025-21968 was patched at 2025-04-12, 2025-04-23
60. Memory Corruption - Linux Kernel (CVE-2025-21979) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00012, EPSS Percentile is 0.01057 |
debian: CVE-2025-21979 was patched at 2025-04-12, 2025-04-23
61. Memory Corruption - Linux Kernel (CVE-2025-21999) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00013, EPSS Percentile is 0.01441 |
debian: CVE-2025-21999 was patched at 2025-04-12, 2025-04-23
62. Memory Corruption - Linux Kernel (CVE-2025-22004) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00013, EPSS Percentile is 0.01441 |
debian: CVE-2025-22004 was patched at 2025-04-12, 2025-04-23
63. Security Feature Bypass - Linux Kernel (CVE-2025-21877) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.19332 |
debian: CVE-2025-21877 was patched at 2025-04-12, 2025-04-23
64. Information Disclosure - MediaWiki (CVE-2025-32698) - Medium [324]
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.7 | 14 | MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL) | |
0.2 | 10 | CVSS Base Score is 2.1. According to Vulners data source | |
0.3 | 10 | EPSS Probability is 0.00083, EPSS Percentile is 0.2534 |
debian: CVE-2025-32698 was patched at 2025-04-13, 2025-04-23
65. Memory Corruption - Linux Kernel (CVE-2024-56577) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00029, EPSS Percentile is 0.06488 |
ubuntu: CVE-2024-56577 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
66. Memory Corruption - Linux Kernel (CVE-2024-56580) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05344 |
ubuntu: CVE-2024-56580 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
67. Memory Corruption - Linux Kernel (CVE-2024-56613) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00029, EPSS Percentile is 0.06488 |
ubuntu: CVE-2024-56613 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
68. Memory Corruption - Linux Kernel (CVE-2024-56617) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00029, EPSS Percentile is 0.06488 |
ubuntu: CVE-2024-56617 was patched at 2025-03-27, 2025-04-01
69. Memory Corruption - Linux Kernel (CVE-2024-56620) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00029, EPSS Percentile is 0.06488 |
ubuntu: CVE-2024-56620 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
70. Memory Corruption - Linux Kernel (CVE-2024-56621) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00029, EPSS Percentile is 0.06488 |
ubuntu: CVE-2024-56621 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
71. Memory Corruption - Linux Kernel (CVE-2024-56646) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05344 |
ubuntu: CVE-2024-56646 was patched at 2025-03-27, 2025-04-01
72. Memory Corruption - Linux Kernel (CVE-2024-56667) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00029, EPSS Percentile is 0.06488 |
ubuntu: CVE-2024-56667 was patched at 2025-03-27, 2025-04-01
73. Memory Corruption - Linux Kernel (CVE-2025-21905) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.7 | 10 | CVSS Base Score is 7.1. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00014, EPSS Percentile is 0.01704 |
debian: CVE-2025-21905 was patched at 2025-04-12, 2025-04-23
74. Memory Corruption - Linux Kernel (CVE-2025-21917) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06291 |
debian: CVE-2025-21917 was patched at 2025-04-12, 2025-04-23
75. Memory Corruption - Linux Kernel (CVE-2025-21920) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.7 | 10 | CVSS Base Score is 7.1. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00014, EPSS Percentile is 0.01704 |
debian: CVE-2025-21920 was patched at 2025-04-12, 2025-04-23
76. Memory Corruption - Linux Kernel (CVE-2025-21993) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.7 | 10 | CVSS Base Score is 7.1. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00014, EPSS Percentile is 0.01704 |
debian: CVE-2025-21993 was patched at 2025-04-12, 2025-04-23
ubuntu: CVE-2025-21993 was patched at 2025-04-23, 2025-04-24, 2025-04-25, 2025-04-28
77. Denial of Service - Libsoup (CVE-2025-32051) - Medium [320]
Description: A flaw was found in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.6 | 14 | libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools. | |
0.6 | 10 | CVSS Base Score is 5.9. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16327 |
debian: CVE-2025-32051 was patched at 2025-04-23
ubuntu: CVE-2025-32051 was patched at 2025-04-10
78. Memory Corruption - Safari (CVE-2025-24213) - Medium [317]
Description: This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00018, EPSS Percentile is 0.03061 |
debian: CVE-2025-24213 was patched at 2025-04-10, 2025-04-23
ubuntu: CVE-2025-24213 was patched at 2025-04-14
79. Cross Site Scripting - Nokogiri (CVE-2024-53985) - Medium [314]
Description: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.6 | 14 | Nokogiri is an open source XML and HTML library for the Ruby programming language | |
0.2 | 10 | CVSS Base Score is 2.3. According to Vulners data source | |
0.4 | 10 | EPSS Probability is 0.00147, EPSS Percentile is 0.36319 |
redos: CVE-2024-53985 was patched at 2025-04-02
80. Incorrect Calculation - Linux Kernel (CVE-2024-57919) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2024-57919 was patched at 2025-03-27, 2025-04-01
81. Incorrect Calculation - Linux Kernel (CVE-2025-21898) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03875 |
debian: CVE-2025-21898 was patched at 2025-04-12, 2025-04-23
82. Incorrect Calculation - Linux Kernel (CVE-2025-21962) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02545 |
debian: CVE-2025-21962 was patched at 2025-04-12, 2025-04-23
83. Incorrect Calculation - Linux Kernel (CVE-2025-21963) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02545 |
debian: CVE-2025-21963 was patched at 2025-04-12, 2025-04-23
84. Incorrect Calculation - Linux Kernel (CVE-2025-21964) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02545 |
debian: CVE-2025-21964 was patched at 2025-04-12, 2025-04-23
85. Incorrect Calculation - Linux Kernel (CVE-2025-21997) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02506 |
debian: CVE-2025-21997 was patched at 2025-04-12, 2025-04-23
86. Memory Corruption - Linux Kernel (CVE-2024-48873) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03966 |
ubuntu: CVE-2024-48873 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
87. Memory Corruption - Linux Kernel (CVE-2024-56711) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2024-56711 was patched at 2025-03-27, 2025-04-01
88. Memory Corruption - Linux Kernel (CVE-2024-56773) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2024-56773 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
89. Memory Corruption - Linux Kernel (CVE-2024-57799) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2024-57799 was patched at 2025-03-27, 2025-04-01
90. Memory Corruption - Linux Kernel (CVE-2024-57881) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2024-57881 was patched at 2025-03-27, 2025-04-01
91. Memory Corruption - Linux Kernel (CVE-2024-57933) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03966 |
ubuntu: CVE-2024-57933 was patched at 2025-03-27, 2025-04-01
92. Memory Corruption - Linux Kernel (CVE-2024-57944) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2024-57944 was patched at 2025-03-27, 2025-04-01
93. Memory Corruption - Linux Kernel (CVE-2025-21642) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03966 |
ubuntu: CVE-2025-21642 was patched at 2025-03-27, 2025-04-01
94. Memory Corruption - Linux Kernel (CVE-2025-21644) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2025-21644 was patched at 2025-03-27, 2025-04-01
95. Memory Corruption - Linux Kernel (CVE-2025-21661) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2025-21661 was patched at 2025-03-27, 2025-04-01
96. Memory Corruption - Linux Kernel (CVE-2025-21904) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03875 |
debian: CVE-2025-21904 was patched at 2025-04-12, 2025-04-23
97. Memory Corruption - Linux Kernel (CVE-2025-21918) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02506 |
debian: CVE-2025-21918 was patched at 2025-04-12, 2025-04-23
98. Memory Corruption - Linux Kernel (CVE-2025-21936) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02506 |
debian: CVE-2025-21936 was patched at 2025-04-12, 2025-04-23
99. Memory Corruption - Linux Kernel (CVE-2025-21937) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02506 |
debian: CVE-2025-21937 was patched at 2025-04-12, 2025-04-23
100. Memory Corruption - Linux Kernel (CVE-2025-21941) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02545 |
debian: CVE-2025-21941 was patched at 2025-04-12, 2025-04-23
101. Memory Corruption - Linux Kernel (CVE-2025-21948) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03875 |
debian: CVE-2025-21948 was patched at 2025-04-12, 2025-04-23
102. Memory Corruption - Linux Kernel (CVE-2025-21957) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03875 |
debian: CVE-2025-21957 was patched at 2025-04-12, 2025-04-23
103. Memory Corruption - Linux Kernel (CVE-2025-21980) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02506 |
debian: CVE-2025-21980 was patched at 2025-04-12, 2025-04-23
104. Memory Corruption - Linux Kernel (CVE-2025-21981) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.02545 |
debian: CVE-2025-21981 was patched at 2025-04-12, 2025-04-23
105. Memory Corruption - Linux Kernel (CVE-2025-22007) - Medium [310]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00013, EPSS Percentile is 0.01385 |
debian: CVE-2025-22007 was patched at 2025-04-12, 2025-04-23
106. Information Disclosure - Unknown Product (CVE-2025-31492) - Medium [302]
Description: {'nvd_cve_data_all': 'mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 8.2. According to Vulners data source | |
0.5 | 10 | EPSS Probability is 0.00237, EPSS Percentile is 0.46553 |
almalinux: CVE-2025-31492 was patched at 2025-04-17
debian: CVE-2025-31492 was patched at 2025-04-17, 2025-04-23
oraclelinux: CVE-2025-31492 was patched at 2025-04-22
redhat: CVE-2025-31492 was patched at 2025-04-16, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2025-31492 was patched at 2025-04-23
107. Security Feature Bypass - MediaWiki (CVE-2025-32696) - Medium [301]
Description: Improper Preservation of Permissions vulnerability in Wikimedia Foundation
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL) | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.16437 |
debian: CVE-2025-32696 was patched at 2025-04-13, 2025-04-23
108. Security Feature Bypass - MediaWiki (CVE-2025-32697) - Medium [301]
Description: Improper Preservation of Permissions vulnerability in Wikimedia Foundation
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL) | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.15409 |
debian: CVE-2025-32697 was patched at 2025-04-13, 2025-04-23
109. Denial of Service - Linux Kernel (CVE-2025-21925) - Medium [298]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21925 was patched at 2025-04-12, 2025-04-23
110. Memory Corruption - Git (CVE-2025-31115) - Medium [298]
Description: XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.4 | 14 | Git | |
0.9 | 10 | CVSS Base Score is 8.7. According to Vulners data source | |
0.3 | 10 | EPSS Probability is 0.00117, EPSS Percentile is 0.3178 |
debian: CVE-2025-31115 was patched at 2025-04-05, 2025-04-23
ubuntu: CVE-2025-31115 was patched at 2025-04-03
111. Memory Corruption - Linux Kernel (CVE-2024-57934) - Medium [298]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.5 | 10 | CVSS Base Score is 4.7. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2024-57934 was patched at 2025-03-27, 2025-04-01
112. Memory Corruption - Linux Kernel (CVE-2025-21947) - Medium [298]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.5 | 10 | CVSS Base Score is 4.7. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00015, EPSS Percentile is 0.01956 |
debian: CVE-2025-21947 was patched at 2025-04-12, 2025-04-23
113. Cross Site Scripting - MediaWiki (CVE-2025-3469) - Medium [295]
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.7 | 14 | MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL) | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.3 | 10 | EPSS Probability is 0.00093, EPSS Percentile is 0.27492 |
debian: CVE-2025-3469 was patched at 2025-04-13, 2025-04-23
114. Memory Corruption - Safari (CVE-2025-24216) - Medium [294]
Description: The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00066, EPSS Percentile is 0.20822 |
almalinux: CVE-2025-24216 was patched at 2025-04-08, 2025-04-17
debian: CVE-2025-24216 was patched at 2025-04-10, 2025-04-23
oraclelinux: CVE-2025-24216 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2025-24216 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2025-24216 was patched at 2025-04-14
115. Memory Corruption - Safari (CVE-2025-30427) - Medium [294]
Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00079, EPSS Percentile is 0.24454 |
almalinux: CVE-2025-30427 was patched at 2025-04-08, 2025-04-17
debian: CVE-2025-30427 was patched at 2025-04-10, 2025-04-23
oraclelinux: CVE-2025-30427 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2025-30427 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2025-30427 was patched at 2025-04-14
116. Spoofing - Chromium (CVE-2025-3072) - Medium [288]
Description: Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00066, EPSS Percentile is 0.20892 |
debian: CVE-2025-3072 was patched at 2025-04-03, 2025-04-23
117. Spoofing - Chromium (CVE-2025-3073) - Medium [288]
Description: Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00066, EPSS Percentile is 0.20892 |
debian: CVE-2025-3073 was patched at 2025-04-03, 2025-04-23
118. Spoofing - Chromium (CVE-2025-3074) - Medium [288]
Description: Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00066, EPSS Percentile is 0.20892 |
debian: CVE-2025-3074 was patched at 2025-04-03, 2025-04-23
119. Memory Corruption - Linux Kernel (CVE-2024-56710) - Medium [286]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.3 | 10 | CVSS Base Score is 3.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06025 |
ubuntu: CVE-2024-56710 was patched at 2025-03-27, 2025-04-01
120. Remote Code Execution - Unknown Product (CVE-2025-30219) - Medium [285]
Description: {'nvd_cve_data_all': 'RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions will display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions\nwill display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.0011, EPSS Percentile is 0.30666 |
debian: CVE-2025-30219 was patched at 2025-04-23
ubuntu: CVE-2025-30219 was patched at 2025-03-31
121. Information Disclosure - GitHub (CVE-2024-53859) - Medium [276]
Description: go-gh is a Go module for interacting with the `gh` utility and the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.2 | 14 | GitHub, Inc. is an Internet hosting service for software development and version control using Git | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00031, EPSS Percentile is 0.07217 |
ubuntu: CVE-2024-53859 was patched at 2025-03-20
122. Authentication Bypass - Unknown Product (CVE-2025-23367) - Medium [270]
Description: {'nvd_cve_data_all': 'A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. \nThe vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0 | 14 | Unknown Product | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.09236 |
redhat: CVE-2025-23367 was patched at 2025-04-01
123. Denial of Service - Unknown Product (CVE-2024-42643) - Medium [267]
Description: {'nvd_cve_data_all': 'Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00206, EPSS Percentile is 0.43274 |
ubuntu: CVE-2024-42643 was patched at 2025-03-25
124. Unknown Vulnerability Type - Vault (CVE-2022-40186) - Medium [266]
Description: {'nvd_cve_data_all': 'An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.6 | 14 | Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing | |
0.9 | 10 | CVSS Base Score is 9.1. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00318, EPSS Percentile is 0.54038 |
redos: CVE-2022-40186 was patched at 2025-04-02
125. Memory Corruption - Linux Kernel (CVE-2025-21975) - Medium [263]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21975 was patched at 2025-04-12, 2025-04-23
126. Memory Corruption - Opensearch (CVE-2023-23933) - Medium [255]
Description: OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.5 | 14 | Product detected by a:amazon:opensearch (exists in CPE dict) | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00085, EPSS Percentile is 0.2584 |
redos: CVE-2023-23933 was patched at 2025-04-03
127. Memory Corruption - Linux Kernel (CVE-2024-51729) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-51729 was patched at 2025-03-27, 2025-04-01
128. Memory Corruption - Linux Kernel (CVE-2024-52319) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-52319 was patched at 2025-03-27, 2025-04-01
129. Memory Corruption - Linux Kernel (CVE-2024-57921) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57921 was patched at 2025-03-27, 2025-04-01
130. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21991) - Medium [245]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't have a "first CPU". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes a microcode update. I get the following splat: UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y index 512 is out of range for type 'unsigned long[512]' [...] Call Trace: dump_stack __ubsan_handle_out_of_bounds load_microcode_amd request_microcode_amd reload_store kernfs_fop_write_iter vfs_write ksys_write do_syscall_64 entry_SYSCALL_64_after_hwframe Change the loop to go over only NUMA nodes which have CPUs before determining whether the first CPU on the respective node needs microcode update. [ bp: Massage commit message, fix typo. ]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n "Some memory may share the same node as a CPU, and others are provided as\n memory only nodes."\n\nTherefore, some node CPU masks may be empty and wouldn't have a "first CPU".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n index 512 is out of range for type 'unsigned long[512]'\n [...]\n Call Trace:\n dump_stack\n __ubsan_handle_out_of_bounds\n load_microcode_amd\n request_microcode_amd\n reload_store\n kernfs_fop_write_iter\n vfs_write\n ksys_write\n do_syscall_64\n entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n [ bp: Massage commit message, fix typo. ]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00014, EPSS Percentile is 0.01704 |
debian: CVE-2025-21991 was patched at 2025-04-12, 2025-04-23
131. Denial of Service - Unknown Product (CVE-2025-30211) - Medium [244]
Description: {'nvd_cve_data_all': 'Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17983 |
debian: CVE-2025-30211 was patched at 2025-04-20, 2025-04-23
ubuntu: CVE-2025-30211 was patched at 2025-04-08
132. Memory Corruption - Unknown Product (CVE-2025-32464) - Medium [244]
Description: {'nvd_cve_data_all': 'HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0 | 14 | Unknown Product | |
0.7 | 10 | CVSS Base Score is 6.8. According to NVD data source | |
0.6 | 10 | EPSS Probability is 0.00356, EPSS Percentile is 0.56863 |
debian: CVE-2025-32464 was patched at 2025-04-23
ubuntu: CVE-2025-32464 was patched at 2025-04-10, 2025-04-23
133. Path Traversal - Unknown Product (CVE-2025-24965) - Medium [244]
Description: {'nvd_cve_data_all': 'crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Path Traversal | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 8.5. According to Vulners data source | |
0.2 | 10 | EPSS Probability is 0.00076, EPSS Percentile is 0.23614 |
redos: CVE-2025-24965 was patched at 2025-04-03
134. Unknown Vulnerability Type - MongoDB (CVE-2024-6375) - Medium [242]
Description: {'nvd_cve_data_all': 'A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.6 | 14 | MongoDB is a source-available, cross-platform, document-oriented database program | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00247, EPSS Percentile is 0.47943 |
redos: CVE-2024-6375 was patched at 2025-03-26
135. Memory Corruption - Linux Kernel (CVE-2025-22015) - Medium [239]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.0 | 10 | EPSS Probability is 0.00024, EPSS Percentile is 0.04697 |
debian: CVE-2025-22015 was patched at 2025-04-12, 2025-04-23
136. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56618) - Medium [233]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx: gpcv2: Adjust delay after power up handshake The udelay(5) is not enough, sometimes below kernel panic still be triggered: [ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt [ 4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1 [ 4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT) [ 4.012985] Call trace: [...] [ 4.013029] arm64_serror_panic+0x64/0x70 [ 4.013034] do_serror+0x3c/0x70 [ 4.013039] el1h_64_error_handler+0x30/0x54 [ 4.013046] el1h_64_error+0x64/0x68 [ 4.013050] clk_imx8mp_audiomix_runtime_resume+0x38/0x48 [ 4.013059] __genpd_runtime_resume+0x30/0x80 [ 4.013066] genpd_runtime_resume+0x114/0x29c [ 4.013073] __rpm_callback+0x48/0x1e0 [ 4.013079] rpm_callback+0x68/0x80 [ 4.013084] rpm_resume+0x3bc/0x6a0 [ 4.013089] __pm_runtime_resume+0x50/0x9c [ 4.013095] pm_runtime_get_suppliers+0x60/0x8c [ 4.013101] __driver_probe_device+0x4c/0x14c [ 4.013108] driver_probe_device+0x3c/0x120 [ 4.013114] __driver_attach+0xc4/0x200 [ 4.013119] bus_for_each_dev+0x7c/0xe0 [ 4.013125] driver_attach+0x24/0x30 [ 4.013130] bus_add_driver+0x110/0x240 [ 4.013135] driver_register+0x68/0x124 [ 4.013142] __platform_driver_register+0x24/0x30 [ 4.013149] sdma_driver_init+0x20/0x1000 [imx_sdma] [ 4.013163] do_one_initcall+0x60/0x1e0 [ 4.013168] do_init_module+0x5c/0x21c [ 4.013175] load_module+0x1a98/0x205c [ 4.013181] init_module_from_file+0x88/0xd4 [ 4.013187] __arm64_sys_finit_module+0x258/0x350 [ 4.013194] invoke_syscall.constprop.0+0x50/0xe0 [ 4.013202] do_el0_svc+0xa8/0xe0 [ 4.013208] el0_svc+0x3c/0x140 [ 4.013215] el0t_64_sync_handler+0x120/0x12c [ 4.013222] el0t_64_sync+0x190/0x194 [ 4.013228] SMP: stopping secondary CPUs The correct way is to wait handshake, but it needs BUS clock of BLK-CTL be enabled, which is in separate driver. So delay is the only option here. The udelay(10) is a data got by experiment.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx: gpcv2: Adjust delay after power up handshake\n\nThe udelay(5) is not enough, sometimes below kernel panic\nstill be triggered:\n\n[ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt\n[ 4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1\n[ 4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT)\n[ 4.012985] Call trace:\n[...]\n[ 4.013029] arm64_serror_panic+0x64/0x70\n[ 4.013034] do_serror+0x3c/0x70\n[ 4.013039] el1h_64_error_handler+0x30/0x54\n[ 4.013046] el1h_64_error+0x64/0x68\n[ 4.013050] clk_imx8mp_audiomix_runtime_resume+0x38/0x48\n[ 4.013059] __genpd_runtime_resume+0x30/0x80\n[ 4.013066] genpd_runtime_resume+0x114/0x29c\n[ 4.013073] __rpm_callback+0x48/0x1e0\n[ 4.013079] rpm_callback+0x68/0x80\n[ 4.013084] rpm_resume+0x3bc/0x6a0\n[ 4.013089] __pm_runtime_resume+0x50/0x9c\n[ 4.013095] pm_runtime_get_suppliers+0x60/0x8c\n[ 4.013101] __driver_probe_device+0x4c/0x14c\n[ 4.013108] driver_probe_device+0x3c/0x120\n[ 4.013114] __driver_attach+0xc4/0x200\n[ 4.013119] bus_for_each_dev+0x7c/0xe0\n[ 4.013125] driver_attach+0x24/0x30\n[ 4.013130] bus_add_driver+0x110/0x240\n[ 4.013135] driver_register+0x68/0x124\n[ 4.013142] __platform_driver_register+0x24/0x30\n[ 4.013149] sdma_driver_init+0x20/0x1000 [imx_sdma]\n[ 4.013163] do_one_initcall+0x60/0x1e0\n[ 4.013168] do_init_module+0x5c/0x21c\n[ 4.013175] load_module+0x1a98/0x205c\n[ 4.013181] init_module_from_file+0x88/0xd4\n[ 4.013187] __arm64_sys_finit_module+0x258/0x350\n[ 4.013194] invoke_syscall.constprop.0+0x50/0xe0\n[ 4.013202] do_el0_svc+0xa8/0xe0\n[ 4.013208] el0_svc+0x3c/0x140\n[ 4.013215] el0t_64_sync_handler+0x120/0x12c\n[ 4.013222] el0t_64_sync+0x190/0x194\n[ 4.013228] SMP: stopping secondary CPUs\n\nThe correct way is to wait handshake, but it needs BUS clock of\nBLK-CTL be enabled, which is in separate driver. So delay is the\nonly option here. The udelay(10) is a data got by experiment.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05344 |
ubuntu: CVE-2024-56618 was patched at 2025-03-27, 2025-04-01
137. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56632) - Medium [233]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix the memleak while create new ctrl failed Now while we create new ctrl failed, we have not free the tagset occupied by admin_q, here try to fix it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix the memleak while create new ctrl failed\n\nNow while we create new ctrl failed, we have not free the\ntagset occupied by admin_q, here try to fix it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05344 |
ubuntu: CVE-2024-56632 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
138. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56654) - Medium [233]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched this way shall be treated as rcu_dereference: \tNote that the value returned by rcu_dereference() is valid \tonly within the enclosing RCU read-side critical section [1]_. \tFor example, the following is **not** legal:: \t\trcu_read_lock(); \t\tp = rcu_dereference(head.next); \t\trcu_read_unlock(); \t\tx = p->address;\t/* BUG!!! */ \t\trcu_read_lock(); \t\ty = p->data;\t/* BUG!!! */ \t\trcu_read_unlock();', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix using rcu_read_(un)lock while iterating\n\nThe usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is\nnot safe since for the most part entries fetched this way shall be\ntreated as rcu_dereference:\n\n\tNote that the value returned by rcu_dereference() is valid\n\tonly within the enclosing RCU read-side critical section [1]_.\n\tFor example, the following is **not** legal::\n\n\t\trcu_read_lock();\n\t\tp = rcu_dereference(head.next);\n\t\trcu_read_unlock();\n\t\tx = p->address;\t/* BUG!!! */\n\t\trcu_read_lock();\n\t\ty = p->data;\t/* BUG!!! */\n\t\trcu_read_unlock();', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00029, EPSS Percentile is 0.06488 |
ubuntu: CVE-2024-56654 was patched at 2025-03-27, 2025-04-01
139. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56655) - Medium [233]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not defer rule destruction via call_rcu nf_tables_chain_destroy can sleep, it can't be used from call_rcu callbacks. Moreover, nf_tables_rule_release() is only safe for error unwinding, while transaction mutex is held and the to-be-desroyed rule was not exposed to either dataplane or dumps, as it deactives+frees without the required synchronize_rcu() in-between. nft_rule_expr_deactivate() callbacks will change ->use counters of other chains/sets, see e.g. nft_lookup .deactivate callback, these must be serialized via transaction mutex. Also add a few lockdep asserts to make this more explicit. Calling synchronize_rcu() isn't ideal, but fixing this without is hard and way more intrusive. As-is, we can get: WARNING: .. net/netfilter/nf_tables_api.c:5515 nft_set_destroy+0x.. Workqueue: events nf_tables_trans_destroy_work RIP: 0010:nft_set_destroy+0x3fe/0x5c0 Call Trace: <TASK> nf_tables_trans_destroy_work+0x6b7/0xad0 process_one_work+0x64a/0xce0 worker_thread+0x613/0x10d0 In case the synchronize_rcu becomes an issue, we can explore alternatives. One way would be to allocate nft_trans_rule objects + one nft_trans_chain object, deactivate the rules + the chain and then defer the freeing to the nft destroy workqueue. We'd still need to keep the synchronize_rcu path as a fallback to handle -ENOMEM corner cases though.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not defer rule destruction via call_rcu\n\nnf_tables_chain_destroy can sleep, it can't be used from call_rcu\ncallbacks.\n\nMoreover, nf_tables_rule_release() is only safe for error unwinding,\nwhile transaction mutex is held and the to-be-desroyed rule was not\nexposed to either dataplane or dumps, as it deactives+frees without\nthe required synchronize_rcu() in-between.\n\nnft_rule_expr_deactivate() callbacks will change ->use counters\nof other chains/sets, see e.g. nft_lookup .deactivate callback, these\nmust be serialized via transaction mutex.\n\nAlso add a few lockdep asserts to make this more explicit.\n\nCalling synchronize_rcu() isn't ideal, but fixing this without is hard\nand way more intrusive. As-is, we can get:\n\nWARNING: .. net/netfilter/nf_tables_api.c:5515 nft_set_destroy+0x..\nWorkqueue: events nf_tables_trans_destroy_work\nRIP: 0010:nft_set_destroy+0x3fe/0x5c0\nCall Trace:\n <TASK>\n nf_tables_trans_destroy_work+0x6b7/0xad0\n process_one_work+0x64a/0xce0\n worker_thread+0x613/0x10d0\n\nIn case the synchronize_rcu becomes an issue, we can explore alternatives.\n\nOne way would be to allocate nft_trans_rule objects + one nft_trans_chain\nobject, deactivate the rules + the chain and then defer the freeing to the\nnft destroy workqueue. We'd still need to keep the synchronize_rcu path as\na fallback to handle -ENOMEM corner cases though.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00029, EPSS Percentile is 0.06488 |
ubuntu: CVE-2024-56655 was patched at 2025-03-27, 2025-04-01
140. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56656) - Medium [233]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X (P7) chip's HW GRO/LRO interface is very similar to that of the previous generation (5750X or P5). However, the aggregation ID fields in the completion structures on P7 have been redefined from 16 bits to 12 bits. The freed up 4 bits are redefined for part of the metadata such as the VLAN ID. The aggregation ID mask was not modified when adding support for P7 chips. Including the extra 4 bits for the aggregation ID can potentially cause the driver to store or fetch the packet header of GRO/LRO packets in the wrong TPA buffer. It may hit the BUG() condition in __skb_pull() because the SKB contains no valid packet header: kernel BUG at include/linux/skbuff.h:2766! Oops: invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 4 UID: 0 PID: 0 Comm: swapper/4 Kdump: loaded Tainted: G OE 6.12.0-rc2+ #7 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: Dell Inc. PowerEdge R760/0VRV9X, BIOS 1.0.1 12/27/2022 RIP: 0010:eth_type_trans+0xda/0x140 Code: 80 00 00 00 eb c1 8b 47 70 2b 47 74 48 8b 97 d0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb a5 <0f> 0b b8 00 01 00 00 eb 9c 48 85 ff 74 eb 31 f6 b9 02 00 00 00 48 RSP: 0018:ff615003803fcc28 EFLAGS: 00010283 RAX: 00000000000022d2 RBX: 0000000000000003 RCX: ff2e8c25da334040 RDX: 0000000000000040 RSI: ff2e8c25c1ce8000 RDI: ff2e8c25869f9000 RBP: ff2e8c258c31c000 R08: ff2e8c25da334000 R09: 0000000000000001 R10: ff2e8c25da3342c0 R11: ff2e8c25c1ce89c0 R12: ff2e8c258e0990b0 R13: ff2e8c25bb120000 R14: ff2e8c25c1ce89c0 R15: ff2e8c25869f9000 FS: 0000000000000000(0000) GS:ff2e8c34be300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f05317e4c8 CR3: 000000108bac6006 CR4: 0000000000773ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? die+0x33/0x90 ? do_trap+0xd9/0x100 ? eth_type_trans+0xda/0x140 ? do_error_trap+0x65/0x80 ? eth_type_trans+0xda/0x140 ? exc_invalid_op+0x4e/0x70 ? eth_type_trans+0xda/0x140 ? asm_exc_invalid_op+0x16/0x20 ? eth_type_trans+0xda/0x140 bnxt_tpa_end+0x10b/0x6b0 [bnxt_en] ? bnxt_tpa_start+0x195/0x320 [bnxt_en] bnxt_rx_pkt+0x902/0xd90 [bnxt_en] ? __bnxt_tx_int.constprop.0+0x89/0x300 [bnxt_en] ? kmem_cache_free+0x343/0x440 ? __bnxt_tx_int.constprop.0+0x24f/0x300 [bnxt_en] __bnxt_poll_work+0x193/0x370 [bnxt_en] bnxt_poll_p5+0x9a/0x300 [bnxt_en] ? try_to_wake_up+0x209/0x670 __napi_poll+0x29/0x1b0 Fix it by redefining the aggregation ID mask for P5_PLUS chips to be 12 bits. This will work because the maximum aggregation ID is less than 4096 on all P5_PLUS chips.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips\n\nThe 5760X (P7) chip's HW GRO/LRO interface is very similar to that of\nthe previous generation (5750X or P5). However, the aggregation ID\nfields in the completion structures on P7 have been redefined from\n16 bits to 12 bits. The freed up 4 bits are redefined for part of the\nmetadata such as the VLAN ID. The aggregation ID mask was not modified\nwhen adding support for P7 chips. Including the extra 4 bits for the\naggregation ID can potentially cause the driver to store or fetch the\npacket header of GRO/LRO packets in the wrong TPA buffer. It may hit\nthe BUG() condition in __skb_pull() because the SKB contains no valid\npacket header:\n\nkernel BUG at include/linux/skbuff.h:2766!\nOops: invalid opcode: 0000 1 PREEMPT SMP NOPTI\nCPU: 4 UID: 0 PID: 0 Comm: swapper/4 Kdump: loaded Tainted: G OE 6.12.0-rc2+ #7\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: Dell Inc. PowerEdge R760/0VRV9X, BIOS 1.0.1 12/27/2022\nRIP: 0010:eth_type_trans+0xda/0x140\nCode: 80 00 00 00 eb c1 8b 47 70 2b 47 74 48 8b 97 d0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb a5 <0f> 0b b8 00 01 00 00 eb 9c 48 85 ff 74 eb 31 f6 b9 02 00 00 00 48\nRSP: 0018:ff615003803fcc28 EFLAGS: 00010283\nRAX: 00000000000022d2 RBX: 0000000000000003 RCX: ff2e8c25da334040\nRDX: 0000000000000040 RSI: ff2e8c25c1ce8000 RDI: ff2e8c25869f9000\nRBP: ff2e8c258c31c000 R08: ff2e8c25da334000 R09: 0000000000000001\nR10: ff2e8c25da3342c0 R11: ff2e8c25c1ce89c0 R12: ff2e8c258e0990b0\nR13: ff2e8c25bb120000 R14: ff2e8c25c1ce89c0 R15: ff2e8c25869f9000\nFS: 0000000000000000(0000) GS:ff2e8c34be300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055f05317e4c8 CR3: 000000108bac6006 CR4: 0000000000773ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? die+0x33/0x90\n ? do_trap+0xd9/0x100\n ? eth_type_trans+0xda/0x140\n ? do_error_trap+0x65/0x80\n ? eth_type_trans+0xda/0x140\n ? exc_invalid_op+0x4e/0x70\n ? eth_type_trans+0xda/0x140\n ? asm_exc_invalid_op+0x16/0x20\n ? eth_type_trans+0xda/0x140\n bnxt_tpa_end+0x10b/0x6b0 [bnxt_en]\n ? bnxt_tpa_start+0x195/0x320 [bnxt_en]\n bnxt_rx_pkt+0x902/0xd90 [bnxt_en]\n ? __bnxt_tx_int.constprop.0+0x89/0x300 [bnxt_en]\n ? kmem_cache_free+0x343/0x440\n ? __bnxt_tx_int.constprop.0+0x24f/0x300 [bnxt_en]\n __bnxt_poll_work+0x193/0x370 [bnxt_en]\n bnxt_poll_p5+0x9a/0x300 [bnxt_en]\n ? try_to_wake_up+0x209/0x670\n __napi_poll+0x29/0x1b0\n\nFix it by redefining the aggregation ID mask for P5_PLUS chips to be\n12 bits. This will work because the maximum aggregation ID is less\nthan 4096 on all P5_PLUS chips.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05344 |
oraclelinux: CVE-2024-56656 was patched at 2025-04-11
ubuntu: CVE-2024-56656 was patched at 2025-03-27, 2025-04-01
141. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56673) - Medium [233]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Do not call pmd dtor on vmemmap page table teardown The vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, page tables are populated using pmd (page middle directory) hugetables. However, the pmd allocation is not using the generic mechanism used by the VMA code (e.g. pmd_alloc()), or the RISC-V specific create_pgd_mapping()/alloc_pmd_late(). Instead, the vmemmap page table code allocates a page, and calls vmemmap_set_pmd(). This results in that the pmd ctor is *not* called, nor would it make sense to do so. Now, when tearing down a vmemmap page table pmd, the cleanup code would unconditionally, and incorrectly call the pmd dtor, which results in a crash (best case). This issue was found when running the HMM selftests: | tools/testing/selftests/mm# ./test_hmm.sh smoke | ... # when unloading the test_hmm.ko module | page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10915b | flags: 0x1000000000000000(node=0|zone=1) | raw: 1000000000000000 0000000000000000 dead000000000122 0000000000000000 | raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 | page dumped because: VM_BUG_ON_PAGE(ptdesc->pmd_huge_pte) | ------------[ cut here ]------------ | kernel BUG at include/linux/mm.h:3080! | Kernel BUG [#1] | Modules linked in: test_hmm(-) sch_fq_codel fuse drm drm_panel_orientation_quirks backlight dm_mod | CPU: 1 UID: 0 PID: 514 Comm: modprobe Tainted: G W 6.12.0-00982-gf2a4f1682d07 #2 | Tainted: [W]=WARN | Hardware name: riscv-virtio qemu/qemu, BIOS 2024.10 10/01/2024 | epc : remove_pgd_mapping+0xbec/0x1070 | ra : remove_pgd_mapping+0xbec/0x1070 | epc : ffffffff80010a68 ra : ffffffff80010a68 sp : ff20000000a73940 | gp : ffffffff827b2d88 tp : ff6000008785da40 t0 : ffffffff80fbce04 | t1 : 0720072007200720 t2 : 706d756420656761 s0 : ff20000000a73a50 | s1 : ff6000008915cff8 a0 : 0000000000000039 a1 : 0000000000000008 | a2 : ff600003fff0de20 a3 : 0000000000000000 a4 : 0000000000000000 | a5 : 0000000000000000 a6 : c0000000ffffefff a7 : ffffffff824469b8 | s2 : ff1c0000022456c0 s3 : ff1ffffffdbfffff s4 : ff6000008915c000 | s5 : ff6000008915c000 s6 : ff6000008915c000 s7 : ff1ffffffdc00000 | s8 : 0000000000000001 s9 : ff1ffffffdc00000 s10: ffffffff819a31f0 | s11: ffffffffffffffff t3 : ffffffff8000c950 t4 : ff60000080244f00 | t5 : ff60000080244000 t6 : ff20000000a73708 | status: 0000000200000120 badaddr: ffffffff80010a68 cause: 0000000000000003 | [<ffffffff80010a68>] remove_pgd_mapping+0xbec/0x1070 | [<ffffffff80fd238e>] vmemmap_free+0x14/0x1e | [<ffffffff8032e698>] section_deactivate+0x220/0x452 | [<ffffffff8032ef7e>] sparse_remove_section+0x4a/0x58 | [<ffffffff802f8700>] __remove_pages+0x7e/0xba | [<ffffffff803760d8>] memunmap_pages+0x2bc/0x3fe | [<ffffffff02a3ca28>] dmirror_device_remove_chunks+0x2ea/0x518 [test_hmm] | [<ffffffff02a3e026>] hmm_dmirror_exit+0x3e/0x1018 [test_hmm] | [<ffffffff80102c14>] __riscv_sys_delete_module+0x15a/0x2a6 | [<ffffffff80fd020c>] do_trap_ecall_u+0x1f2/0x266 | [<ffffffff80fde0a2>] _new_vmalloc_restore_context_a0+0xc6/0xd2 | Code: bf51 7597 0184 8593 76a5 854a 4097 0029 80e7 2c00 (9002) 7597 | ---[ end trace 0000000000000000 ]--- | Kernel panic - not syncing: Fatal exception in interrupt Add a check to avoid calling the pmd dtor, if the calling context is vmemmap_free().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: mm: Do not call pmd dtor on vmemmap page table teardown\n\nThe vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, page\ntables are populated using pmd (page middle directory) hugetables.\nHowever, the pmd allocation is not using the generic mechanism used by\nthe VMA code (e.g. pmd_alloc()), or the RISC-V specific\ncreate_pgd_mapping()/alloc_pmd_late(). Instead, the vmemmap page table\ncode allocates a page, and calls vmemmap_set_pmd(). This results in\nthat the pmd ctor is *not* called, nor would it make sense to do so.\n\nNow, when tearing down a vmemmap page table pmd, the cleanup code\nwould unconditionally, and incorrectly call the pmd dtor, which\nresults in a crash (best case).\n\nThis issue was found when running the HMM selftests:\n\n | tools/testing/selftests/mm# ./test_hmm.sh smoke\n | ... # when unloading the test_hmm.ko module\n | page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10915b\n | flags: 0x1000000000000000(node=0|zone=1)\n | raw: 1000000000000000 0000000000000000 dead000000000122 0000000000000000\n | raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\n | page dumped because: VM_BUG_ON_PAGE(ptdesc->pmd_huge_pte)\n | ------------[ cut here ]------------\n | kernel BUG at include/linux/mm.h:3080!\n | Kernel BUG [#1]\n | Modules linked in: test_hmm(-) sch_fq_codel fuse drm drm_panel_orientation_quirks backlight dm_mod\n | CPU: 1 UID: 0 PID: 514 Comm: modprobe Tainted: G W 6.12.0-00982-gf2a4f1682d07 #2\n | Tainted: [W]=WARN\n | Hardware name: riscv-virtio qemu/qemu, BIOS 2024.10 10/01/2024\n | epc : remove_pgd_mapping+0xbec/0x1070\n | ra : remove_pgd_mapping+0xbec/0x1070\n | epc : ffffffff80010a68 ra : ffffffff80010a68 sp : ff20000000a73940\n | gp : ffffffff827b2d88 tp : ff6000008785da40 t0 : ffffffff80fbce04\n | t1 : 0720072007200720 t2 : 706d756420656761 s0 : ff20000000a73a50\n | s1 : ff6000008915cff8 a0 : 0000000000000039 a1 : 0000000000000008\n | a2 : ff600003fff0de20 a3 : 0000000000000000 a4 : 0000000000000000\n | a5 : 0000000000000000 a6 : c0000000ffffefff a7 : ffffffff824469b8\n | s2 : ff1c0000022456c0 s3 : ff1ffffffdbfffff s4 : ff6000008915c000\n | s5 : ff6000008915c000 s6 : ff6000008915c000 s7 : ff1ffffffdc00000\n | s8 : 0000000000000001 s9 : ff1ffffffdc00000 s10: ffffffff819a31f0\n | s11: ffffffffffffffff t3 : ffffffff8000c950 t4 : ff60000080244f00\n | t5 : ff60000080244000 t6 : ff20000000a73708\n | status: 0000000200000120 badaddr: ffffffff80010a68 cause: 0000000000000003\n | [<ffffffff80010a68>] remove_pgd_mapping+0xbec/0x1070\n | [<ffffffff80fd238e>] vmemmap_free+0x14/0x1e\n | [<ffffffff8032e698>] section_deactivate+0x220/0x452\n | [<ffffffff8032ef7e>] sparse_remove_section+0x4a/0x58\n | [<ffffffff802f8700>] __remove_pages+0x7e/0xba\n | [<ffffffff803760d8>] memunmap_pages+0x2bc/0x3fe\n | [<ffffffff02a3ca28>] dmirror_device_remove_chunks+0x2ea/0x518 [test_hmm]\n | [<ffffffff02a3e026>] hmm_dmirror_exit+0x3e/0x1018 [test_hmm]\n | [<ffffffff80102c14>] __riscv_sys_delete_module+0x15a/0x2a6\n | [<ffffffff80fd020c>] do_trap_ecall_u+0x1f2/0x266\n | [<ffffffff80fde0a2>] _new_vmalloc_restore_context_a0+0xc6/0xd2\n | Code: bf51 7597 0184 8593 76a5 854a 4097 0029 80e7 2c00 (9002) 7597\n | ---[ end trace 0000000000000000 ]---\n | Kernel panic - not syncing: Fatal exception in interrupt\n\nAdd a check to avoid calling the pmd dtor, if the calling context is\nvmemmap_free().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05344 |
ubuntu: CVE-2024-56673 was patched at 2025-03-27, 2025-04-01
142. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57905) - Medium [233]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ti-ads1119: fix information leak in triggered buffer\n\nThe 'scan' local struct is used to push data to user space from a\ntriggered buffer, but it has a hole between the sample (unsigned int)\nand the timestamp. This hole is never initialized.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.7 | 10 | CVSS Base Score is 7.1. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03282 |
ubuntu: CVE-2024-57905 was patched at 2025-03-27, 2025-04-01
143. Denial of Service - Unknown Product (CVE-2024-8447) - Medium [232]
Description: {'nvd_cve_data_all': 'A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.6 | 10 | CVSS Base Score is 5.9. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00102, EPSS Percentile is 0.29351 |
redhat: CVE-2024-8447 was patched at 2025-03-27
144. Memory Corruption - Unknown Product (CVE-2023-48183) - Medium [232]
Description: {'nvd_cve_data_all': 'QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00213, EPSS Percentile is 0.43992 |
ubuntu: CVE-2023-48183 was patched at 2025-04-15
145. Cross Site Scripting - Unknown Product (CVE-2025-2361) - Medium [226]
Description: {'nvd_cve_data_all': 'A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0 | 14 | Unknown Product | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00082, EPSS Percentile is 0.25125 |
debian: CVE-2025-2361 was patched at 2025-03-22, 2025-04-23
146. Unknown Vulnerability Type - smartdns (CVE-2024-24198) - Medium [226]
Description: {'nvd_cve_data_all': 'smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.5 | 14 | Product detected by a:pymumu:smartdns (does NOT exist in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00191, EPSS Percentile is 0.41487 |
ubuntu: CVE-2024-24198 was patched at 2025-03-25
147. Unknown Vulnerability Type - smartdns (CVE-2024-24199) - Medium [226]
Description: {'nvd_cve_data_all': 'smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.5 | 14 | Product detected by a:pymumu:smartdns (does NOT exist in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00222, EPSS Percentile is 0.44931 |
ubuntu: CVE-2024-24199 was patched at 2025-03-25
148. Unknown Vulnerability Type - Linux Kernel (CVE-2024-54191) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworking iso_sock_recvmsg, to ensure that the socket lock is always released before calling a function that locks hdev. [ 561.670344] ====================================================== [ 561.670346] WARNING: possible circular locking dependency detected [ 561.670349] 6.12.0-rc6+ #26 Not tainted [ 561.670351] ------------------------------------------------------ [ 561.670353] iso-tester/3289 is trying to acquire lock: [ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3}, at: iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670405] but task is already holding lock: [ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: iso_sock_recvmsg+0xbf/0x500 [bluetooth] [ 561.670450] which lock already depends on the new lock. [ 561.670452] the existing dependency chain (in reverse order) is: [ 561.670453] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 561.670458] lock_acquire+0x7c/0xc0 [ 561.670463] lock_sock_nested+0x3b/0xf0 [ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth] [ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth] [ 561.670547] do_accept+0x3dd/0x610 [ 561.670550] __sys_accept4+0xd8/0x170 [ 561.670553] __x64_sys_accept+0x74/0xc0 [ 561.670556] x64_sys_call+0x17d6/0x25f0 [ 561.670559] do_syscall_64+0x87/0x150 [ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670567] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 561.670571] lock_acquire+0x7c/0xc0 [ 561.670574] lock_sock_nested+0x3b/0xf0 [ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth] [ 561.670617] __sys_listen_socket+0xef/0x130 [ 561.670620] __x64_sys_listen+0xe1/0x190 [ 561.670623] x64_sys_call+0x2517/0x25f0 [ 561.670626] do_syscall_64+0x87/0x150 [ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670632] -> #0 (&hdev->lock){+.+.}-{3:3}: [ 561.670636] __lock_acquire+0x32ad/0x6ab0 [ 561.670639] lock_acquire.part.0+0x118/0x360 [ 561.670642] lock_acquire+0x7c/0xc0 [ 561.670644] __mutex_lock+0x18d/0x12f0 [ 561.670647] mutex_lock_nested+0x1b/0x30 [ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth] [ 561.670722] sock_recvmsg+0x1d5/0x240 [ 561.670725] sock_read_iter+0x27d/0x470 [ 561.670727] vfs_read+0x9a0/0xd30 [ 561.670731] ksys_read+0x1a8/0x250 [ 561.670733] __x64_sys_read+0x72/0xc0 [ 561.670736] x64_sys_call+0x1b12/0x25f0 [ 561.670738] do_syscall_64+0x87/0x150 [ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670744] other info that might help us debug this: [ 561.670745] Chain exists of: &hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH [ 561.670751] Possible unsafe locking scenario: [ 561.670753] CPU0 CPU1 [ 561.670754] ---- ---- [ 561.670756] lock(sk_lock-AF_BLUETOOTH); [ 561.670758] lock(sk_lock AF_BLUETOOTH-BTPROTO_ISO); [ 561.670761] lock(sk_lock-AF_BLUETOOTH); [ 561.670764] lock(&hdev->lock); [ 561.670767] *** DEADLOCK ***', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: iso: Fix circular lock in iso_conn_big_sync\n\nThis fixes the circular locking dependency warning below, by reworking\niso_sock_recvmsg, to ensure that the socket lock is always released\nbefore calling a function that locks hdev.\n\n[ 561.670344] ======================================================\n[ 561.670346] WARNING: possible circular locking dependency detected\n[ 561.670349] 6.12.0-rc6+ #26 Not tainted\n[ 561.670351] ------------------------------------------------------\n[ 561.670353] iso-tester/3289 is trying to acquire lock:\n[ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3},\n at: iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670405]\n but task is already holding lock:\n[ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0},\n at: iso_sock_recvmsg+0xbf/0x500 [bluetooth]\n[ 561.670450]\n which lock already depends on the new lock.\n\n[ 561.670452]\n the existing dependency chain (in reverse order) is:\n[ 561.670453]\n -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}:\n[ 561.670458] lock_acquire+0x7c/0xc0\n[ 561.670463] lock_sock_nested+0x3b/0xf0\n[ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth]\n[ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth]\n[ 561.670547] do_accept+0x3dd/0x610\n[ 561.670550] __sys_accept4+0xd8/0x170\n[ 561.670553] __x64_sys_accept+0x74/0xc0\n[ 561.670556] x64_sys_call+0x17d6/0x25f0\n[ 561.670559] do_syscall_64+0x87/0x150\n[ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670567]\n -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}:\n[ 561.670571] lock_acquire+0x7c/0xc0\n[ 561.670574] lock_sock_nested+0x3b/0xf0\n[ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth]\n[ 561.670617] __sys_listen_socket+0xef/0x130\n[ 561.670620] __x64_sys_listen+0xe1/0x190\n[ 561.670623] x64_sys_call+0x2517/0x25f0\n[ 561.670626] do_syscall_64+0x87/0x150\n[ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670632]\n -> #0 (&hdev->lock){+.+.}-{3:3}:\n[ 561.670636] __lock_acquire+0x32ad/0x6ab0\n[ 561.670639] lock_acquire.part.0+0x118/0x360\n[ 561.670642] lock_acquire+0x7c/0xc0\n[ 561.670644] __mutex_lock+0x18d/0x12f0\n[ 561.670647] mutex_lock_nested+0x1b/0x30\n[ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth]\n[ 561.670722] sock_recvmsg+0x1d5/0x240\n[ 561.670725] sock_read_iter+0x27d/0x470\n[ 561.670727] vfs_read+0x9a0/0xd30\n[ 561.670731] ksys_read+0x1a8/0x250\n[ 561.670733] __x64_sys_read+0x72/0xc0\n[ 561.670736] x64_sys_call+0x1b12/0x25f0\n[ 561.670738] do_syscall_64+0x87/0x150\n[ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670744]\n other info that might help us debug this:\n\n[ 561.670745] Chain exists of:\n&hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH\n\n[ 561.670751] Possible unsafe locking scenario:\n\n[ 561.670753] CPU0 CPU1\n[ 561.670754] ---- ----\n[ 561.670756] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670758] lock(sk_lock\n AF_BLUETOOTH-BTPROTO_ISO);\n[ 561.670761] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670764] lock(&hdev->lock);\n[ 561.670767]\n *** DEADLOCK ***', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00015, EPSS Percentile is 0.01741 |
ubuntu: CVE-2024-54191 was patched at 2025-03-27, 2025-04-01
149. Unknown Vulnerability Type - Linux Kernel (CVE-2024-54460) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid any potential deadlock with hdev lock. [ 75.307983] ====================================================== [ 75.307984] WARNING: possible circular locking dependency detected [ 75.307985] 6.12.0-rc6+ #22 Not tainted [ 75.307987] ------------------------------------------------------ [ 75.307987] kworker/u81:2/2623 is trying to acquire lock: [ 75.307988] ffff8fde1769da58 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO) at: iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308021] but task is already holding lock: [ 75.308022] ffff8fdd61a10078 (&hdev->lock) at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308053] which lock already depends on the new lock. [ 75.308054] the existing dependency chain (in reverse order) is: [ 75.308055] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 75.308057] __mutex_lock+0xad/0xc50 [ 75.308061] mutex_lock_nested+0x1b/0x30 [ 75.308063] iso_sock_listen+0x143/0x5c0 [bluetooth] [ 75.308085] __sys_listen_socket+0x49/0x60 [ 75.308088] __x64_sys_listen+0x4c/0x90 [ 75.308090] x64_sys_call+0x2517/0x25f0 [ 75.308092] do_syscall_64+0x87/0x150 [ 75.308095] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 75.308098] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 75.308100] __lock_acquire+0x155e/0x25f0 [ 75.308103] lock_acquire+0xc9/0x300 [ 75.308105] lock_sock_nested+0x32/0x90 [ 75.308107] iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308128] hci_connect_cfm+0x6c/0x190 [bluetooth] [ 75.308155] hci_le_per_adv_report_evt+0x27b/0x2f0 [bluetooth] [ 75.308180] hci_le_meta_evt+0xe7/0x200 [bluetooth] [ 75.308206] hci_event_packet+0x21f/0x5c0 [bluetooth] [ 75.308230] hci_rx_work+0x3ae/0xb10 [bluetooth] [ 75.308254] process_one_work+0x212/0x740 [ 75.308256] worker_thread+0x1bd/0x3a0 [ 75.308258] kthread+0xe4/0x120 [ 75.308259] ret_from_fork+0x44/0x70 [ 75.308261] ret_from_fork_asm+0x1a/0x30 [ 75.308263] other info that might help us debug this: [ 75.308264] Possible unsafe locking scenario: [ 75.308264] CPU0 CPU1 [ 75.308265] ---- ---- [ 75.308265] lock(&hdev->lock); [ 75.308267] lock(sk_lock- AF_BLUETOOTH-BTPROTO_ISO); [ 75.308268] lock(&hdev->lock); [ 75.308269] lock(sk_lock-AF_BLUETOOTH-BTPROTO_ISO); [ 75.308270] *** DEADLOCK *** [ 75.308271] 4 locks held by kworker/u81:2/2623: [ 75.308272] #0: ffff8fdd66e52148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x443/0x740 [ 75.308276] #1: ffffafb488b7fe48 ((work_completion)(&hdev->rx_work)), at: process_one_work+0x1ce/0x740 [ 75.308280] #2: ffff8fdd61a10078 (&hdev->lock){+.+.}-{3:3} at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308304] #3: ffffffffb6ba4900 (rcu_read_lock){....}-{1:2}, at: hci_connect_cfm+0x29/0x190 [bluetooth]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: iso: Fix circular lock in iso_listen_bis\n\nThis fixes the circular locking dependency warning below, by\nreleasing the socket lock before enterning iso_listen_bis, to\navoid any potential deadlock with hdev lock.\n\n[ 75.307983] ======================================================\n[ 75.307984] WARNING: possible circular locking dependency detected\n[ 75.307985] 6.12.0-rc6+ #22 Not tainted\n[ 75.307987] ------------------------------------------------------\n[ 75.307987] kworker/u81:2/2623 is trying to acquire lock:\n[ 75.307988] ffff8fde1769da58 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO)\n at: iso_connect_cfm+0x253/0x840 [bluetooth]\n[ 75.308021]\n but task is already holding lock:\n[ 75.308022] ffff8fdd61a10078 (&hdev->lock)\n at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth]\n[ 75.308053]\n which lock already depends on the new lock.\n\n[ 75.308054]\n the existing dependency chain (in reverse order) is:\n[ 75.308055]\n -> #1 (&hdev->lock){+.+.}-{3:3}:\n[ 75.308057] __mutex_lock+0xad/0xc50\n[ 75.308061] mutex_lock_nested+0x1b/0x30\n[ 75.308063] iso_sock_listen+0x143/0x5c0 [bluetooth]\n[ 75.308085] __sys_listen_socket+0x49/0x60\n[ 75.308088] __x64_sys_listen+0x4c/0x90\n[ 75.308090] x64_sys_call+0x2517/0x25f0\n[ 75.308092] do_syscall_64+0x87/0x150\n[ 75.308095] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 75.308098]\n -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}:\n[ 75.308100] __lock_acquire+0x155e/0x25f0\n[ 75.308103] lock_acquire+0xc9/0x300\n[ 75.308105] lock_sock_nested+0x32/0x90\n[ 75.308107] iso_connect_cfm+0x253/0x840 [bluetooth]\n[ 75.308128] hci_connect_cfm+0x6c/0x190 [bluetooth]\n[ 75.308155] hci_le_per_adv_report_evt+0x27b/0x2f0 [bluetooth]\n[ 75.308180] hci_le_meta_evt+0xe7/0x200 [bluetooth]\n[ 75.308206] hci_event_packet+0x21f/0x5c0 [bluetooth]\n[ 75.308230] hci_rx_work+0x3ae/0xb10 [bluetooth]\n[ 75.308254] process_one_work+0x212/0x740\n[ 75.308256] worker_thread+0x1bd/0x3a0\n[ 75.308258] kthread+0xe4/0x120\n[ 75.308259] ret_from_fork+0x44/0x70\n[ 75.308261] ret_from_fork_asm+0x1a/0x30\n[ 75.308263]\n other info that might help us debug this:\n\n[ 75.308264] Possible unsafe locking scenario:\n\n[ 75.308264] CPU0 CPU1\n[ 75.308265] ---- ----\n[ 75.308265] lock(&hdev->lock);\n[ 75.308267] lock(sk_lock-\n AF_BLUETOOTH-BTPROTO_ISO);\n[ 75.308268] lock(&hdev->lock);\n[ 75.308269] lock(sk_lock-AF_BLUETOOTH-BTPROTO_ISO);\n[ 75.308270]\n *** DEADLOCK ***\n\n[ 75.308271] 4 locks held by kworker/u81:2/2623:\n[ 75.308272] #0: ffff8fdd66e52148 ((wq_completion)hci0#2){+.+.}-{0:0},\n at: process_one_work+0x443/0x740\n[ 75.308276] #1: ffffafb488b7fe48 ((work_completion)(&hdev->rx_work)),\n at: process_one_work+0x1ce/0x740\n[ 75.308280] #2: ffff8fdd61a10078 (&hdev->lock){+.+.}-{3:3}\n at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth]\n[ 75.308304] #3: ffffffffb6ba4900 (rcu_read_lock){....}-{1:2},\n at: hci_connect_cfm+0x29/0x190 [bluetooth]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00015, EPSS Percentile is 0.01741 |
ubuntu: CVE-2024-54460 was patched at 2025-03-27, 2025-04-01
150. Unknown Vulnerability Type - Linux Kernel (CVE-2024-55642) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned block device always execute a zone report whenever a write BIO to a zone fails. The intent of this is to ensure that the tracking of a zone write pointer is always correct to ensure that the alignment to a zone write pointer of write BIOs can be checked on submission and that we can always correctly emulate zone append operations using regular write BIOs. However, this error recovery scheme introduces a potential deadlock if a device queue freeze is initiated while BIOs are still plugged in a zone write plug and one of these write operation fails. In such case, the disk zone write plug error recovery work is scheduled and executes a report zone. This in turn can result in a request allocation in the underlying driver to issue the report zones command to the device. But with the device queue freeze already started, this allocation will block, preventing the report zone execution and the continuation of the processing of the plugged BIOs. As plugged BIOs hold a queue usage reference, the queue freeze itself will never complete, resulting in a deadlock. Avoid this problem by completely removing from the zone write plugging code the use of report zones operations after a failed write operation, instead relying on the device user to either execute a report zones, reset the zone, finish the zone, or give up writing to the device (which is a fairly common pattern for file systems which degrade to read-only after write failures). This is not an unreasonnable requirement as all well-behaved applications, FSes and device mapper already use report zones to recover from write errors whenever possible by comparing the current position of a zone write pointer with what their assumption about the position is. The changes to remove the automatic error recovery are as follows: - Completely remove the error recovery work and its associated resources (zone write plug list head, disk error list, and disk zone_wplugs_work work struct). This also removes the functions disk_zone_wplug_set_error() and disk_zone_wplug_clear_error(). - Change the BLK_ZONE_WPLUG_ERROR zone write plug flag into BLK_ZONE_WPLUG_NEED_WP_UPDATE. This new flag is set for a zone write plug whenever a write opration targetting the zone of the zone write plug fails. This flag indicates that the zone write pointer offset is not reliable and that it must be updated when the next report zone, reset zone, finish zone or disk revalidation is executed. - Modify blk_zone_write_plug_bio_endio() to set the BLK_ZONE_WPLUG_NEED_WP_UPDATE flag for the target zone of a failed write BIO. - Modify the function disk_zone_wplug_set_wp_offset() to clear this new flag, thus implementing recovery of a correct write pointer offset with the reset (all) zone and finish zone operations. - Modify blkdev_report_zones() to always use the disk_report_zones_cb() callback so that disk_zone_wplug_sync_wp_offset() can be called for any zone marked with the BLK_ZONE_WPLUG_NEED_WP_UPDATE flag. This implements recovery of a correct write pointer offset for zone write plugs marked with BLK_ZONE_WPLUG_NEED_WP_UPDATE and within the range of the report zones operation executed by the user. - Modify blk_revalidate_seq_zone() to call disk_zone_wplug_sync_wp_offset() for all sequential write required zones when a zoned block device is revalidated, thus always resolving any inconsistency between the write pointer offset of zone write plugs and the actual write pointer position of sequential zones.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Prevent potential deadlocks in zone write plug error recovery\n\nZone write plugging for handling writes to zones of a zoned block\ndevice always execute a zone report whenever a write BIO to a zone\nfails. The intent of this is to ensure that the tracking of a zone write\npointer is always correct to ensure that the alignment to a zone write\npointer of write BIOs can be checked on submission and that we can\nalways correctly emulate zone append operations using regular write\nBIOs.\n\nHowever, this error recovery scheme introduces a potential deadlock if a\ndevice queue freeze is initiated while BIOs are still plugged in a zone\nwrite plug and one of these write operation fails. In such case, the\ndisk zone write plug error recovery work is scheduled and executes a\nreport zone. This in turn can result in a request allocation in the\nunderlying driver to issue the report zones command to the device. But\nwith the device queue freeze already started, this allocation will\nblock, preventing the report zone execution and the continuation of the\nprocessing of the plugged BIOs. As plugged BIOs hold a queue usage\nreference, the queue freeze itself will never complete, resulting in a\ndeadlock.\n\nAvoid this problem by completely removing from the zone write plugging\ncode the use of report zones operations after a failed write operation,\ninstead relying on the device user to either execute a report zones,\nreset the zone, finish the zone, or give up writing to the device (which\nis a fairly common pattern for file systems which degrade to read-only\nafter write failures). This is not an unreasonnable requirement as all\nwell-behaved applications, FSes and device mapper already use report\nzones to recover from write errors whenever possible by comparing the\ncurrent position of a zone write pointer with what their assumption\nabout the position is.\n\nThe changes to remove the automatic error recovery are as follows:\n - Completely remove the error recovery work and its associated\n resources (zone write plug list head, disk error list, and disk\n zone_wplugs_work work struct). This also removes the functions\n disk_zone_wplug_set_error() and disk_zone_wplug_clear_error().\n\n - Change the BLK_ZONE_WPLUG_ERROR zone write plug flag into\n BLK_ZONE_WPLUG_NEED_WP_UPDATE. This new flag is set for a zone write\n plug whenever a write opration targetting the zone of the zone write\n plug fails. This flag indicates that the zone write pointer offset is\n not reliable and that it must be updated when the next report zone,\n reset zone, finish zone or disk revalidation is executed.\n\n - Modify blk_zone_write_plug_bio_endio() to set the\n BLK_ZONE_WPLUG_NEED_WP_UPDATE flag for the target zone of a failed\n write BIO.\n\n - Modify the function disk_zone_wplug_set_wp_offset() to clear this\n new flag, thus implementing recovery of a correct write pointer\n offset with the reset (all) zone and finish zone operations.\n\n - Modify blkdev_report_zones() to always use the disk_report_zones_cb()\n callback so that disk_zone_wplug_sync_wp_offset() can be called for\n any zone marked with the BLK_ZONE_WPLUG_NEED_WP_UPDATE flag.\n This implements recovery of a correct write pointer offset for zone\n write plugs marked with BLK_ZONE_WPLUG_NEED_WP_UPDATE and within\n the range of the report zones operation executed by the user.\n\n - Modify blk_revalidate_seq_zone() to call\n disk_zone_wplug_sync_wp_offset() for all sequential write required\n zones when a zoned block device is revalidated, thus always resolving\n any inconsistency between the write pointer offset of zone write\n plugs and the actual write pointer position of sequential zones.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00016, EPSS Percentile is 0.02279 |
ubuntu: CVE-2024-55642 was patched at 2025-03-27, 2025-04-01
151. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56671) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: gpio: graniterapids: Fix vGPIO driver crash Move setting irq_chip.name from probe() function to the initialization of "irq_chip" struct in order to fix vGPIO driver crash during bootup. Crash was caused by unauthorized modification of irq_chip.name field where irq_chip struct was initialized as const. This behavior is a consequence of suboptimal implementation of gpio_irq_chip_set_chip(), which should be changed to avoid casting away const qualifier. Crash log: BUG: unable to handle page fault for address: ffffffffc0ba81c0 /#PF: supervisor write access in kernel mode /#PF: error_code(0x0003) - permissions violation CPU: 33 UID: 0 PID: 1075 Comm: systemd-udevd Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 #1 Hardware name: Intel Corporation Kaseyville RP/Kaseyville RP, BIOS KVLDCRB1.PGS.0026.D73.2410081258 10/08/2024 RIP: 0010:gnr_gpio_probe+0x171/0x220 [gpio_graniterapids]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: graniterapids: Fix vGPIO driver crash\n\nMove setting irq_chip.name from probe() function to the initialization\nof "irq_chip" struct in order to fix vGPIO driver crash during bootup.\n\nCrash was caused by unauthorized modification of irq_chip.name field\nwhere irq_chip struct was initialized as const.\n\nThis behavior is a consequence of suboptimal implementation of\ngpio_irq_chip_set_chip(), which should be changed to avoid\ncasting away const qualifier.\n\nCrash log:\nBUG: unable to handle page fault for address: ffffffffc0ba81c0\n/#PF: supervisor write access in kernel mode\n/#PF: error_code(0x0003) - permissions violation\nCPU: 33 UID: 0 PID: 1075 Comm: systemd-udevd Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 #1\nHardware name: Intel Corporation Kaseyville RP/Kaseyville RP, BIOS KVLDCRB1.PGS.0026.D73.2410081258 10/08/2024\nRIP: 0010:gnr_gpio_probe+0x171/0x220 [gpio_graniterapids]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03465 |
ubuntu: CVE-2024-56671 was patched at 2025-03-27, 2025-04-01
152. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56760) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. There is a check for MSI-X, which has a legacy assumption. But that legacy fallback assumption is only valid when legacy support is enabled, but otherwise the check should simply return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support without implementing the legacy fallbacks. There are weak implementations which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add the missing supported check into the MSI enable path to complete it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/MSI: Handle lack of irqdomain gracefully\n\nAlexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a\nRISCV platform which does not provide PCI/MSI support:\n\n WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32\n __pci_enable_msix_range+0x30c/0x596\n pci_msi_setup_msi_irqs+0x2c/0x32\n pci_alloc_irq_vectors_affinity+0xb8/0xe2\n\nRISCV uses hierarchical interrupt domains and correctly does not implement\nthe legacy fallback. The warning triggers from the legacy fallback stub.\n\nThat warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent\ndomain is associated with the device or not. There is a check for MSI-X,\nwhich has a legacy assumption. But that legacy fallback assumption is only\nvalid when legacy support is enabled, but otherwise the check should simply\nreturn -ENOTSUPP.\n\nLoongarch tripped over the same problem and blindly enabled legacy support\nwithout implementing the legacy fallbacks. There are weak implementations\nwhich return an error, so the problem was papered over.\n\nCorrect pci_msi_domain_supports() to evaluate the legacy mode and add\nthe missing supported check into the MSI enable path to complete it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03966 |
oraclelinux: CVE-2024-56760 was patched at 2025-04-11
ubuntu: CVE-2024-56760 was patched at 2025-03-27, 2025-04-01
153. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56761) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across the instruction boundary. When the decoder finds an inappropriate instruction while WFE is set ENDBR, the CPU raises a #CP fault. For the "kernel IBT no ENDBR" selftest where #CPs are deliberately triggered, the WFE state of the interrupted context needs to be cleared to let execution continue. Otherwise when the CPU resumes from the instruction that just caused the previous #CP, another missing-ENDBRANCH #CP is raised and the CPU enters a dead loop. This is not a problem with IDT because it doesn't preserve WFE and IRET doesn't set WFE. But FRED provides space on the entry stack (in an expanded CS area) to save and restore the WFE state, thus the WFE state is no longer clobbered, so software must clear it. Clear WFE to avoid dead looping in ibt_clear_fred_wfe() and the !ibt_fatal code path when execution is allowed to continue. Clobbering WFE in any other circumstance is a security-relevant bug. [ dhansen: changelog rewording ]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fred: Clear WFE in missing-ENDBRANCH #CPs\n\nAn indirect branch instruction sets the CPU indirect branch tracker\n(IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted\nacross the instruction boundary. When the decoder finds an\ninappropriate instruction while WFE is set ENDBR, the CPU raises a #CP\nfault.\n\nFor the "kernel IBT no ENDBR" selftest where #CPs are deliberately\ntriggered, the WFE state of the interrupted context needs to be\ncleared to let execution continue. Otherwise when the CPU resumes\nfrom the instruction that just caused the previous #CP, another\nmissing-ENDBRANCH #CP is raised and the CPU enters a dead loop.\n\nThis is not a problem with IDT because it doesn't preserve WFE and\nIRET doesn't set WFE. But FRED provides space on the entry stack\n(in an expanded CS area) to save and restore the WFE state, thus the\nWFE state is no longer clobbered, so software must clear it.\n\nClear WFE to avoid dead looping in ibt_clear_fred_wfe() and the\n!ibt_fatal code path when execution is allowed to continue.\n\nClobbering WFE in any other circumstance is a security-relevant bug.\n\n[ dhansen: changelog rewording ]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00023, EPSS Percentile is 0.0444 |
ubuntu: CVE-2024-56761 was patched at 2025-03-27, 2025-04-01
154. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56768) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disabled can trigger the following bug, as pcpu_hot is unavailable: [ 8.471774] BUG: unable to handle page fault for address: 00000000936a290c [ 8.471849] #PF: supervisor read access in kernel mode [ 8.471881] #PF: error_code(0x0000) - not-present page Fix by inlining a return 0 in the !CONFIG_SMP case.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP\n\nOn x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP\ndisabled can trigger the following bug, as pcpu_hot is unavailable:\n\n [ 8.471774] BUG: unable to handle page fault for address: 00000000936a290c\n [ 8.471849] #PF: supervisor read access in kernel mode\n [ 8.471881] #PF: error_code(0x0000) - not-present page\n\nFix by inlining a return 0 in the !CONFIG_SMP case.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2024-56768 was patched at 2025-03-27, 2025-04-01
155. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56771) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: * W25N512GW * W25N01GW * W25N01JW * W25N02JW all require a single bit of ECC strength and thus feature an on-die Hamming-like ECC engine. There is no point in filling a ->get_status() callback for them because the main ECC status bytes are located in standard places, and retrieving the number of bitflips in case of corrected chunk is both useless and unsupported (if there are bitflips, then there is 1 at most, so no need to query the chip for that). Without this change, a kernel warning triggers every time a bit flips.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information\n\nThese four chips:\n* W25N512GW\n* W25N01GW\n* W25N01JW\n* W25N02JW\nall require a single bit of ECC strength and thus feature an on-die\nHamming-like ECC engine. There is no point in filling a ->get_status()\ncallback for them because the main ECC status bytes are located in\nstandard places, and retrieving the number of bitflips in case of\ncorrected chunk is both useless and unsupported (if there are bitflips,\nthen there is 1 at most, so no need to query the chip for that).\n\nWithout this change, a kernel warning triggers every time a bit flips.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.03262 |
ubuntu: CVE-2024-56771 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
156. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57878) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.uw.fpmr, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing contents of FPMR will be retained. Before this patch: | # ./fpmr-test | Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d | SETREGSET(nt=0x40e, len=8) wrote 8 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | | Attempting to write NT_ARM_FPMR (zero length) | SETREGSET(nt=0x40e, len=0) wrote 0 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0xffff800083963d50 After this patch: | # ./fpmr-test | Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d | SETREGSET(nt=0x40e, len=8) wrote 8 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | | Attempting to write NT_ARM_FPMR (zero length) | SETREGSET(nt=0x40e, len=0) wrote 0 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR\n\nCurrently fpmr_set() doesn't initialize the temporary 'fpmr' variable,\nand a SETREGSET call with a length of zero will leave this\nuninitialized. Consequently an arbitrary value will be written back to\ntarget->thread.uw.fpmr, potentially leaking up to 64 bits of memory from\nthe kernel stack. The read is limited to a specific slot on the stack,\nand the issue does not provide a write mechanism.\n\nFix this by initializing the temporary value before copying the regset\nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,\nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing\ncontents of FPMR will be retained.\n\nBefore this patch:\n\n| # ./fpmr-test\n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n|\n| Attempting to write NT_ARM_FPMR (zero length)\n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0xffff800083963d50\n\nAfter this patch:\n\n| # ./fpmr-test\n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n|\n| Attempting to write NT_ARM_FPMR (zero length)\n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00018, EPSS Percentile is 0.02915 |
ubuntu: CVE-2024-57878 was patched at 2025-03-27, 2025-04-01
157. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21891) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlan_process_v6_outbound() was assuming the IPv6 network header isis present in skb->head [1] Add the needed pskb_network_may_pull() calls for both IPv4 and IPv6 handlers. [1] BUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 ipv6_addr_type include/net/ipv6.h:555 [inline] ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline] ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651 ip6_route_output include/net/ip6_route.h:93 [inline] ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476 ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline] ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671 ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223 __netdev_start_xmit include/linux/netdevice.h:5150 [inline] netdev_start_xmit include/linux/netdevice.h:5159 [inline] xmit_one net/core/dev.c:3735 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751 sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343 qdisc_restart net/sched/sch_generic.c:408 [inline] __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416 qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127 net_tx_action+0x78b/0x940 net/core/dev.c:5484 handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561 __do_softirq+0x14/0x1a kernel/softirq.c:595 do_softirq+0x9a/0x100 kernel/softirq.c:462 __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611 dev_queue_xmit include/linux/netdevice.h:3311 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3132 [inline] packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164 sock_sendmsg_nosec net/socket.c:718 [inline]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb->head [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.0343 |
debian: CVE-2025-21891 was patched at 2025-04-12, 2025-04-23
158. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21912) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: gpio: rcar: Use raw_spinlock to protect register access Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access. [ 4.239592] ============================= [ 4.239595] [ BUG: Invalid wait context ] [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted [ 4.239603] ----------------------------- [ 4.239606] kworker/u8:5/76 is trying to lock: [ 4.239609] ffff0000091898a0 (&p->lock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.239641] other info that might help us debug this: [ 4.239643] context-{5:5} [ 4.239646] 5 locks held by kworker/u8:5/76: [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'frame-master' with a value. [ 4.254094] #1: ffff80008299bd80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c [ 4.254109] #2: ffff00000920c8f8 [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'bitclock-master' with a value. [ 4.264803] (&dev->mutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690 [ 4.264840] #4: [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'frame-master' with a value. [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690 [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz [ 4.304082] stack backtrace: [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT) [ 4.304097] Workqueue: async async_run_entry_fn [ 4.304106] Call trace: [ 4.304110] show_stack+0x14/0x20 (C) [ 4.304122] dump_stack_lvl+0x6c/0x90 [ 4.304131] dump_stack+0x14/0x1c [ 4.304138] __lock_acquire+0xdfc/0x1584 [ 4.426274] lock_acquire+0x1c4/0x33c [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80 [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8 [ 4.444422] __irq_set_trigger+0x5c/0x178 [ 4.448435] __setup_irq+0x2e4/0x690 [ 4.452012] request_threaded_irq+0xc4/0x190 [ 4.456285] devm_request_threaded_irq+0x7c/0xf4 [ 4.459398] ata1: link resume succeeded after 1 retries [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0 [ 4.470660] mmc_start_host+0x50/0xac [ 4.474327] mmc_add_host+0x80/0xe4 [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440 [ 4.482094] renesas_sdhi_probe+0x488/0x6f4 [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78 [ 4.491509] platform_probe+0x64/0xd8 [ 4.495178] really_probe+0xb8/0x2a8 [ 4.498756] __driver_probe_device+0x74/0x118 [ 4.503116] driver_probe_device+0x3c/0x154 [ 4.507303] __device_attach_driver+0xd4/0x160 [ 4.511750] bus_for_each_drv+0x84/0xe0 [ 4.515588] __device_attach_async_helper+0xb0/0xdc [ 4.520470] async_run_entry_fn+0x30/0xd8 [ 4.524481] process_one_work+0x210/0x62c [ 4.528494] worker_thread+0x1ac/0x340 [ 4.532245] kthread+0x10c/0x110 [ 4.535476] ret_from_fork+0x10/0x20', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (&p->lock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'frame-master' with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'bitclock-master' with a value.\n [ 4.264803] (&dev->mutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'frame-master' with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00015, EPSS Percentile is 0.01974 |
debian: CVE-2025-21912 was patched at 2025-04-12, 2025-04-23
159. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21922) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning [1], which is caused by the ppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP filter BPF program: ''' struct bpf_program fp; pcap_t *handle; handle = pcap_open_dead(DLT_PPP_PPPD, 65535); pcap_compile(handle, &fp, "ip and outbound", 0, 0); bpf_dump(&fp, 1); ''' Its output is: ''' (000) ldh [2] (001) jeq #0x21 jt 2 jf 5 (002) ldb [0] (003) jeq #0x1 jt 4 jf 5 (004) ret #65535 (005) ret #0 ''' Wen can find similar code at the following link: https://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680 The maintainer of this code repository is also the original maintainer of the ppp driver. As you can see the BPF program skips 2 bytes of data and then reads the 'Protocol' field to determine if it's an IP packet. Then it read the first byte of the first 2 bytes to determine the direction. The issue is that only the first byte indicating direction is initialized in current ppp driver code while the second byte is not initialized. For normal BPF programs generated by libpcap, uninitialized data won't be used, so it's not a problem. However, for carefully crafted BPF programs, such as those generated by syzkaller [2], which start reading from offset 0, the uninitialized data will be used and caught by KMSAN. [1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791 [2] https://syzkaller.appspot.com/text?tag=ReproC&x=11994913980000', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nppp: Fix KMSAN uninit-value warning with bpf\n\nSyzbot caught an "KMSAN: uninit-value" warning [1], which is caused by the\nppp driver not initializing a 2-byte header when using socket filter.\n\nThe following code can generate a PPP filter BPF program:\n'''\nstruct bpf_program fp;\npcap_t *handle;\nhandle = pcap_open_dead(DLT_PPP_PPPD, 65535);\npcap_compile(handle, &fp, "ip and outbound", 0, 0);\nbpf_dump(&fp, 1);\n'''\nIts output is:\n'''\n(000) ldh [2]\n(001) jeq #0x21 jt 2 jf 5\n(002) ldb [0]\n(003) jeq #0x1 jt 4 jf 5\n(004) ret #65535\n(005) ret #0\n'''\nWen can find similar code at the following link:\nhttps://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680\nThe maintainer of this code repository is also the original maintainer\nof the ppp driver.\n\nAs you can see the BPF program skips 2 bytes of data and then reads the\n'Protocol' field to determine if it's an IP packet. Then it read the first\nbyte of the first 2 bytes to determine the direction.\n\nThe issue is that only the first byte indicating direction is initialized\nin current ppp driver code while the second byte is not initialized.\n\nFor normal BPF programs generated by libpcap, uninitialized data won't be\nused, so it's not a problem. However, for carefully crafted BPF programs,\nsuch as those generated by syzkaller [2], which start reading from offset\n0, the uninitialized data will be used and caught by KMSAN.\n\n[1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791\n[2] https://syzkaller.appspot.com/text?tag=ReproC&x=11994913980000', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03875 |
debian: CVE-2025-21922 was patched at 2025-04-12, 2025-04-23
160. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21951) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock There are multiple places from where the recovery work gets scheduled asynchronously. Also, there are multiple places where the caller waits synchronously for the recovery to be completed. One such place is during the PM shutdown() callback. If the device is not alive during recovery_work, it will try to reset the device using pci_reset_function(). This function internally will take the device_lock() first before resetting the device. By this time, if the lock has already been acquired, then recovery_work will get stalled while waiting for the lock. And if the lock was already acquired by the caller which waits for the recovery_work to be completed, it will lead to deadlock. This is what happened on the X1E80100 CRD device when the device died before shutdown() callback. Driver core calls the driver's shutdown() callback while holding the device_lock() leading to deadlock. And this deadlock scenario can occur on other paths as well, like during the PM suspend() callback, where the driver core would hold the device_lock() before calling driver's suspend() callback. And if the recovery_work was already started, it could lead to deadlock. This is also observed on the X1E80100 CRD. So to fix both issues, use pci_try_reset_function() in recovery_work. This function first checks for the availability of the device_lock() before trying to reset the device. If the lock is available, it will acquire it and reset the device. Otherwise, it will return -EAGAIN. If that happens, recovery_work will fail with the error message "Recovery failed" as not much could be done.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\n\nThere are multiple places from where the recovery work gets scheduled\nasynchronously. Also, there are multiple places where the caller waits\nsynchronously for the recovery to be completed. One such place is during\nthe PM shutdown() callback.\n\nIf the device is not alive during recovery_work, it will try to reset the\ndevice using pci_reset_function(). This function internally will take the\ndevice_lock() first before resetting the device. By this time, if the lock\nhas already been acquired, then recovery_work will get stalled while\nwaiting for the lock. And if the lock was already acquired by the caller\nwhich waits for the recovery_work to be completed, it will lead to\ndeadlock.\n\nThis is what happened on the X1E80100 CRD device when the device died\nbefore shutdown() callback. Driver core calls the driver's shutdown()\ncallback while holding the device_lock() leading to deadlock.\n\nAnd this deadlock scenario can occur on other paths as well, like during\nthe PM suspend() callback, where the driver core would hold the\ndevice_lock() before calling driver's suspend() callback. And if the\nrecovery_work was already started, it could lead to deadlock. This is also\nobserved on the X1E80100 CRD.\n\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\nfunction first checks for the availability of the device_lock() before\ntrying to reset the device. If the lock is available, it will acquire it\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\nrecovery_work will fail with the error message "Recovery failed" as not\nmuch could be done.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00015, EPSS Percentile is 0.01974 |
debian: CVE-2025-21951 was patched at 2025-04-12, 2025-04-23
161. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21959) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Since commit b36e4523d4d5 ("netfilter: nf_conncount: fix garbage collection confirm race"), `cpu` and `jiffies32` were introduced to the struct nf_conncount_tuple. The commit made nf_conncount_add() initialize `conn->cpu` and `conn->jiffies32` when allocating the struct. In contrast, count_tree() was not changed to initialize them. By commit 34848d5c896e ("netfilter: nf_conncount: Split insert and traversal"), count_tree() was split and the relevant allocation code now resides in insert_tree(). Initialize `conn->cpu` and `conn->jiffies32` in insert_tree(). BUG: KMSAN: uninit-value in find_or_evict net/netfilter/nf_conncount.c:117 [inline] BUG: KMSAN: uninit-value in __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143 find_or_evict net/netfilter/nf_conncount.c:117 [inline] __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143 count_tree net/netfilter/nf_conncount.c:438 [inline] nf_conncount_count+0x82f/0x1e80 net/netfilter/nf_conncount.c:521 connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72 __nft_match_eval net/netfilter/nft_compat.c:403 [inline] nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288 nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663 NF_HOOK_LIST include/linux/netfilter.h:350 [inline] ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633 ip_list_rcv+0x9ef/0xa40 net/ipv4/ip_input.c:669 __netif_receive_skb_list_ptype net/core/dev.c:5936 [inline] __netif_receive_skb_list_core+0x15c5/0x1670 net/core/dev.c:5983 __netif_receive_skb_list net/core/dev.c:6035 [inline] netif_receive_skb_list_internal+0x1085/0x1700 net/core/dev.c:6126 netif_receive_skb_list+0x5a/0x460 net/core/dev.c:6178 xdp_recv_frames net/bpf/test_run.c:280 [inline] xdp_test_run_batch net/bpf/test_run.c:361 [inline] bpf_test_run_xdp_live+0x2e86/0x3480 net/bpf/test_run.c:390 bpf_prog_test_run_xdp+0xf1d/0x1ae0 net/bpf/test_run.c:1316 bpf_prog_test_run+0x5e5/0xa30 kernel/bpf/syscall.c:4407 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5813 __do_sys_bpf kernel/bpf/syscall.c:5902 [inline] __se_sys_bpf kernel/bpf/syscall.c:5900 [inline] __ia32_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5900 ia32_sys_call+0x394d/0x4180 arch/x86/include/generated/asm/syscalls_32.h:358 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/common.c:387 do_fast_syscall_32+0x38/0x80 arch/x86/entry/common.c:412 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:450 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Uninit was created at: slab_post_alloc_hook mm/slub.c:4121 [inline] slab_alloc_node mm/slub.c:4164 [inline] kmem_cache_alloc_noprof+0x915/0xe10 mm/slub.c:4171 insert_tree net/netfilter/nf_conncount.c:372 [inline] count_tree net/netfilter/nf_conncount.c:450 [inline] nf_conncount_count+0x1415/0x1e80 net/netfilter/nf_conncount.c:521 connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72 __nft_match_eval net/netfilter/nft_compat.c:403 [inline] nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288 nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663 NF_HOOK_LIST include/linux/netfilter.h:350 [inline] ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633 ip_list_rcv+0x9ef/0xa40 net/ip ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()\n\nSince commit b36e4523d4d5 ("netfilter: nf_conncount: fix garbage\ncollection confirm race"), `cpu` and `jiffies32` were introduced to\nthe struct nf_conncount_tuple.\n\nThe commit made nf_conncount_add() initialize `conn->cpu` and\n`conn->jiffies32` when allocating the struct.\nIn contrast, count_tree() was not changed to initialize them.\n\nBy commit 34848d5c896e ("netfilter: nf_conncount: Split insert and\ntraversal"), count_tree() was split and the relevant allocation\ncode now resides in insert_tree().\nInitialize `conn->cpu` and `conn->jiffies32` in insert_tree().\n\nBUG: KMSAN: uninit-value in find_or_evict net/netfilter/nf_conncount.c:117 [inline]\nBUG: KMSAN: uninit-value in __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143\n find_or_evict net/netfilter/nf_conncount.c:117 [inline]\n __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143\n count_tree net/netfilter/nf_conncount.c:438 [inline]\n nf_conncount_count+0x82f/0x1e80 net/netfilter/nf_conncount.c:521\n connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72\n __nft_match_eval net/netfilter/nft_compat.c:403 [inline]\n nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663\n NF_HOOK_LIST include/linux/netfilter.h:350 [inline]\n ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633\n ip_list_rcv+0x9ef/0xa40 net/ipv4/ip_input.c:669\n __netif_receive_skb_list_ptype net/core/dev.c:5936 [inline]\n __netif_receive_skb_list_core+0x15c5/0x1670 net/core/dev.c:5983\n __netif_receive_skb_list net/core/dev.c:6035 [inline]\n netif_receive_skb_list_internal+0x1085/0x1700 net/core/dev.c:6126\n netif_receive_skb_list+0x5a/0x460 net/core/dev.c:6178\n xdp_recv_frames net/bpf/test_run.c:280 [inline]\n xdp_test_run_batch net/bpf/test_run.c:361 [inline]\n bpf_test_run_xdp_live+0x2e86/0x3480 net/bpf/test_run.c:390\n bpf_prog_test_run_xdp+0xf1d/0x1ae0 net/bpf/test_run.c:1316\n bpf_prog_test_run+0x5e5/0xa30 kernel/bpf/syscall.c:4407\n __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5813\n __do_sys_bpf kernel/bpf/syscall.c:5902 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5900 [inline]\n __ia32_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5900\n ia32_sys_call+0x394d/0x4180 arch/x86/include/generated/asm/syscalls_32.h:358\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/common.c:387\n do_fast_syscall_32+0x38/0x80 arch/x86/entry/common.c:412\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:450\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4121 [inline]\n slab_alloc_node mm/slub.c:4164 [inline]\n kmem_cache_alloc_noprof+0x915/0xe10 mm/slub.c:4171\n insert_tree net/netfilter/nf_conncount.c:372 [inline]\n count_tree net/netfilter/nf_conncount.c:450 [inline]\n nf_conncount_count+0x1415/0x1e80 net/netfilter/nf_conncount.c:521\n connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72\n __nft_match_eval net/netfilter/nft_compat.c:403 [inline]\n nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663\n NF_HOOK_LIST include/linux/netfilter.h:350 [inline]\n ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633\n ip_list_rcv+0x9ef/0xa40 net/ip\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03875 |
debian: CVE-2025-21959 was patched at 2025-04-12, 2025-04-23
162. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21996) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() is weirdly crafted and first command to execute is to encode (case 0x03000001), the function in question will attempt to call radeon_vce_cs_reloc() with size argument that has not been properly initialized. Specifically, 'size' will point to 'tmp' variable before the latter had a chance to be assigned any value. Play it safe and init 'tmp' with 0, thus ensuring that radeon_vce_cs_reloc() will catch an early error in cases like these. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. (cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, 'size'\nwill point to 'tmp' variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init 'tmp' with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03875 |
debian: CVE-2025-21996 was patched at 2025-04-12, 2025-04-23
163. Unknown Vulnerability Type - Linux Kernel (CVE-2025-22005) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak. Let's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the error path. Note that we can remove the fib6_nh_release() call in nh_create_ipv6() later in net-next.git.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().\n\nfib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything\nwhen it fails.\n\nCommit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh")\nmoved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init()\nbut forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in\ncase it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak.\n\nLet's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the\nerror path.\n\nNote that we can remove the fib6_nh_release() call in nh_create_ipv6()\nlater in net-next.git.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00013, EPSS Percentile is 0.01385 |
debian: CVE-2025-22005 was patched at 2025-04-12, 2025-04-23
164. Unknown Vulnerability Type - Linux Kernel (CVE-2025-22010) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated, it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bc Add a cond_resched() to fix soft lockup during these loops. In order not to affect the allocation performance of normal-size buffer, set the loop count of a 100GB MR as the threshold to call cond_resched().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup during bt pages loop\n\nDriver runs a for-loop when allocating bt pages and mapping them with\nbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,\nit may require a considerable loop count. This will lead to soft lockup:\n\n watchdog: BUG: soft lockup - CPU#27 stuck for 22s!\n ...\n Call trace:\n hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]\n hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]\n alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x118/0x290\n\n watchdog: BUG: soft lockup - CPU#35 stuck for 23s!\n ...\n Call trace:\n hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]\n mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]\n alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x120/0x2bc\n\nAdd a cond_resched() to fix soft lockup during these loops. In order not\nto affect the allocation performance of normal-size buffer, set the loop\ncount of a 100GB MR as the threshold to call cond_resched().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00012, EPSS Percentile is 0.01109 |
debian: CVE-2025-22010 was patched at 2025-04-12, 2025-04-23
165. Unknown Vulnerability Type - Linux Kernel (CVE-2025-22014) - Medium [221]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and call pdr_locator_new_server() which eventually sets pdr->locator_init_complete to true which process A sees and takes list lock and queries domain list but it will timeout due to deadlock as the response will queued to the same qmi->wq and it is ordered workqueue and process B is not able to complete new server request work due to deadlock on list lock. Fix it by removing the unnecessary list iteration as the list iteration is already being done inside locator work, so avoid it here and just call schedule_work() here. Process A Process B process_scheduled_works() pdr_add_lookup() qmi_data_ready_work() process_scheduled_works() pdr_locator_new_server() pdr->locator_init_complete=true; pdr_locator_work() mutex_lock(&pdr->list_lock); pdr_locate_service() mutex_lock(&pdr->list_lock); pdr_get_domain_list() pr_err("PDR: %s get domain list txn wait failed: %d\\n", req->service_name, ret); Timeout error log due to deadlock: " PDR: tms/servreg get domain list txn wait failed: -110 PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110 " Thanks to Bjorn and Johan for letting me know that this commit also fixes an audio regression when using the in-kernel pd-mapper as that makes it easier to hit this race. [1]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: Fix the potential deadlock\n\nWhen some client process A call pdr_add_lookup() to add the look up for\nthe service and does schedule locator work, later a process B got a new\nserver packet indicating locator is up and call pdr_locator_new_server()\nwhich eventually sets pdr->locator_init_complete to true which process A\nsees and takes list lock and queries domain list but it will timeout due\nto deadlock as the response will queued to the same qmi->wq and it is\nordered workqueue and process B is not able to complete new server\nrequest work due to deadlock on list lock.\n\nFix it by removing the unnecessary list iteration as the list iteration\nis already being done inside locator work, so avoid it here and just\ncall schedule_work() here.\n\n Process A Process B\n\n process_scheduled_works()\npdr_add_lookup() qmi_data_ready_work()\n process_scheduled_works() pdr_locator_new_server()\n pdr->locator_init_complete=true;\n pdr_locator_work()\n mutex_lock(&pdr->list_lock);\n\n pdr_locate_service() mutex_lock(&pdr->list_lock);\n\n pdr_get_domain_list()\n pr_err("PDR: %s get domain list\n txn wait failed: %d\\n",\n req->service_name,\n ret);\n\nTimeout error log due to deadlock:\n\n"\n PDR: tms/servreg get domain list txn wait failed: -110\n PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110\n"\n\nThanks to Bjorn and Johan for letting me know that this commit also fixes\nan audio regression when using the in-kernel pd-mapper as that makes it\neasier to hit this race. [1]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00012, EPSS Percentile is 0.01109 |
debian: CVE-2025-22014 was patched at 2025-04-12, 2025-04-23
166. Denial of Service - Unknown Product (CVE-2025-27144) - Medium [220]
Description: {'nvd_cve_data_all': 'Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.7 | 10 | CVSS Base Score is 6.6. According to Vulners data source | |
0.1 | 10 | EPSS Probability is 0.00026, EPSS Percentile is 0.05577 |
redhat: CVE-2025-27144 was patched at 2025-03-25, 2025-03-27, 2025-04-03
167. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21943) - Medium [209]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both new_device_store and delete_device_store touch module global resources (e.g. gpio_aggregator_lock). To prevent race conditions with module unload, a reference needs to be held. Add try_module_get() in these handlers. For new_device_store, this eliminates what appears to be the most dangerous scenario: if an id is allocated from gpio_aggregator_idr but platform_device_register has not yet been called or completed, a concurrent module unload could fail to unregister/delete the device, leaving behind a dangling platform device/GPIO forwarder. This can result in various issues. The following simple reproducer demonstrates these problems: #!/bin/bash while :; do # note: whether 'gpiochip0 0' exists or not does not matter. echo 'gpiochip0 0' > /sys/bus/platform/drivers/gpio-aggregator/new_device done & while :; do modprobe gpio-aggregator modprobe -r gpio-aggregator done & wait Starting with the following warning, several kinds of warnings will appear and the system may become unstable: ------------[ cut here ]------------ list_del corruption, ffff888103e2e980->next is LIST_POISON1 (dead000000000100) WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120 [...] RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120 [...] Call Trace: <TASK> ? __list_del_entry_valid_or_report+0xa3/0x120 ? __warn.cold+0x93/0xf2 ? __list_del_entry_valid_or_report+0xa3/0x120 ? report_bug+0xe6/0x170 ? __irq_work_queue_local+0x39/0xe0 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x60 ? asm_exc_invalid_op+0x16/0x20 ? __list_del_entry_valid_or_report+0xa3/0x120 gpiod_remove_lookup_table+0x22/0x60 new_device_store+0x315/0x350 [gpio_aggregator] kernfs_fop_write_iter+0x137/0x1f0 vfs_write+0x262/0x430 ksys_write+0x60/0xd0 do_syscall_64+0x6c/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e [...] </TASK> ---[ end trace 0000000000000000 ]---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: aggregator: protect driver attr handlers against module unload\n\nBoth new_device_store and delete_device_store touch module global\nresources (e.g. gpio_aggregator_lock). To prevent race conditions with\nmodule unload, a reference needs to be held.\n\nAdd try_module_get() in these handlers.\n\nFor new_device_store, this eliminates what appears to be the most dangerous\nscenario: if an id is allocated from gpio_aggregator_idr but\nplatform_device_register has not yet been called or completed, a concurrent\nmodule unload could fail to unregister/delete the device, leaving behind a\ndangling platform device/GPIO forwarder. This can result in various issues.\nThe following simple reproducer demonstrates these problems:\n\n #!/bin/bash\n while :; do\n # note: whether 'gpiochip0 0' exists or not does not matter.\n echo 'gpiochip0 0' > /sys/bus/platform/drivers/gpio-aggregator/new_device\n done &\n while :; do\n modprobe gpio-aggregator\n modprobe -r gpio-aggregator\n done &\n wait\n\n Starting with the following warning, several kinds of warnings will appear\n and the system may become unstable:\n\n ------------[ cut here ]------------\n list_del corruption, ffff888103e2e980->next is LIST_POISON1 (dead000000000100)\n WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120\n [...]\n RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120\n [...]\n Call Trace:\n <TASK>\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? __warn.cold+0x93/0xf2\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? report_bug+0xe6/0x170\n ? __irq_work_queue_local+0x39/0xe0\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_del_entry_valid_or_report+0xa3/0x120\n gpiod_remove_lookup_table+0x22/0x60\n new_device_store+0x315/0x350 [gpio_aggregator]\n kernfs_fop_write_iter+0x137/0x1f0\n vfs_write+0x262/0x430\n ksys_write+0x60/0xd0\n do_syscall_64+0x6c/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n </TASK>\n ---[ end trace 0000000000000000 ]---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.5 | 10 | CVSS Base Score is 4.7. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00015, EPSS Percentile is 0.01974 |
debian: CVE-2025-21943 was patched at 2025-04-12, 2025-04-23
168. Information Disclosure - Unknown Product (CVE-2025-32700) - Medium [207]
Description: {'nvd_cve_data_all': 'Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php. This issue affects AbuseFilter: from >= 1.43.0 before 1.43.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php.\n\nThis issue affects AbuseFilter: from >= 1.43.0 before 1.43.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0 | 14 | Unknown Product | |
0.2 | 10 | CVSS Base Score is 2.3. According to Vulners data source | |
0.3 | 10 | EPSS Probability is 0.00083, EPSS Percentile is 0.2534 |
debian: CVE-2025-32700 was patched at 2025-04-13, 2025-04-23
169. Unknown Vulnerability Type - Libsoup (CVE-2025-32052) - Medium [207]
Description: {'nvd_cve_data_all': 'A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.6 | 14 | libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools. | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15061 |
debian: CVE-2025-32052 was patched at 2025-04-23
ubuntu: CVE-2025-32052 was patched at 2025-04-10
170. Unknown Vulnerability Type - Libsoup (CVE-2025-32053) - Medium [207]
Description: {'nvd_cve_data_all': 'A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.6 | 14 | libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools. | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15061 |
debian: CVE-2025-32053 was patched at 2025-04-23
ubuntu: CVE-2025-32053 was patched at 2025-04-10
171. Cross Site Scripting - Unknown Product (CVE-2024-53986) - Medium [202]
Description: {'nvd_cve_data_all': 'rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0 | 14 | Unknown Product | |
0.2 | 10 | CVSS Base Score is 2.3. According to Vulners data source | |
0.3 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.31208 |
redos: CVE-2024-53986 was patched at 2025-04-02
172. Cross Site Scripting - Unknown Product (CVE-2024-53987) - Medium [202]
Description: {'nvd_cve_data_all': 'rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicitly allowed and the "svg" or "math" element is not allowed. This vulnerability is fixed in 1.6.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicitly allowed and the "svg" or "math" element is not allowed. This vulnerability is fixed in 1.6.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0 | 14 | Unknown Product | |
0.2 | 10 | CVSS Base Score is 2.3. According to Vulners data source | |
0.3 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.31208 |
redos: CVE-2024-53987 was patched at 2025-04-02
173. Cross Site Scripting - Unknown Product (CVE-2024-53988) - Medium [202]
Description: {'nvd_cve_data_all': 'rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0 | 14 | Unknown Product | |
0.2 | 10 | CVSS Base Score is 2.3. According to Vulners data source | |
0.3 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.31208 |
redos: CVE-2024-53988 was patched at 2025-04-02
174. Cross Site Scripting - Unknown Product (CVE-2024-53989) - Medium [202]
Description: {'nvd_cve_data_all': 'rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element. This vulnerability is fixed in 1.6.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element. This vulnerability is fixed in 1.6.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0 | 14 | Unknown Product | |
0.2 | 10 | CVSS Base Score is 2.3. According to Vulners data source | |
0.3 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.31208 |
redos: CVE-2024-53989 was patched at 2025-04-02
175. Unknown Vulnerability Type - MediaWiki (CVE-2025-32699) - Low [176]
Description: {'nvd_cve_data_all': 'Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.7 | 14 | MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL) | |
0.2 | 10 | CVSS Base Score is 2.1. According to Vulners data source | |
0.3 | 10 | EPSS Probability is 0.00093, EPSS Percentile is 0.27492 |
debian: CVE-2025-32699 was patched at 2025-04-13, 2025-04-23
176. Unknown Vulnerability Type - Linux Kernel (CVE-2024-58090) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [<ffffffffa8281b8e>] __up_console_sem+0x7e/0x90 hardirqs last disabled at (15580): [<ffffffffa8281b73>] __up_console_sem+0x63/0x90 That means __up_console_sem() was invoked with interrupts enabled. Further instrumentation revealed that in the interrupt disabled section of kexec jump one of the syscore_suspend() callbacks woke up a task, which set the NEED_RESCHED flag. A later callback in the resume path invoked cond_resched() which in turn led to the invocation of the scheduler: __cond_resched+0x21/0x60 down_timeout+0x18/0x60 acpi_os_wait_semaphore+0x4c/0x80 acpi_ut_acquire_mutex+0x3d/0x100 acpi_ns_get_node+0x27/0x60 acpi_ns_evaluate+0x1cb/0x2d0 acpi_rs_set_srs_method_data+0x156/0x190 acpi_pci_link_set+0x11c/0x290 irqrouter_resume+0x54/0x60 syscore_resume+0x6a/0x200 kernel_kexec+0x145/0x1c0 __do_sys_reboot+0xeb/0x240 do_syscall_64+0x95/0x180 This is a long standing problem, which probably got more visible with the recent printk changes. Something does a task wakeup and the scheduler sets the NEED_RESCHED flag. cond_resched() sees it set and invokes schedule() from a completely bogus context. The scheduler enables interrupts after context switching, which causes the above warning at the end. Quite some of the code paths in syscore_suspend()/resume() can result in triggering a wakeup with the exactly same consequences. They might not have done so yet, but as they share a lot of code with normal operations it's just a question of time. The problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling models. Full preemption is not affected as cond_resched() is disabled and the preemption check preemptible() takes the interrupt disabled flag into account. Cure the problem by adding a corresponding check into cond_resched().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Prevent rescheduling when interrupts are disabled\n\nDavid reported a warning observed while loop testing kexec jump:\n\n Interrupts enabled after irqrouter_resume+0x0/0x50\n WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220\n kernel_kexec+0xf6/0x180\n __do_sys_reboot+0x206/0x250\n do_syscall_64+0x95/0x180\n\nThe corresponding interrupt flag trace:\n\n hardirqs last enabled at (15573): [<ffffffffa8281b8e>] __up_console_sem+0x7e/0x90\n hardirqs last disabled at (15580): [<ffffffffa8281b73>] __up_console_sem+0x63/0x90\n\nThat means __up_console_sem() was invoked with interrupts enabled. Further\ninstrumentation revealed that in the interrupt disabled section of kexec\njump one of the syscore_suspend() callbacks woke up a task, which set the\nNEED_RESCHED flag. A later callback in the resume path invoked\ncond_resched() which in turn led to the invocation of the scheduler:\n\n __cond_resched+0x21/0x60\n down_timeout+0x18/0x60\n acpi_os_wait_semaphore+0x4c/0x80\n acpi_ut_acquire_mutex+0x3d/0x100\n acpi_ns_get_node+0x27/0x60\n acpi_ns_evaluate+0x1cb/0x2d0\n acpi_rs_set_srs_method_data+0x156/0x190\n acpi_pci_link_set+0x11c/0x290\n irqrouter_resume+0x54/0x60\n syscore_resume+0x6a/0x200\n kernel_kexec+0x145/0x1c0\n __do_sys_reboot+0xeb/0x240\n do_syscall_64+0x95/0x180\n\nThis is a long standing problem, which probably got more visible with\nthe recent printk changes. Something does a task wakeup and the\nscheduler sets the NEED_RESCHED flag. cond_resched() sees it set and\ninvokes schedule() from a completely bogus context. The scheduler\nenables interrupts after context switching, which causes the above\nwarning at the end.\n\nQuite some of the code paths in syscore_suspend()/resume() can result in\ntriggering a wakeup with the exactly same consequences. They might not\nhave done so yet, but as they share a lot of code with normal operations\nit's just a question of time.\n\nThe problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling\nmodels. Full preemption is not affected as cond_resched() is disabled and\nthe preemption check preemptible() takes the interrupt disabled flag into\naccount.\n\nCure the problem by adding a corresponding check into cond_resched().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.19332 |
debian: CVE-2024-58090 was patched at 2025-04-12, 2025-04-23
177. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21871) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix supplicant wait loop OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It becomes more complicated when there is incorrect shutdown ordering of the supplicant process vs the OP-TEE client application which can eventually lead to system hang-up waiting for the closure of the client application. Allow the client process waiting in kernel for supplicant response to be killed rather than indefinitely waiting in an unkillable state. Also, a normal uninterruptible wait should not have resulted in the hung-task watchdog getting triggered, but the endless loop would. This fixes issues observed during system reboot/shutdown when supplicant got hung for some reason or gets crashed/killed which lead to client getting hung in an unkillable state. It in turn lead to system being in hung up state requiring hard power off/on to recover.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it's possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.19332 |
debian: CVE-2025-21871 was patched at 2025-04-12, 2025-04-23
178. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21875) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline] WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline] WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788 Modules linked in: CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline] RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline] RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788 Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 <0f> 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283 RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000 RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408 RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000 R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0 R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00 FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59 mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486 mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline] mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629 genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:733 ____sys_sendmsg+0x53a/0x860 net/socket.c:2573 ___sys_sendmsg net/socket.c:2627 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2659 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f7e9998cde9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9 RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007 RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088 Indeed the PM can try to send a RM_ADDR over a msk without acquiring first the msk socket lock. The bugged code-path comes from an early optimization: when there are no subflows, the PM should (usually) not send RM_ADDR notifications. The above statement is incorrect, as without locks another process could concur ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: always handle address removal under msk socket lock\n\nSyzkaller reported a lockdep splat in the PM control path:\n\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Modules linked in:\n CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\n RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]\n RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 <0f> 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff\n RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283\n RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000\n RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408\n RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000\n R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0\n R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00\n FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <TASK>\n mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59\n mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486\n mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]\n mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:733\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2573\n ___sys_sendmsg net/socket.c:2627 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7e9998cde9\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9\n RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007\n RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088\n\nIndeed the PM can try to send a RM_ADDR over a msk without acquiring\nfirst the msk socket lock.\n\nThe bugged code-path comes from an early optimization: when there\nare no subflows, the PM should (usually) not send RM_ADDR\nnotifications.\n\nThe above statement is incorrect, as without locks another process\ncould concur\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.19332 |
debian: CVE-2025-21875 was patched at 2025-04-12, 2025-04-23
179. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21878) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: disable interrupt enable bit before devm_request_irq The customer reports that there is a soft lockup issue related to the i2c driver. After checking, the i2c module was doing a tx transfer and the bmc machine reboots in the middle of the i2c transaction, the i2c module keeps the status without being reset. Due to such an i2c module status, the i2c irq handler keeps getting triggered since the i2c irq handler is registered in the kernel booting process after the bmc machine is doing a warm rebooting. The continuous triggering is stopped by the soft lockup watchdog timer. Disable the interrupt enable bit in the i2c module before calling devm_request_irq to fix this issue since the i2c relative status bit is read-only. Here is the soft lockup log. [ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1] [ 28.183351] Modules linked in: [ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1 [ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 28.208128] pc : __do_softirq+0xb0/0x368 [ 28.212055] lr : __do_softirq+0x70/0x368 [ 28.215972] sp : ffffff8035ebca00 [ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780 [ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0 [ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b [ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff [ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000 [ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2 [ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250 [ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434 [ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198 [ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40 [ 28.290611] Call trace: [ 28.293052] __do_softirq+0xb0/0x368 [ 28.296625] __irq_exit_rcu+0xe0/0x100 [ 28.300374] irq_exit+0x14/0x20 [ 28.303513] handle_domain_irq+0x68/0x90 [ 28.307440] gic_handle_irq+0x78/0xb0 [ 28.311098] call_on_irq_stack+0x20/0x38 [ 28.315019] do_interrupt_handler+0x54/0x5c [ 28.319199] el1_interrupt+0x2c/0x4c [ 28.322777] el1h_64_irq_handler+0x14/0x20 [ 28.326872] el1h_64_irq+0x74/0x78 [ 28.330269] __setup_irq+0x454/0x780 [ 28.333841] request_threaded_irq+0xd0/0x1b4 [ 28.338107] devm_request_threaded_irq+0x84/0x100 [ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0 [ 28.346990] platform_probe+0x6c/0xc4 [ 28.350653] really_probe+0xcc/0x45c [ 28.354227] __driver_probe_device+0x8c/0x160 [ 28.358578] driver_probe_device+0x44/0xe0 [ 28.362670] __driver_attach+0x124/0x1d0 [ 28.366589] bus_for_each_dev+0x7c/0xe0 [ 28.370426] driver_attach+0x28/0x30 [ 28.373997] bus_add_driver+0x124/0x240 [ 28.377830] driver_register+0x7c/0x124 [ 28.381662] __platform_driver_register+0x2c/0x34 [ 28.386362] npcm_i2c_init+0x3c/0x5c [ 28.389937] do_one_initcall+0x74/0x230 [ 28.393768] kernel_init_freeable+0x24c/0x2b4 [ 28.398126] kernel_init+0x28/0x130 [ 28.401614] ret_from_fork+0x10/0x20 [ 28.405189] Kernel panic - not syncing: softlockup: hung tasks [ 28.411011] SMP: stopping secondary CPUs [ 28.414933] Kernel Offset: disabled [ 28.418412] CPU features: 0x00000000,00000802 [ 28.427644] Rebooting in 20 seconds..', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.19332 |
debian: CVE-2025-21878 was patched at 2025-04-12, 2025-04-23
180. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21909) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject cooked mode if it is set along with other flags It is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE flags simultaneously on the same monitor interface from the userspace. This causes a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit set because the monitor interface is in the cooked state and it takes precedence over all other states. When the interface is then being deleted the kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing that bit. Fix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with other flags. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21909 was patched at 2025-04-12, 2025-04-23
181. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21910) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue [1] that occurs when erroneous symbols sent from userspace get through into user_alpha2[] via regulatory_hint_user() call. Such invalid regulatory hints should be rejected. While a sanity check from commit 47caf685a685 ("cfg80211: regulatory: reject invalid hints") looks to be enough to deter these very cases, there is a way to get around it due to 2 reasons. 1) The way isalpha() works, symbols other than latin lower and upper letters may be used to determine a country/domain. For instance, greek letters will also be considered upper/lower letters and for such characters isalpha() will return true as well. However, ISO-3166-1 alpha2 codes should only hold latin characters. 2) While processing a user regulatory request, between reg_process_hint_user() and regulatory_hint_user() there happens to be a call to queue_regulatory_request() which modifies letters in request->alpha2[] with toupper(). This works fine for latin symbols, less so for weird letter characters from the second part of _ctype[]. Syzbot triggers a warning in is_user_regdom_saved() by first sending over an unexpected non-latin letter that gets malformed by toupper() into a character that ends up failing isalpha() check. Prevent this by enhancing is_an_alpha2() to ensure that incoming symbols are latin letters and nothing else. [1] Syzbot report: ------------[ cut here ]------------ Unexpected user alpha2: A� WARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline] WARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline] WARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516 Modules linked in: CPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events_power_efficient crda_timeout_work RIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline] RIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline] RIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516 ... Call Trace: <TASK> crda_timeout_work+0x27/0x50 net/wireless/reg.c:542 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f2/0x390 kernel/kthread.c:389 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK>', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: regulatory: improve invalid hints checking\n\nSyzbot keeps reporting an issue [1] that occurs when erroneous symbols\nsent from userspace get through into user_alpha2[] via\nregulatory_hint_user() call. Such invalid regulatory hints should be\nrejected.\n\nWhile a sanity check from commit 47caf685a685 ("cfg80211: regulatory:\nreject invalid hints") looks to be enough to deter these very cases,\nthere is a way to get around it due to 2 reasons.\n\n1) The way isalpha() works, symbols other than latin lower and\nupper letters may be used to determine a country/domain.\nFor instance, greek letters will also be considered upper/lower\nletters and for such characters isalpha() will return true as well.\nHowever, ISO-3166-1 alpha2 codes should only hold latin\ncharacters.\n\n2) While processing a user regulatory request, between\nreg_process_hint_user() and regulatory_hint_user() there happens to\nbe a call to queue_regulatory_request() which modifies letters in\nrequest->alpha2[] with toupper(). This works fine for latin symbols,\nless so for weird letter characters from the second part of _ctype[].\n\nSyzbot triggers a warning in is_user_regdom_saved() by first sending\nover an unexpected non-latin letter that gets malformed by toupper()\ninto a character that ends up failing isalpha() check.\n\nPrevent this by enhancing is_an_alpha2() to ensure that incoming\nsymbols are latin letters and nothing else.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nUnexpected user alpha2: A�\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\nModules linked in:\nCPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events_power_efficient crda_timeout_work\nRIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline]\nRIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline]\nRIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\n...\nCall Trace:\n <TASK>\n crda_timeout_work+0x27/0x50 net/wireless/reg.c:542\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21910 was patched at 2025-04-12, 2025-04-23
182. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21914) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slim_do_transfer() returns timeout error but the transaction ID (TID) is not freed. This results into invalid memory access inside qcom_slim_ngd_rx_msgq_cb() due to invalid TID. Fix the issue by freeing the TID in slim_do_transfer() before returning timeout error to avoid invalid memory access. Call trace: __memcpy_fromio+0x20/0x190 qcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl] vchan_complete+0x2a0/0x4a0 tasklet_action_common+0x274/0x700 tasklet_action+0x28/0x3c _stext+0x188/0x620 run_ksoftirqd+0x34/0x74 smpboot_thread_fn+0x1d8/0x464 kthread+0x178/0x238 ret_from_fork+0x10/0x20 Code: aa0003e8 91000429 f100044a 3940002b (3800150b) ---[ end trace 0fe00bec2b975c99 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: messaging: Free transaction ID in delayed interrupt scenario\n\nIn case of interrupt delay for any reason, slim_do_transfer()\nreturns timeout error but the transaction ID (TID) is not freed.\nThis results into invalid memory access inside\nqcom_slim_ngd_rx_msgq_cb() due to invalid TID.\n\nFix the issue by freeing the TID in slim_do_transfer() before\nreturning timeout error to avoid invalid memory access.\n\nCall trace:\n__memcpy_fromio+0x20/0x190\nqcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl]\nvchan_complete+0x2a0/0x4a0\ntasklet_action_common+0x274/0x700\ntasklet_action+0x28/0x3c\n_stext+0x188/0x620\nrun_ksoftirqd+0x34/0x74\nsmpboot_thread_fn+0x1d8/0x464\nkthread+0x178/0x238\nret_from_fork+0x10/0x20\nCode: aa0003e8 91000429 f100044a 3940002b (3800150b)\n---[ end trace 0fe00bec2b975c99 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21914 was patched at 2025-04-12, 2025-04-23
183. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21916) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. This time the issue stems from a commit authored by me (2eabb655a968 ("usb: atm: cxacru: fix endpoint checking in cxacru_bind()")). While using usb_find_common_endpoints() may usually be enough to discard devices with wrong endpoints, in this case one needs more than just finding and identifying the sufficient number of endpoints of correct types - one needs to check the endpoint's address as well. Since cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind, switch the endpoint verification approach to usb_check_XXX_endpoints() instead to fix incomplete ep testing. [1] Syzbot report: usb 5-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... RIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649 cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline] cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223 usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058 cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377 usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396 really_probe+0x2b9/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 ...', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix a flaw in existing endpoint checks\n\nSyzbot once again identified a flaw in usb endpoint checking, see [1].\nThis time the issue stems from a commit authored by me (2eabb655a968\n("usb: atm: cxacru: fix endpoint checking in cxacru_bind()")).\n\nWhile using usb_find_common_endpoints() may usually be enough to\ndiscard devices with wrong endpoints, in this case one needs more\nthan just finding and identifying the sufficient number of endpoints\nof correct types - one needs to check the endpoint's address as well.\n\nSince cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind,\nswitch the endpoint verification approach to usb_check_XXX_endpoints()\ninstead to fix incomplete ep testing.\n\n[1] Syzbot report:\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nRIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n <TASK>\n cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649\n cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline]\n cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223\n usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058\n cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377\n usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396\n really_probe+0x2b9/0xad0 drivers/base/dd.c:658\n __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800\n driver_probe_device+0x50/0x430 drivers/base/dd.c:830\n...', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21916 was patched at 2025-04-12, 2025-04-23
184. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21924) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error During the initialization of ptp, hclge_ptp_get_cycle might return an error and returned directly without unregister clock and free it. To avoid that, call hclge_ptp_destroy_clock to unregist and free clock if hclge_ptp_get_cycle failed.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error\n\nDuring the initialization of ptp, hclge_ptp_get_cycle might return an error\nand returned directly without unregister clock and free it. To avoid that,\ncall hclge_ptp_destroy_clock to unregist and free clock if\nhclge_ptp_get_cycle failed.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21924 was patched at 2025-04-12, 2025-04-23
185. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21926) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in __udp_gso_segment In __udp_gso_segment the skb destructor is removed before segmenting the skb but the socket reference is kept as-is. This is an issue if the original skb is later orphaned as we can hit the following bug: kernel BUG at ./include/linux/skbuff.h:3312! (skb_orphan) RIP: 0010:ip_rcv_core+0x8b2/0xca0 Call Trace: ip_rcv+0xab/0x6e0 __netif_receive_skb_one_core+0x168/0x1b0 process_backlog+0x384/0x1100 __napi_poll.constprop.0+0xa1/0x370 net_rx_action+0x925/0xe50 The above can happen following a sequence of events when using OpenVSwitch, when an OVS_ACTION_ATTR_USERSPACE action precedes an OVS_ACTION_ATTR_OUTPUT action: 1. OVS_ACTION_ATTR_USERSPACE is handled (in do_execute_actions): the skb goes through queue_gso_packets and then __udp_gso_segment, where its destructor is removed. 2. The segments' data are copied and sent to userspace. 3. OVS_ACTION_ATTR_OUTPUT is handled (in do_execute_actions) and the same original skb is sent to its path. 4. If it later hits skb_orphan, we hit the bug. Fix this by also removing the reference to the socket in __udp_gso_segment.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: fix ownership in __udp_gso_segment\n\nIn __udp_gso_segment the skb destructor is removed before segmenting the\nskb but the socket reference is kept as-is. This is an issue if the\noriginal skb is later orphaned as we can hit the following bug:\n\n kernel BUG at ./include/linux/skbuff.h:3312! (skb_orphan)\n RIP: 0010:ip_rcv_core+0x8b2/0xca0\n Call Trace:\n ip_rcv+0xab/0x6e0\n __netif_receive_skb_one_core+0x168/0x1b0\n process_backlog+0x384/0x1100\n __napi_poll.constprop.0+0xa1/0x370\n net_rx_action+0x925/0xe50\n\nThe above can happen following a sequence of events when using\nOpenVSwitch, when an OVS_ACTION_ATTR_USERSPACE action precedes an\nOVS_ACTION_ATTR_OUTPUT action:\n\n1. OVS_ACTION_ATTR_USERSPACE is handled (in do_execute_actions): the skb\n goes through queue_gso_packets and then __udp_gso_segment, where its\n destructor is removed.\n2. The segments' data are copied and sent to userspace.\n3. OVS_ACTION_ATTR_OUTPUT is handled (in do_execute_actions) and the\n same original skb is sent to its path.\n4. If it later hits skb_orphan, we hit the bug.\n\nFix this by also removing the reference to the socket in\n__udp_gso_segment.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21926 was patched at 2025-04-12, 2025-04-23
186. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21935) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: add check for rio_add_net() in rio_scan_alloc_net()\n\nThe return value of rio_add_net() should be checked. If it fails,\nput_device() should be called to free the memory and give up the reference\ninitialized in rio_add_net().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21935 was patched at 2025-04-12, 2025-04-23
187. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21950) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl In the "pmcmd_ioctl" function, three memory objects allocated by kmalloc are initialized by "hcall_get_cpu_state", which are then copied to user space. The initializer is indeed implemented in "acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of information leakage due to uninitialized bytes.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl\n\nIn the "pmcmd_ioctl" function, three memory objects allocated by\nkmalloc are initialized by "hcall_get_cpu_state", which are then\ncopied to user space. The initializer is indeed implemented in\n"acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of\ninformation leakage due to uninitialized bytes.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21950 was patched at 2025-04-12, 2025-04-23
188. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21956) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign normalized_pix_clk when color depth = 14 [WHY & HOW] A warning message "WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397 calculate_phy_pix_clks+0xef/0x100 [amdgpu]" occurs because the display_color_depth == COLOR_DEPTH_141414 is not handled. This is observed in Radeon RX 6600 XT. It is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests. Also fixes the indentation in get_norm_pix_clk. (cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign normalized_pix_clk when color depth = 14\n\n[WHY & HOW]\nA warning message "WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397\ncalculate_phy_pix_clks+0xef/0x100 [amdgpu]" occurs because the\ndisplay_color_depth == COLOR_DEPTH_141414 is not handled. This is\nobserved in Radeon RX 6600 XT.\n\nIt is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.\n\nAlso fixes the indentation in get_norm_pix_clk.\n\n(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21956 was patched at 2025-04-12, 2025-04-23
189. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21970) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Bridge, fix the crash caused by LAG state check When removing LAG device from bridge, NETDEV_CHANGEUPPER event is triggered. Driver finds the lower devices (PFs) to flush all the offloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns false if one of PF is unloaded. In such case, mlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of the alive PF, and the flush is skipped. Besides, the bridge fdb entry's lastuse is updated in mlx5 bridge event handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be ignored in this case because the upper interface for bond is deleted, and the entry will never be aged because lastuse is never updated. To make things worse, as the entry is alive, mlx5 bridge workqueue keeps sending that event, which is then handled by kernel bridge notifier. It causes the following crash when accessing the passed bond netdev which is already destroyed. To fix this issue, remove such checks. LAG state is already checked in commit 15f8f168952f ("net/mlx5: Bridge, verify LAG state when adding bond to bridge"), driver still need to skip offload if LAG becomes invalid state after initialization. Oops: stack segment: 0000 [#1] SMP CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core] RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge] Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 <4c> 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7 RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297 RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0 RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8 R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60 R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? die+0x38/0x60 ? do_trap+0x10b/0x120 ? do_error_trap+0x64/0xa0 ? exc_stack_segment+0x33/0x50 ? asm_exc_stack_segment+0x22/0x30 ? br_switchdev_event+0x2c/0x110 [bridge] ? sched_balance_newidle.isra.149+0x248/0x390 notifier_call_chain+0x4b/0xa0 atomic_notifier_call_chain+0x16/0x20 mlx5_esw_bridge_update+0xec/0x170 [mlx5_core] mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core] process_scheduled_works+0x81/0x390 worker_thread+0x106/0x250 ? bh_worker+0x110/0x110 kthread+0xb7/0xe0 ? kthread_park+0x80/0x80 ret_from_fork+0x2d/0x50 ? kthread_park+0x80/0x80 ret_from_fork_asm+0x11/0x20 </TASK>', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Bridge, fix the crash caused by LAG state check\n\nWhen removing LAG device from bridge, NETDEV_CHANGEUPPER event is\ntriggered. Driver finds the lower devices (PFs) to flush all the\noffloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns\nfalse if one of PF is unloaded. In such case,\nmlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of\nthe alive PF, and the flush is skipped.\n\nBesides, the bridge fdb entry's lastuse is updated in mlx5 bridge\nevent handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be\nignored in this case because the upper interface for bond is deleted,\nand the entry will never be aged because lastuse is never updated.\n\nTo make things worse, as the entry is alive, mlx5 bridge workqueue\nkeeps sending that event, which is then handled by kernel bridge\nnotifier. It causes the following crash when accessing the passed bond\nnetdev which is already destroyed.\n\nTo fix this issue, remove such checks. LAG state is already checked in\ncommit 15f8f168952f ("net/mlx5: Bridge, verify LAG state when adding\nbond to bridge"), driver still need to skip offload if LAG becomes\ninvalid state after initialization.\n\n Oops: stack segment: 0000 [#1] SMP\n CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core]\n RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge]\n Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 <4c> 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7\n RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297\n RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff\n RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0\n RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60\n R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? die+0x38/0x60\n ? do_trap+0x10b/0x120\n ? do_error_trap+0x64/0xa0\n ? exc_stack_segment+0x33/0x50\n ? asm_exc_stack_segment+0x22/0x30\n ? br_switchdev_event+0x2c/0x110 [bridge]\n ? sched_balance_newidle.isra.149+0x248/0x390\n notifier_call_chain+0x4b/0xa0\n atomic_notifier_call_chain+0x16/0x20\n mlx5_esw_bridge_update+0xec/0x170 [mlx5_core]\n mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core]\n process_scheduled_works+0x81/0x390\n worker_thread+0x106/0x250\n ? bh_worker+0x110/0x110\n kthread+0xb7/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n </TASK>', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21970 was patched at 2025-04-12, 2025-04-23
190. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21971) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21971 was patched at 2025-04-12, 2025-04-23
191. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21992) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff Add this device to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: ignore non-functional sensor in HP 5MP Camera\n\nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that\nis not actually implemented. Attempting to access this non-functional\nsensor via iio_info causes system hangs as runtime PM tries to wake up\nan unresponsive sensor.\n\n [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff\n [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff\n\nAdd this device to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00069, EPSS Percentile is 0.21825 |
debian: CVE-2025-21992 was patched at 2025-04-12, 2025-04-23
192. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21994) - Low [173]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) It is an incorrect validation that we can create an array of size ULONG_MAX. smb_acl has ->size field to calculate actual number of aces in request buffer size. Use this to check invalid num_aces.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix incorrect validation for num_aces field of smb_acl\n\nparse_dcal() validate num_aces to allocate posix_ace_state_array.\n\nif (num_aces > ULONG_MAX / sizeof(struct smb_ace *))\n\nIt is an incorrect validation that we can create an array of size ULONG_MAX.\nsmb_acl has ->size field to calculate actual number of aces in request buffer\nsize. Use this to check invalid num_aces.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17498 |
debian: CVE-2025-21994 was patched at 2025-04-12, 2025-04-23
193. Denial of Service - Unknown Product (CVE-2025-31160) - Low [172]
Description: {'nvd_cve_data_all': 'atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.3 | 10 | CVSS Base Score is 2.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.13644 |
debian: CVE-2025-31160 was patched at 2025-04-03, 2025-04-23
194. Denial of Service - Unknown Product (CVE-2025-32364) - Low [172]
Description: {'nvd_cve_data_all': 'A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.4 | 10 | CVSS Base Score is 4.0. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.0273 |
debian: CVE-2025-32364 was patched at 2025-04-23
ubuntu: CVE-2025-32364 was patched at 2025-04-08, 2025-04-09
195. Unknown Vulnerability Type - Linux Kernel (CVE-2024-41932) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: sched: fix warning in sched_setaffinity Commit 8f9ea86fdf99b added some logic to sched_setaffinity that included a WARN when a per-task affinity assignment races with a cpuset update. Specifically, we can have a race where a cpuset update results in the task affinity no longer being a subset of the cpuset. That's fine; we have a fallback to instead use the cpuset mask. However, we have a WARN set up that will trigger if the cpuset mask has no overlap at all with the requested task affinity. This shouldn't be a warning condition; its trivial to create this condition. Reproduced the warning by the following setup: - $PID inside a cpuset cgroup - another thread repeatedly switching the cpuset cpus from 1-2 to just 1 - another thread repeatedly setting the $PID affinity (via taskset) to 2', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: fix warning in sched_setaffinity\n\nCommit 8f9ea86fdf99b added some logic to sched_setaffinity that included\na WARN when a per-task affinity assignment races with a cpuset update.\n\nSpecifically, we can have a race where a cpuset update results in the\ntask affinity no longer being a subset of the cpuset. That's fine; we\nhave a fallback to instead use the cpuset mask. However, we have a WARN\nset up that will trigger if the cpuset mask has no overlap at all with\nthe requested task affinity. This shouldn't be a warning condition; its\ntrivial to create this condition.\n\nReproduced the warning by the following setup:\n\n- $PID inside a cpuset cgroup\n- another thread repeatedly switching the cpuset cpus from 1-2 to just 1\n- another thread repeatedly setting the $PID affinity (via taskset) to 2', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-41932 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
196. Unknown Vulnerability Type - Linux Kernel (CVE-2024-48876) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: stackdepot: fix stack_depot_save_flags() in NMI context Per documentation, stack_depot_save_flags() was meant to be usable from NMI context if STACK_DEPOT_FLAG_CAN_ALLOC is unset. However, it still would try to take the pool_lock in an attempt to save a stack trace in the current pool (if space is available). This could result in deadlock if an NMI is handled while pool_lock is already held. To avoid deadlock, only try to take the lock in NMI context and give up if unsuccessful. The documentation is fixed to clearly convey this.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nstackdepot: fix stack_depot_save_flags() in NMI context\n\nPer documentation, stack_depot_save_flags() was meant to be usable from\nNMI context if STACK_DEPOT_FLAG_CAN_ALLOC is unset. However, it still\nwould try to take the pool_lock in an attempt to save a stack trace in the\ncurrent pool (if space is available).\n\nThis could result in deadlock if an NMI is handled while pool_lock is\nalready held. To avoid deadlock, only try to take the lock in NMI context\nand give up if unsuccessful.\n\nThe documentation is fixed to clearly convey this.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-48876 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
197. Unknown Vulnerability Type - Linux Kernel (CVE-2024-53681) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. Create a new string with kstrndup instead of using the old buffer.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Don't overflow subsysnqn\n\nnvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed\nsize buffer, even though it is dynamically allocated to the size of the\nstring.\n\nCreate a new string with kstrndup instead of using the old buffer.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-53681 was patched at 2025-03-27, 2025-04-01
198. Unknown Vulnerability Type - Linux Kernel (CVE-2024-53682) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: regulator: axp20x: AXP717: set ramp_delay AXP717 datasheet says that regulator ramp delay is 15.625 us/step, which is 10mV in our case. Add a AXP_DESC_RANGES_DELAY macro and update AXP_DESC_RANGES macro to expand to AXP_DESC_RANGES_DELAY with ramp_delay = 0 For DCDC4, steps is 100mv Add a AXP_DESC_DELAY macro and update AXP_DESC macro to expand to AXP_DESC_DELAY with ramp_delay = 0 This patch fix crashes when using CPU DVFS.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: axp20x: AXP717: set ramp_delay\n\nAXP717 datasheet says that regulator ramp delay is 15.625 us/step,\nwhich is 10mV in our case.\n\nAdd a AXP_DESC_RANGES_DELAY macro and update AXP_DESC_RANGES macro to\nexpand to AXP_DESC_RANGES_DELAY with ramp_delay = 0\n\nFor DCDC4, steps is 100mv\n\nAdd a AXP_DESC_DELAY macro and update AXP_DESC macro to\nexpand to AXP_DESC_DELAY with ramp_delay = 0\n\nThis patch fix crashes when using CPU DVFS.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-53682 was patched at 2025-03-27, 2025-04-01
199. Unknown Vulnerability Type - Linux Kernel (CVE-2024-54193) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal() Move pm_runtime_set_active() to ivpu_pm_init() so when ivpu_ipc_send_receive_internal() is executed before ivpu_pm_enable() it already has correct runtime state, even if last resume was not successful.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal()\n\nMove pm_runtime_set_active() to ivpu_pm_init() so when\nivpu_ipc_send_receive_internal() is executed before ivpu_pm_enable()\nit already has correct runtime state, even if last resume was\nnot successful.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-54193 was patched at 2025-03-27, 2025-04-01
200. Unknown Vulnerability Type - Linux Kernel (CVE-2024-54455) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix general protection fault in ivpu_bo_list() Check if ctx is not NULL before accessing its fields.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix general protection fault in ivpu_bo_list()\n\nCheck if ctx is not NULL before accessing its fields.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-54455 was patched at 2025-03-27, 2025-04-01
201. Unknown Vulnerability Type - Linux Kernel (CVE-2024-55639) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitch_device structure is used at several driver locations. So passing this node to of_node_put() after the first use is wrong. Move of_node_put() for this node to exit paths.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: renesas: rswitch: avoid use-after-put for a device tree node\n\nThe device tree node saved in the rswitch_device structure is used at\nseveral driver locations. So passing this node to of_node_put() after\nthe first use is wrong.\n\nMove of_node_put() for this node to exit paths.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06259 |
ubuntu: CVE-2024-55639 was patched at 2025-03-27, 2025-04-01
202. Unknown Vulnerability Type - Linux Kernel (CVE-2024-55641) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x491520 len 32 error 5 XFS (dm-0): metadata I/O error in "xfs_btree_read_buf_block+0xba/0x160 [xfs]" at daddr 0x3445608 len 8 error 5 XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x138e1c0 len 32 error 5 XFS (dm-0): log I/O error -5 XFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ea/0x4b0 [xfs] (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. XFS (dm-0): Please unmount the filesystem and rectify the problem(s) XFS (dm-0): Internal error dqp->q_ino.reserved < dqp->q_ino.count at line 869 of file fs/xfs/xfs_trans_dquot.c. Caller xfs_trans_dqresv+0x236/0x440 [xfs] XFS (dm-0): Corruption detected. Unmount and run xfs_repair XFS (dm-0): Unmounting Filesystem be6bcbcc-9921-4deb-8d16-7cc94e335fa7 The system is stuck in unmount trying to lock a couple of inodes so that they can be purged. The dquot corruption notice above is a clue to what happened -- a link() call tried to set up a transaction to link a child into a directory. Quota reservation for the transaction failed after IO errors shut down the filesystem, but then we forgot to unlock the inodes on our way out. Fix that.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: unlock inodes when erroring out of xfs_trans_alloc_dir\n\nDebugging a filesystem patch with generic/475 caused the system to hang\nafter observing the following sequences in dmesg:\n\n XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x491520 len 32 error 5\n XFS (dm-0): metadata I/O error in "xfs_btree_read_buf_block+0xba/0x160 [xfs]" at daddr 0x3445608 len 8 error 5\n XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x138e1c0 len 32 error 5\n XFS (dm-0): log I/O error -5\n XFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ea/0x4b0 [xfs] (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem.\n XFS (dm-0): Please unmount the filesystem and rectify the problem(s)\n XFS (dm-0): Internal error dqp->q_ino.reserved < dqp->q_ino.count at line 869 of file fs/xfs/xfs_trans_dquot.c. Caller xfs_trans_dqresv+0x236/0x440 [xfs]\n XFS (dm-0): Corruption detected. Unmount and run xfs_repair\n XFS (dm-0): Unmounting Filesystem be6bcbcc-9921-4deb-8d16-7cc94e335fa7\n\nThe system is stuck in unmount trying to lock a couple of inodes so that\nthey can be purged. The dquot corruption notice above is a clue to what\nhappened -- a link() call tried to set up a transaction to link a child\ninto a directory. Quota reservation for the transaction failed after IO\nerrors shut down the filesystem, but then we forgot to unlock the inodes\non our way out. Fix that.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-55641 was patched at 2025-03-27, 2025-04-01
203. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56368) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix overflow in __rb_map_vma An overflow occurred when performing the following calculation: nr_pages = ((nr_subbufs + 1) << subbuf_order) - pgoff; Add a check before the calculation to avoid this problem. syzbot reported this as a slab-out-of-bounds in __rb_map_vma: BUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 Read of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836 CPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138 tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482 call_mmap include/linux/fs.h:2183 [inline] mmap_file mm/internal.h:124 [inline] __mmap_new_file_vma mm/vma.c:2291 [inline] __mmap_new_vma mm/vma.c:2355 [inline] __mmap_region+0x1786/0x2670 mm/vma.c:2456 mmap_region+0x127/0x320 mm/mmap.c:1348 do_mmap+0xc00/0xfc0 mm/mmap.c:496 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The reproducer for this bug is: ------------------------8<------------------------- #include <fcntl.h> #include <stdlib.h> #include <unistd.h> #include <asm/types.h> #include <sys/mman.h> int main(int argc, char **argv) { \tint page_size = getpagesize(); \tint fd; \tvoid *meta; \tsystem("echo 1 > /sys/kernel/tracing/buffer_size_kb"); \tfd = open("/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw", O_RDONLY); \tmeta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5); } ------------------------>8-------------------------', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix overflow in __rb_map_vma\n\nAn overflow occurred when performing the following calculation:\n\n nr_pages = ((nr_subbufs + 1) << subbuf_order) - pgoff;\n\nAdd a check before the calculation to avoid this problem.\n\nsyzbot reported this as a slab-out-of-bounds in __rb_map_vma:\n\nBUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\nRead of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836\n\nCPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\n ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138\n tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482\n call_mmap include/linux/fs.h:2183 [inline]\n mmap_file mm/internal.h:124 [inline]\n __mmap_new_file_vma mm/vma.c:2291 [inline]\n __mmap_new_vma mm/vma.c:2355 [inline]\n __mmap_region+0x1786/0x2670 mm/vma.c:2456\n mmap_region+0x127/0x320 mm/mmap.c:1348\n do_mmap+0xc00/0xfc0 mm/mmap.c:496\n vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580\n ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542\n __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]\n __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]\n __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe reproducer for this bug is:\n\n------------------------8<-------------------------\n #include <fcntl.h>\n #include <stdlib.h>\n #include <unistd.h>\n #include <asm/types.h>\n #include <sys/mman.h>\n\n int main(int argc, char **argv)\n {\n\tint page_size = getpagesize();\n\tint fd;\n\tvoid *meta;\n\n\tsystem("echo 1 > /sys/kernel/tracing/buffer_size_kb");\n\tfd = open("/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw", O_RDONLY);\n\n\tmeta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5);\n }\n------------------------>8-------------------------', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-56368 was patched at 2025-03-27, 2025-04-01
204. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56372) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: tun: fix tun_napi_alloc_frags() syzbot reported the following crash [1] Issue came with the blamed commit. Instead of going through all the iov components, we keep using the first one and end up with a malformed skb. [1] kernel BUG at net/core/skbuff.c:2849 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 6230 Comm: syz-executor132 Not tainted 6.13.0-rc1-syzkaller-00407-g96b6fcc0ee41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:__pskb_pull_tail+0x1568/0x1570 net/core/skbuff.c:2848 Code: 38 c1 0f 8c 32 f1 ff ff 4c 89 f7 e8 92 96 74 f8 e9 25 f1 ff ff e8 e8 ae 09 f8 48 8b 5c 24 08 e9 eb fb ff ff e8 d9 ae 09 f8 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90004cbef30 EFLAGS: 00010293 RAX: ffffffff8995c347 RBX: 00000000fffffff2 RCX: ffff88802cf45a00 RDX: 0000000000000000 RSI: 00000000fffffff2 RDI: 0000000000000000 RBP: ffff88807df0c06a R08: ffffffff8995b084 R09: 1ffff1100fbe185c R10: dffffc0000000000 R11: ffffed100fbe185d R12: ffff888076e85d50 R13: ffff888076e85c80 R14: ffff888076e85cf4 R15: ffff888076e85c80 FS: 00007f0dca6ea6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0dca6ead58 CR3: 00000000119da000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_cow_data+0x2da/0xcb0 net/core/skbuff.c:5284 tipc_aead_decrypt net/tipc/crypto.c:894 [inline] tipc_crypto_rcv+0x402/0x24e0 net/tipc/crypto.c:1844 tipc_rcv+0x57e/0x12a0 net/tipc/node.c:2109 tipc_l2_rcv_msg+0x2bd/0x450 net/tipc/bearer.c:668 __netif_receive_skb_list_ptype net/core/dev.c:5720 [inline] __netif_receive_skb_list_core+0x8b7/0x980 net/core/dev.c:5762 __netif_receive_skb_list net/core/dev.c:5814 [inline] netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:5905 gro_normal_list include/net/gro.h:515 [inline] napi_complete_done+0x2b5/0x870 net/core/dev.c:6256 napi_complete include/linux/netdevice.h:567 [inline] tun_get_user+0x2ea0/0x4890 drivers/net/tun.c:1982 tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2057 do_iter_readv_writev+0x600/0x880 vfs_writev+0x376/0xba0 fs/read_write.c:1050 do_writev+0x1b6/0x360 fs/read_write.c:1096 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: fix tun_napi_alloc_frags()\n\nsyzbot reported the following crash [1]\n\nIssue came with the blamed commit. Instead of going through\nall the iov components, we keep using the first one\nand end up with a malformed skb.\n\n[1]\n\nkernel BUG at net/core/skbuff.c:2849 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6230 Comm: syz-executor132 Not tainted 6.13.0-rc1-syzkaller-00407-g96b6fcc0ee41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__pskb_pull_tail+0x1568/0x1570 net/core/skbuff.c:2848\nCode: 38 c1 0f 8c 32 f1 ff ff 4c 89 f7 e8 92 96 74 f8 e9 25 f1 ff ff e8 e8 ae 09 f8 48 8b 5c 24 08 e9 eb fb ff ff e8 d9 ae 09 f8 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90\nRSP: 0018:ffffc90004cbef30 EFLAGS: 00010293\nRAX: ffffffff8995c347 RBX: 00000000fffffff2 RCX: ffff88802cf45a00\nRDX: 0000000000000000 RSI: 00000000fffffff2 RDI: 0000000000000000\nRBP: ffff88807df0c06a R08: ffffffff8995b084 R09: 1ffff1100fbe185c\nR10: dffffc0000000000 R11: ffffed100fbe185d R12: ffff888076e85d50\nR13: ffff888076e85c80 R14: ffff888076e85cf4 R15: ffff888076e85c80\nFS: 00007f0dca6ea6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0dca6ead58 CR3: 00000000119da000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n skb_cow_data+0x2da/0xcb0 net/core/skbuff.c:5284\n tipc_aead_decrypt net/tipc/crypto.c:894 [inline]\n tipc_crypto_rcv+0x402/0x24e0 net/tipc/crypto.c:1844\n tipc_rcv+0x57e/0x12a0 net/tipc/node.c:2109\n tipc_l2_rcv_msg+0x2bd/0x450 net/tipc/bearer.c:668\n __netif_receive_skb_list_ptype net/core/dev.c:5720 [inline]\n __netif_receive_skb_list_core+0x8b7/0x980 net/core/dev.c:5762\n __netif_receive_skb_list net/core/dev.c:5814 [inline]\n netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:5905\n gro_normal_list include/net/gro.h:515 [inline]\n napi_complete_done+0x2b5/0x870 net/core/dev.c:6256\n napi_complete include/linux/netdevice.h:567 [inline]\n tun_get_user+0x2ea0/0x4890 drivers/net/tun.c:1982\n tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2057\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_writev+0x1b6/0x360 fs/read_write.c:1096\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06259 |
ubuntu: CVE-2024-56372 was patched at 2025-03-27, 2025-04-01
205. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56550) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: s390/stacktrace: Use break instead of return statement arch_stack_walk_user_common() contains a return statement instead of a break statement in case store_ip() fails while trying to store a callchain entry of a user space process. This may lead to a missing pagefault_enable() call. If this happens any subsequent page fault of the process won't be resolved by the page fault handler and this in turn will lead to the process being killed. Use a break instead of a return statement to fix this.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/stacktrace: Use break instead of return statement\n\narch_stack_walk_user_common() contains a return statement instead of a\nbreak statement in case store_ip() fails while trying to store a callchain\nentry of a user space process.\nThis may lead to a missing pagefault_enable() call.\n\nIf this happens any subsequent page fault of the process won't be resolved\nby the page fault handler and this in turn will lead to the process being\nkilled.\n\nUse a break instead of a return statement to fix this.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00034, EPSS Percentile is 0.08526 |
ubuntu: CVE-2024-56550 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
206. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56552) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: fix race around suspend_pending Currently in some testcases we can trigger: xe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed! .... WARNING: CPU: 18 PID: 2640 at drivers/gpu/drm/xe/xe_guc_submit.c:1826 xe_guc_sched_done_handler+0xa54/0xef0 [xe] xe 0000:03:00.0: [drm] *ERROR* GT1: DEREGISTER_DONE: Unexpected engine state 0x00a1, guc_id=57 Looking at a snippet of corresponding ftrace for this GuC id we can see: 162.673311: xe_sched_msg_add: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3 162.673317: xe_sched_msg_recv: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3 162.673319: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0 162.674089: xe_exec_queue_kill: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0 162.674108: xe_exec_queue_close: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0 162.674488: xe_exec_queue_scheduling_done: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0 162.678452: xe_exec_queue_deregister: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa1, flags=0x0 It looks like we try to suspend the queue (opcode=3), setting suspend_pending and triggering a disable_scheduling. The user then closes the queue. However the close will also forcefully signal the suspend fence after killing the queue, later when the G2H response for disable_scheduling comes back we have now cleared suspend_pending when signalling the suspend fence, so the disable_scheduling now incorrectly tries to also deregister the queue. This leads to warnings since the queue has yet to even be marked for destruction. We also seem to trigger errors later with trying to double unregister the same queue. To fix this tweak the ordering when handling the response to ensure we don't race with a disable_scheduling that didn't actually intend to perform an unregister. The destruction path should now also correctly wait for any pending_disable before marking as destroyed. (cherry picked from commit f161809b362f027b6d72bd998e47f8f0bad60a2e)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc_submit: fix race around suspend_pending\n\nCurrently in some testcases we can trigger:\n\nxe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed!\n....\nWARNING: CPU: 18 PID: 2640 at drivers/gpu/drm/xe/xe_guc_submit.c:1826 xe_guc_sched_done_handler+0xa54/0xef0 [xe]\nxe 0000:03:00.0: [drm] *ERROR* GT1: DEREGISTER_DONE: Unexpected engine state 0x00a1, guc_id=57\n\nLooking at a snippet of corresponding ftrace for this GuC id we can see:\n\n162.673311: xe_sched_msg_add: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3\n162.673317: xe_sched_msg_recv: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3\n162.673319: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0\n162.674089: xe_exec_queue_kill: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0\n162.674108: xe_exec_queue_close: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0\n162.674488: xe_exec_queue_scheduling_done: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0\n162.678452: xe_exec_queue_deregister: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa1, flags=0x0\n\nIt looks like we try to suspend the queue (opcode=3), setting\nsuspend_pending and triggering a disable_scheduling. The user then\ncloses the queue. However the close will also forcefully signal the\nsuspend fence after killing the queue, later when the G2H response for\ndisable_scheduling comes back we have now cleared suspend_pending when\nsignalling the suspend fence, so the disable_scheduling now incorrectly\ntries to also deregister the queue. This leads to warnings since the queue\nhas yet to even be marked for destruction. We also seem to trigger\nerrors later with trying to double unregister the same queue.\n\nTo fix this tweak the ordering when handling the response to ensure we\ndon't race with a disable_scheduling that didn't actually intend to\nperform an unregister. The destruction path should now also correctly\nwait for any pending_disable before marking as destroyed.\n\n(cherry picked from commit f161809b362f027b6d72bd998e47f8f0bad60a2e)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00034, EPSS Percentile is 0.08526 |
ubuntu: CVE-2024-56552 was patched at 2025-03-27, 2025-04-01
207. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56559) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation When compiling kernel source 'make -j $(nproc)' with the up-and-running KASAN-enabled kernel on a 256-core machine, the following soft lockup is shown: watchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760] CPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95 Workqueue: events drain_vmap_area_work RIP: 0010:smp_call_function_many_cond+0x1d8/0xbb0 Code: 38 c8 7c 08 84 c9 0f 85 49 08 00 00 8b 45 08 a8 01 74 2e 48 89 f1 49 89 f7 48 c1 e9 03 41 83 e7 07 4c 01 e9 41 83 c7 03 f3 90 <0f> b6 01 41 38 c7 7c 08 84 c0 0f 85 d4 06 00 00 8b 45 08 a8 01 75 RSP: 0018:ffffc9000cb3fb60 EFLAGS: 00000202 RAX: 0000000000000011 RBX: ffff8883bc4469c0 RCX: ffffed10776e9949 RDX: 0000000000000002 RSI: ffff8883bb74ca48 RDI: ffffffff8434dc50 RBP: ffff8883bb74ca40 R08: ffff888103585dc0 R09: ffff8884533a1800 R10: 0000000000000004 R11: ffffffffffffffff R12: ffffed1077888d39 R13: dffffc0000000000 R14: ffffed1077888d38 R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff8883bc400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005577b5c8d158 CR3: 0000000004850000 CR4: 0000000000350ef0 Call Trace: <IRQ> ? watchdog_timer_fn+0x2cd/0x390 ? __pfx_watchdog_timer_fn+0x10/0x10 ? __hrtimer_run_queues+0x300/0x6d0 ? sched_clock_cpu+0x69/0x4e0 ? __pfx___hrtimer_run_queues+0x10/0x10 ? srso_return_thunk+0x5/0x5f ? ktime_get_update_offsets_now+0x7f/0x2a0 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? hrtimer_interrupt+0x2ca/0x760 ? __sysvec_apic_timer_interrupt+0x8c/0x2b0 ? sysvec_apic_timer_interrupt+0x6a/0x90 </IRQ> <TASK> ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? smp_call_function_many_cond+0x1d8/0xbb0 ? __pfx_do_kernel_range_flush+0x10/0x10 on_each_cpu_cond_mask+0x20/0x40 flush_tlb_kernel_range+0x19b/0x250 ? srso_return_thunk+0x5/0x5f ? kasan_release_vmalloc+0xa7/0xc0 purge_vmap_node+0x357/0x820 ? __pfx_purge_vmap_node+0x10/0x10 __purge_vmap_area_lazy+0x5b8/0xa10 drain_vmap_area_work+0x21/0x30 process_one_work+0x661/0x10b0 worker_thread+0x844/0x10e0 ? srso_return_thunk+0x5/0x5f ? __kthread_parkme+0x82/0x140 ? __pfx_worker_thread+0x10/0x10 kthread+0x2a5/0x370 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Debugging Analysis: 1. The following ftrace log shows that the lockup CPU spends too much time iterating vmap_nodes and flushing TLB when purging vm_area structures. (Some info is trimmed). kworker: funcgraph_entry: | drain_vmap_area_work() { kworker: funcgraph_entry: | mutex_lock() { kworker: funcgraph_entry: 1.092 us | __cond_resched(); kworker: funcgraph_exit: 3.306 us | } ... ... kworker: funcgraph_entry: | flush_tlb_kernel_range() { ... ... kworker: funcgraph_exit: # 7533.649 us | } ... ... kworker: funcgraph_entry: 2.344 us | mutex_unlock(); kworker: funcgraph_exit: $ 23871554 us | } The drain_vmap_area_work() spends over 23 seconds. There are 2805 flush_tlb_kernel_range() calls in the ftrace log. * One is called in __purge_vmap_area_lazy(). * Others are called by purge_vmap_node->kasan_release_vmalloc. purge_vmap_node() iteratively releases kasan vmalloc allocations and flushes TLB for each vmap_area. - [Rough calculation] Each flush_tlb_kernel_range() runs about 7.5ms. -- 2804 * 7.5ms = 21.03 seconds. -- That's why a soft lock is triggered. 2. Extending the soft lockup time can work around the issue (For example, # echo ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation\n\nWhen compiling kernel source 'make -j $(nproc)' with the up-and-running\nKASAN-enabled kernel on a 256-core machine, the following soft lockup is\nshown:\n\nwatchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760]\nCPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95\nWorkqueue: events drain_vmap_area_work\nRIP: 0010:smp_call_function_many_cond+0x1d8/0xbb0\nCode: 38 c8 7c 08 84 c9 0f 85 49 08 00 00 8b 45 08 a8 01 74 2e 48 89 f1 49 89 f7 48 c1 e9 03 41 83 e7 07 4c 01 e9 41 83 c7 03 f3 90 <0f> b6 01 41 38 c7 7c 08 84 c0 0f 85 d4 06 00 00 8b 45 08 a8 01 75\nRSP: 0018:ffffc9000cb3fb60 EFLAGS: 00000202\nRAX: 0000000000000011 RBX: ffff8883bc4469c0 RCX: ffffed10776e9949\nRDX: 0000000000000002 RSI: ffff8883bb74ca48 RDI: ffffffff8434dc50\nRBP: ffff8883bb74ca40 R08: ffff888103585dc0 R09: ffff8884533a1800\nR10: 0000000000000004 R11: ffffffffffffffff R12: ffffed1077888d39\nR13: dffffc0000000000 R14: ffffed1077888d38 R15: 0000000000000003\nFS: 0000000000000000(0000) GS:ffff8883bc400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005577b5c8d158 CR3: 0000000004850000 CR4: 0000000000350ef0\nCall Trace:\n <IRQ>\n ? watchdog_timer_fn+0x2cd/0x390\n ? __pfx_watchdog_timer_fn+0x10/0x10\n ? __hrtimer_run_queues+0x300/0x6d0\n ? sched_clock_cpu+0x69/0x4e0\n ? __pfx___hrtimer_run_queues+0x10/0x10\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get_update_offsets_now+0x7f/0x2a0\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? hrtimer_interrupt+0x2ca/0x760\n ? __sysvec_apic_timer_interrupt+0x8c/0x2b0\n ? sysvec_apic_timer_interrupt+0x6a/0x90\n </IRQ>\n <TASK>\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? smp_call_function_many_cond+0x1d8/0xbb0\n ? __pfx_do_kernel_range_flush+0x10/0x10\n on_each_cpu_cond_mask+0x20/0x40\n flush_tlb_kernel_range+0x19b/0x250\n ? srso_return_thunk+0x5/0x5f\n ? kasan_release_vmalloc+0xa7/0xc0\n purge_vmap_node+0x357/0x820\n ? __pfx_purge_vmap_node+0x10/0x10\n __purge_vmap_area_lazy+0x5b8/0xa10\n drain_vmap_area_work+0x21/0x30\n process_one_work+0x661/0x10b0\n worker_thread+0x844/0x10e0\n ? srso_return_thunk+0x5/0x5f\n ? __kthread_parkme+0x82/0x140\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x2a5/0x370\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nDebugging Analysis:\n\n 1. The following ftrace log shows that the lockup CPU spends too much\n time iterating vmap_nodes and flushing TLB when purging vm_area\n structures. (Some info is trimmed).\n\n kworker: funcgraph_entry: | drain_vmap_area_work() {\n kworker: funcgraph_entry: | mutex_lock() {\n kworker: funcgraph_entry: 1.092 us | __cond_resched();\n kworker: funcgraph_exit: 3.306 us | }\n ... ...\n kworker: funcgraph_entry: | flush_tlb_kernel_range() {\n ... ...\n kworker: funcgraph_exit: # 7533.649 us | }\n ... ...\n kworker: funcgraph_entry: 2.344 us | mutex_unlock();\n kworker: funcgraph_exit: $ 23871554 us | }\n\n The drain_vmap_area_work() spends over 23 seconds.\n\n There are 2805 flush_tlb_kernel_range() calls in the ftrace log.\n * One is called in __purge_vmap_area_lazy().\n * Others are called by purge_vmap_node->kasan_release_vmalloc.\n purge_vmap_node() iteratively releases kasan vmalloc\n allocations and flushes TLB for each vmap_area.\n - [Rough calculation] Each flush_tlb_kernel_range() runs\n about 7.5ms.\n -- 2804 * 7.5ms = 21.03 seconds.\n -- That's why a soft lock is triggered.\n\n 2. Extending the soft lockup time can work around the issue (For example,\n # echo\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00034, EPSS Percentile is 0.08526 |
ubuntu: CVE-2024-56559 was patched at 2025-03-27, 2025-04-01
208. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56563) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix cred leak in ceph_mds_check_access()\n\nget_current_cred() increments the reference counter, but the\nput_cred() call was missing.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00034, EPSS Percentile is 0.08526 |
ubuntu: CVE-2024-56563 was patched at 2025-03-27, 2025-04-01
209. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56564) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match() This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer. As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nceph: pass cred pointer to ceph_mds_auth_match()\n\nThis eliminates a redundant get_current_cred() call, because\nceph_mds_check_access() has already obtained this pointer.\n\nAs a side effect, this also fixes a reference leak in\nceph_mds_auth_match(): by omitting the get_current_cred() call, no\nadditional cred reference is taken.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00034, EPSS Percentile is 0.08526 |
ubuntu: CVE-2024-56564 was patched at 2025-03-27, 2025-04-01
210. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56573) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nefi/libstub: Free correct pointer on failure\n\ncmdline_ptr is an out parameter, which is not allocated by the function\nitself, and likely points into the caller's stack.\n\ncmdline refers to the pool allocation that should be freed when cleaning\nup after a failure, so pass this instead to free_pool().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.10967 |
ubuntu: CVE-2024-56573 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
211. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56607) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() When I try to manually set bitrates: iw wlan0 set bitrates legacy-2.4 1 I get sleeping from invalid context error, see below. Fix that by switching to use recently introduced ieee80211_iterate_stations_mtx(). Do note that WCN6855 firmware is still crashing, I'm not sure if that firmware even supports bitrate WMI commands and should we consider disabling ath12k_mac_op_set_bitrate_mask() for WCN6855? But that's for another patch. BUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath12k/wmi.c:420 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 2236, name: iw preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 3 locks held by iw/2236: #0: ffffffffabc6f1d8 (cb_lock){++++}-{3:3}, at: genl_rcv+0x14/0x40 #1: ffff888138410810 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_pre_doit+0x54d/0x800 [cfg80211] #2: ffffffffab2cfaa0 (rcu_read_lock){....}-{1:2}, at: ieee80211_iterate_stations_atomic+0x2f/0x200 [mac80211] CPU: 3 UID: 0 PID: 2236 Comm: iw Not tainted 6.11.0-rc7-wt-ath+ #1772 Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 Call Trace: <TASK> dump_stack_lvl+0xa4/0xe0 dump_stack+0x10/0x20 __might_resched+0x363/0x5a0 ? __alloc_skb+0x165/0x340 __might_sleep+0xad/0x160 ath12k_wmi_cmd_send+0xb1/0x3d0 [ath12k] ? ath12k_wmi_init_wcn7850+0xa40/0xa40 [ath12k] ? __netdev_alloc_skb+0x45/0x7b0 ? __asan_memset+0x39/0x40 ? ath12k_wmi_alloc_skb+0xf0/0x150 [ath12k] ? reacquire_held_locks+0x4d0/0x4d0 ath12k_wmi_set_peer_param+0x340/0x5b0 [ath12k] ath12k_mac_disable_peer_fixed_rate+0xa3/0x110 [ath12k] ? ath12k_mac_vdev_stop+0x4f0/0x4f0 [ath12k] ieee80211_iterate_stations_atomic+0xd4/0x200 [mac80211] ath12k_mac_op_set_bitrate_mask+0x5d2/0x1080 [ath12k] ? ath12k_mac_vif_chan+0x320/0x320 [ath12k] drv_set_bitrate_mask+0x267/0x470 [mac80211] ieee80211_set_bitrate_mask+0x4cc/0x8a0 [mac80211] ? __this_cpu_preempt_check+0x13/0x20 nl80211_set_tx_bitrate_mask+0x2bc/0x530 [cfg80211] ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211] ? trace_contention_end+0xef/0x140 ? rtnl_unlock+0x9/0x10 ? nl80211_pre_doit+0x557/0x800 [cfg80211] genl_family_rcv_msg_doit+0x1f0/0x2e0 ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 ? ns_capable+0x57/0xd0 genl_family_rcv_msg+0x34c/0x600 ? genl_family_rcv_msg_dumpit+0x310/0x310 ? __lock_acquire+0xc62/0x1de0 ? he_set_mcs_mask.isra.0+0x8d0/0x8d0 [cfg80211] ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211] ? cfg80211_external_auth_request+0x690/0x690 [cfg80211] genl_rcv_msg+0xa0/0x130 netlink_rcv_skb+0x14c/0x400 ? genl_family_rcv_msg+0x600/0x600 ? netlink_ack+0xd70/0xd70 ? rwsem_optimistic_spin+0x4f0/0x4f0 ? genl_rcv+0x14/0x40 ? down_read_killable+0x580/0x580 ? netlink_deliver_tap+0x13e/0x350 ? __this_cpu_preempt_check+0x13/0x20 genl_rcv+0x23/0x40 netlink_unicast+0x45e/0x790 ? netlink_attachskb+0x7f0/0x7f0 netlink_sendmsg+0x7eb/0xdb0 ? netlink_unicast+0x790/0x790 ? __this_cpu_preempt_check+0x13/0x20 ? selinux_socket_sendmsg+0x31/0x40 ? netlink_unicast+0x790/0x790 __sock_sendmsg+0xc9/0x160 ____sys_sendmsg+0x620/0x990 ? kernel_sendmsg+0x30/0x30 ? __copy_msghdr+0x410/0x410 ? __kasan_check_read+0x11/0x20 ? mark_lock+0xe6/0x1470 ___sys_sendmsg+0xe9/0x170 ? copy_msghdr_from_user+0x120/0x120 ? __lock_acquire+0xc62/0x1de0 ? do_fault_around+0x2c6/0x4e0 ? do_user_addr_fault+0x8c1/0xde0 ? reacquire_held_locks+0x220/0x4d0 ? do_user_addr_fault+0x8c1/0xde0 ? __kasan_check_read+0x11/0x20 ? __fdget+0x4e/0x1d0 ? sockfd_lookup_light+0x1a/0x170 __sys_sendmsg+0xd2/0x180 ? __sys_sendmsg_sock+0x20/0x20 ? reacquire_held_locks+0x4d0/0x4d0 ? debug_smp_processor_id+0x17/0x20 __x64_sys_sendmsg+0x72/0xb0 ? lockdep_hardirqs_on+0x7d/0x100 x64_sys_call+0x894/0x9f0 do_syscall_64+0x64/0x130 entry_SYSCALL_64_after_ ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()\n\nWhen I try to manually set bitrates:\n\niw wlan0 set bitrates legacy-2.4 1\n\nI get sleeping from invalid context error, see below. Fix that by switching to\nuse recently introduced ieee80211_iterate_stations_mtx().\n\nDo note that WCN6855 firmware is still crashing, I'm not sure if that firmware\neven supports bitrate WMI commands and should we consider disabling\nath12k_mac_op_set_bitrate_mask() for WCN6855? But that's for another patch.\n\nBUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath12k/wmi.c:420\nin_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 2236, name: iw\npreempt_count: 0, expected: 0\nRCU nest depth: 1, expected: 0\n3 locks held by iw/2236:\n #0: ffffffffabc6f1d8 (cb_lock){++++}-{3:3}, at: genl_rcv+0x14/0x40\n #1: ffff888138410810 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_pre_doit+0x54d/0x800 [cfg80211]\n #2: ffffffffab2cfaa0 (rcu_read_lock){....}-{1:2}, at: ieee80211_iterate_stations_atomic+0x2f/0x200 [mac80211]\nCPU: 3 UID: 0 PID: 2236 Comm: iw Not tainted 6.11.0-rc7-wt-ath+ #1772\nHardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021\nCall Trace:\n <TASK>\n dump_stack_lvl+0xa4/0xe0\n dump_stack+0x10/0x20\n __might_resched+0x363/0x5a0\n ? __alloc_skb+0x165/0x340\n __might_sleep+0xad/0x160\n ath12k_wmi_cmd_send+0xb1/0x3d0 [ath12k]\n ? ath12k_wmi_init_wcn7850+0xa40/0xa40 [ath12k]\n ? __netdev_alloc_skb+0x45/0x7b0\n ? __asan_memset+0x39/0x40\n ? ath12k_wmi_alloc_skb+0xf0/0x150 [ath12k]\n ? reacquire_held_locks+0x4d0/0x4d0\n ath12k_wmi_set_peer_param+0x340/0x5b0 [ath12k]\n ath12k_mac_disable_peer_fixed_rate+0xa3/0x110 [ath12k]\n ? ath12k_mac_vdev_stop+0x4f0/0x4f0 [ath12k]\n ieee80211_iterate_stations_atomic+0xd4/0x200 [mac80211]\n ath12k_mac_op_set_bitrate_mask+0x5d2/0x1080 [ath12k]\n ? ath12k_mac_vif_chan+0x320/0x320 [ath12k]\n drv_set_bitrate_mask+0x267/0x470 [mac80211]\n ieee80211_set_bitrate_mask+0x4cc/0x8a0 [mac80211]\n ? __this_cpu_preempt_check+0x13/0x20\n nl80211_set_tx_bitrate_mask+0x2bc/0x530 [cfg80211]\n ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211]\n ? trace_contention_end+0xef/0x140\n ? rtnl_unlock+0x9/0x10\n ? nl80211_pre_doit+0x557/0x800 [cfg80211]\n genl_family_rcv_msg_doit+0x1f0/0x2e0\n ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250\n ? ns_capable+0x57/0xd0\n genl_family_rcv_msg+0x34c/0x600\n ? genl_family_rcv_msg_dumpit+0x310/0x310\n ? __lock_acquire+0xc62/0x1de0\n ? he_set_mcs_mask.isra.0+0x8d0/0x8d0 [cfg80211]\n ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211]\n ? cfg80211_external_auth_request+0x690/0x690 [cfg80211]\n genl_rcv_msg+0xa0/0x130\n netlink_rcv_skb+0x14c/0x400\n ? genl_family_rcv_msg+0x600/0x600\n ? netlink_ack+0xd70/0xd70\n ? rwsem_optimistic_spin+0x4f0/0x4f0\n ? genl_rcv+0x14/0x40\n ? down_read_killable+0x580/0x580\n ? netlink_deliver_tap+0x13e/0x350\n ? __this_cpu_preempt_check+0x13/0x20\n genl_rcv+0x23/0x40\n netlink_unicast+0x45e/0x790\n ? netlink_attachskb+0x7f0/0x7f0\n netlink_sendmsg+0x7eb/0xdb0\n ? netlink_unicast+0x790/0x790\n ? __this_cpu_preempt_check+0x13/0x20\n ? selinux_socket_sendmsg+0x31/0x40\n ? netlink_unicast+0x790/0x790\n __sock_sendmsg+0xc9/0x160\n ____sys_sendmsg+0x620/0x990\n ? kernel_sendmsg+0x30/0x30\n ? __copy_msghdr+0x410/0x410\n ? __kasan_check_read+0x11/0x20\n ? mark_lock+0xe6/0x1470\n ___sys_sendmsg+0xe9/0x170\n ? copy_msghdr_from_user+0x120/0x120\n ? __lock_acquire+0xc62/0x1de0\n ? do_fault_around+0x2c6/0x4e0\n ? do_user_addr_fault+0x8c1/0xde0\n ? reacquire_held_locks+0x220/0x4d0\n ? do_user_addr_fault+0x8c1/0xde0\n ? __kasan_check_read+0x11/0x20\n ? __fdget+0x4e/0x1d0\n ? sockfd_lookup_light+0x1a/0x170\n __sys_sendmsg+0xd2/0x180\n ? __sys_sendmsg_sock+0x20/0x20\n ? reacquire_held_locks+0x4d0/0x4d0\n ? debug_smp_processor_id+0x17/0x20\n __x64_sys_sendmsg+0x72/0xb0\n ? lockdep_hardirqs_on+0x7d/0x100\n x64_sys_call+0x894/0x9f0\n do_syscall_64+0x64/0x130\n entry_SYSCALL_64_after_\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.10967 |
ubuntu: CVE-2024-56607 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
212. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56624) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix out_fput in iommufd_fault_alloc() As fput() calls the file->f_op->release op, where fault obj and ictx are getting released, there is no need to release these two after fput() one more time, which would result in imbalanced refcounts: refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 48 PID: 2369 at lib/refcount.c:31 refcount_warn_saturate+0x60/0x230 Call trace: refcount_warn_saturate+0x60/0x230 (P) refcount_warn_saturate+0x60/0x230 (L) iommufd_fault_fops_release+0x9c/0xe0 [iommufd] ... VFS: Close: file count is 0 (f_op=iommufd_fops [iommufd]) WARNING: CPU: 48 PID: 2369 at fs/open.c:1507 filp_flush+0x3c/0xf0 Call trace: filp_flush+0x3c/0xf0 (P) filp_flush+0x3c/0xf0 (L) __arm64_sys_close+0x34/0x98 ... imbalanced put on file reference count WARNING: CPU: 48 PID: 2369 at fs/file.c:74 __file_ref_put+0x100/0x138 Call trace: __file_ref_put+0x100/0x138 (P) __file_ref_put+0x100/0x138 (L) __fput_sync+0x4c/0xd0 Drop those two lines to fix the warnings above.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Fix out_fput in iommufd_fault_alloc()\n\nAs fput() calls the file->f_op->release op, where fault obj and ictx are\ngetting released, there is no need to release these two after fput() one\nmore time, which would result in imbalanced refcounts:\n refcount_t: decrement hit 0; leaking memory.\n WARNING: CPU: 48 PID: 2369 at lib/refcount.c:31 refcount_warn_saturate+0x60/0x230\n Call trace:\n refcount_warn_saturate+0x60/0x230 (P)\n refcount_warn_saturate+0x60/0x230 (L)\n iommufd_fault_fops_release+0x9c/0xe0 [iommufd]\n ...\n VFS: Close: file count is 0 (f_op=iommufd_fops [iommufd])\n WARNING: CPU: 48 PID: 2369 at fs/open.c:1507 filp_flush+0x3c/0xf0\n Call trace:\n filp_flush+0x3c/0xf0 (P)\n filp_flush+0x3c/0xf0 (L)\n __arm64_sys_close+0x34/0x98\n ...\n imbalanced put on file reference count\n WARNING: CPU: 48 PID: 2369 at fs/file.c:74 __file_ref_put+0x100/0x138\n Call trace:\n __file_ref_put+0x100/0x138 (P)\n __file_ref_put+0x100/0x138 (L)\n __fput_sync+0x4c/0xd0\n\nDrop those two lines to fix the warnings above.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00034, EPSS Percentile is 0.08526 |
ubuntu: CVE-2024-56624 was patched at 2025-03-27, 2025-04-01
213. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56638) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: incorrect percpu area handling under softirq Softirq can interrupt ongoing packet from process context that is walking over the percpu area that contains inner header offsets. Disable bh and perform three checks before restoring the percpu inner header offsets to validate that the percpu area is valid for this skbuff: 1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff has already been parsed before for inner header fetching to register. 2) Validate that the percpu area refers to this skbuff using the skbuff pointer as a cookie. If there is a cookie mismatch, then this skbuff needs to be parsed again. 3) Finally, validate if the percpu area refers to this tunnel type. Only after these three checks the percpu area is restored to a on-stack copy and bh is enabled again. After inner header fetching, the on-stack copy is stored back to the percpu area.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.10967 |
ubuntu: CVE-2024-56638 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
214. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56639) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: hsr: must allocate more bytes for RedBox support Blamed commit forgot to change hsr_init_skb() to allocate larger skb for RedBox case. Indeed, send_hsr_supervision_frame() will add two additional components (struct hsr_sup_tlv and struct hsr_sup_payload) syzbot reported the following crash: skbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206 Code: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c RSP: 0018:ffffc90000858ab8 EFLAGS: 00010282 RAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69 RDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005 RBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a R13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140 FS: 000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> skb_over_panic net/core/skbuff.c:211 [inline] skb_put+0x174/0x1b0 net/core/skbuff.c:2617 send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342 hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794 expire_timers kernel/time/timer.c:1845 [inline] __run_timers+0x6e8/0x930 kernel/time/timer.c:2419 __run_timer_base kernel/time/timer.c:2430 [inline] __run_timer_base kernel/time/timer.c:2423 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2439 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 </IRQ>', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: must allocate more bytes for RedBox support\n\nBlamed commit forgot to change hsr_init_skb() to allocate\nlarger skb for RedBox case.\n\nIndeed, send_hsr_supervision_frame() will add\ntwo additional components (struct hsr_sup_tlv\nand struct hsr_sup_payload)\n\nsyzbot reported the following crash:\nskbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206\nCode: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c\nRSP: 0018:ffffc90000858ab8 EFLAGS: 00010282\nRAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69\nRDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005\nRBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a\nR13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140\nFS: 000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <IRQ>\n skb_over_panic net/core/skbuff.c:211 [inline]\n skb_put+0x174/0x1b0 net/core/skbuff.c:2617\n send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342\n hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436\n call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794\n expire_timers kernel/time/timer.c:1845 [inline]\n __run_timers+0x6e8/0x930 kernel/time/timer.c:2419\n __run_timer_base kernel/time/timer.c:2430 [inline]\n __run_timer_base kernel/time/timer.c:2423 [inline]\n run_timer_base+0x111/0x190 kernel/time/timer.c:2439\n run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:554\n __do_softirq kernel/softirq.c:588 [inline]\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu kernel/softirq.c:637 [inline]\n irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049\n </IRQ>', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00034, EPSS Percentile is 0.08526 |
ubuntu: CVE-2024-56639 was patched at 2025-03-27, 2025-04-01
215. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56713) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: fix nsim_pp_hold_write() nsim_pp_hold_write() has two problems: 1) It may return with rtnl held, as found by syzbot. 2) Its return value does not propagate an error if any.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netdevsim: fix nsim_pp_hold_write()\n\nnsim_pp_hold_write() has two problems:\n\n1) It may return with rtnl held, as found by syzbot.\n\n2) Its return value does not propagate an error if any.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-56713 was patched at 2025-03-27, 2025-04-01
216. Unknown Vulnerability Type - Linux Kernel (CVE-2024-56714) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ionic: no double destroy workqueue There are some FW error handling paths that can cause us to try to destroy the workqueue more than once, so let's be sure we're checking for that. The case where this popped up was in an AER event where the handlers got called in such a way that ionic_reset_prepare() and thus ionic_dev_teardown() got called twice in a row. The second time through the workqueue was already destroyed, and destroy_workqueue() choked on the bad wq pointer. We didn't hit this in AER handler testing before because at that time we weren't using a private workqueue. Later we replaced the use of the system workqueue with our own private workqueue but hadn't rerun the AER handler testing since then.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nionic: no double destroy workqueue\n\nThere are some FW error handling paths that can cause us to\ntry to destroy the workqueue more than once, so let's be sure\nwe're checking for that.\n\nThe case where this popped up was in an AER event where the\nhandlers got called in such a way that ionic_reset_prepare()\nand thus ionic_dev_teardown() got called twice in a row.\nThe second time through the workqueue was already destroyed,\nand destroy_workqueue() choked on the bad wq pointer.\n\nWe didn't hit this in AER handler testing before because at\nthat time we weren't using a private workqueue. Later we\nreplaced the use of the system workqueue with our own private\nworkqueue but hadn't rerun the AER handler testing since then.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-56714 was patched at 2025-03-27, 2025-04-01
217. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57793) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. Leak the decrypted memory when set_memory_decrypted() fails, and don't need to print an error since set_memory_decrypted() will call WARN_ONCE().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirt: tdx-guest: Just leak decrypted memory on unrecoverable errors\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_decrypted() to fail such that an error is returned\nand the resulting memory is shared. Callers need to take care\nto handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional\nor security issues.\n\nLeak the decrypted memory when set_memory_decrypted() fails,\nand don't need to print an error since set_memory_decrypted()\nwill call WARN_ONCE().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57793 was patched at 2025-03-27, 2025-04-01
218. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57805) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP The linkDMA should not be released on stop trigger since a stream re-start might happen without closing of the stream. This leaves a short time for other streams to 'steal' the linkDMA since it has been released. This issue is not easy to reproduce under normal conditions as usually after stop the stream is closed, or the same stream is restarted, but if another stream got in between the stop and start, like this: aplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120 CTRL+z aplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120 then the link DMA channels will be mixed up, resulting firmware error or crash.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP\n\nThe linkDMA should not be released on stop trigger since a stream re-start\nmight happen without closing of the stream. This leaves a short time for\nother streams to 'steal' the linkDMA since it has been released.\n\nThis issue is not easy to reproduce under normal conditions as usually\nafter stop the stream is closed, or the same stream is restarted, but if\nanother stream got in between the stop and start, like this:\naplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120\nCTRL+z\naplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120\n\nthen the link DMA channels will be mixed up, resulting firmware error or\ncrash.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57805 was patched at 2025-03-27, 2025-04-01
219. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57806) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction atomicity bug when enabling simple quotas Set squota incompat bit before committing the transaction that enables the feature. With the config CONFIG_BTRFS_ASSERT enabled, an assertion failure occurs regarding the simple quota feature. [5.596534] assertion failed: btrfs_fs_incompat(fs_info, SIMPLE_QUOTA), in fs/btrfs/qgroup.c:365 [5.597098] ------------[ cut here ]------------ [5.597371] kernel BUG at fs/btrfs/qgroup.c:365! [5.597946] CPU: 1 UID: 0 PID: 268 Comm: mount Not tainted 6.13.0-rc2-00031-gf92f4749861b #146 [5.598450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [5.599008] RIP: 0010:btrfs_read_qgroup_config+0x74d/0x7a0 [5.604303] <TASK> [5.605230] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.605538] ? exc_invalid_op+0x56/0x70 [5.605775] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.606066] ? asm_exc_invalid_op+0x1f/0x30 [5.606441] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.606741] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.607038] ? try_to_wake_up+0x317/0x760 [5.607286] open_ctree+0xd9c/0x1710 [5.607509] btrfs_get_tree+0x58a/0x7e0 [5.608002] vfs_get_tree+0x2e/0x100 [5.608224] fc_mount+0x16/0x60 [5.608420] btrfs_get_tree+0x2f8/0x7e0 [5.608897] vfs_get_tree+0x2e/0x100 [5.609121] path_mount+0x4c8/0xbc0 [5.609538] __x64_sys_mount+0x10d/0x150 The issue can be easily reproduced using the following reproducer: root@q:linux# cat repro.sh set -e mkfs.btrfs -q -f /dev/sdb mount /dev/sdb /mnt/btrfs btrfs quota enable -s /mnt/btrfs umount /mnt/btrfs mount /dev/sdb /mnt/btrfs The issue is that when enabling quotas, at btrfs_quota_enable(), we set BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE at fs_info->qgroup_flags and persist it in the quota root in the item with the key BTRFS_QGROUP_STATUS_KEY, but we only set the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA after we commit the transaction used to enable simple quotas. This means that if after that transaction commit we unmount the filesystem without starting and committing any other transaction, or we have a power failure, the next time we mount the filesystem we will find the flag BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE set in the item with the key BTRFS_QGROUP_STATUS_KEY but we will not find the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA set in the superblock, triggering an assertion failure at: btrfs_read_qgroup_config() -> qgroup_read_enable_gen() To fix this issue, set the BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA flag immediately after setting the BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE. This ensures that both flags are flushed to disk within the same transaction.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix transaction atomicity bug when enabling simple quotas\n\nSet squota incompat bit before committing the transaction that enables\nthe feature.\n\nWith the config CONFIG_BTRFS_ASSERT enabled, an assertion\nfailure occurs regarding the simple quota feature.\n\n [5.596534] assertion failed: btrfs_fs_incompat(fs_info, SIMPLE_QUOTA), in fs/btrfs/qgroup.c:365\n [5.597098] ------------[ cut here ]------------\n [5.597371] kernel BUG at fs/btrfs/qgroup.c:365!\n [5.597946] CPU: 1 UID: 0 PID: 268 Comm: mount Not tainted 6.13.0-rc2-00031-gf92f4749861b #146\n [5.598450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n [5.599008] RIP: 0010:btrfs_read_qgroup_config+0x74d/0x7a0\n [5.604303] <TASK>\n [5.605230] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.605538] ? exc_invalid_op+0x56/0x70\n [5.605775] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.606066] ? asm_exc_invalid_op+0x1f/0x30\n [5.606441] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.606741] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.607038] ? try_to_wake_up+0x317/0x760\n [5.607286] open_ctree+0xd9c/0x1710\n [5.607509] btrfs_get_tree+0x58a/0x7e0\n [5.608002] vfs_get_tree+0x2e/0x100\n [5.608224] fc_mount+0x16/0x60\n [5.608420] btrfs_get_tree+0x2f8/0x7e0\n [5.608897] vfs_get_tree+0x2e/0x100\n [5.609121] path_mount+0x4c8/0xbc0\n [5.609538] __x64_sys_mount+0x10d/0x150\n\nThe issue can be easily reproduced using the following reproducer:\n\n root@q:linux# cat repro.sh\n set -e\n\n mkfs.btrfs -q -f /dev/sdb\n mount /dev/sdb /mnt/btrfs\n btrfs quota enable -s /mnt/btrfs\n umount /mnt/btrfs\n mount /dev/sdb /mnt/btrfs\n\nThe issue is that when enabling quotas, at btrfs_quota_enable(), we set\nBTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE at fs_info->qgroup_flags and persist\nit in the quota root in the item with the key BTRFS_QGROUP_STATUS_KEY, but\nwe only set the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA after we\ncommit the transaction used to enable simple quotas.\n\nThis means that if after that transaction commit we unmount the filesystem\nwithout starting and committing any other transaction, or we have a power\nfailure, the next time we mount the filesystem we will find the flag\nBTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE set in the item with the key\nBTRFS_QGROUP_STATUS_KEY but we will not find the incompat bit\nBTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA set in the superblock, triggering an\nassertion failure at:\n\n btrfs_read_qgroup_config() -> qgroup_read_enable_gen()\n\nTo fix this issue, set the BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA flag\nimmediately after setting the BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE.\nThis ensures that both flags are flushed to disk within the same\ntransaction.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57806 was patched at 2025-03-27, 2025-04-01
220. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57839) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used with NFS in readahead code. The problem has been bisected to 7c877586da3 ("readahead: properly shorten readahead when falling back to do_page_cache_ra()"). The cause of the problem is that ra->size can be shrunk by read_pages() call and subsequently we end up calling do_page_cache_ra() with negative (read huge positive) number of pages. Let's revert 7c877586da3 for now until we can find a proper way how the logic in read_pages() and page_cache_ra_order() can coexist. This can lead to reduced readahead throughput due to readahead window confusion but that's better than outright hangs.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"\n\nThis reverts commit 7c877586da3178974a8a94577b6045a48377ff25.\n\nAnders and Philippe have reported that recent kernels occasionally hang\nwhen used with NFS in readahead code. The problem has been bisected to\n7c877586da3 ("readahead: properly shorten readahead when falling back to\ndo_page_cache_ra()"). The cause of the problem is that ra->size can be\nshrunk by read_pages() call and subsequently we end up calling\ndo_page_cache_ra() with negative (read huge positive) number of pages. \nLet's revert 7c877586da3 for now until we can find a proper way how the\nlogic in read_pages() and page_cache_ra_order() can coexist. This can\nlead to reduced readahead throughput due to readahead window confusion but\nthat's better than outright hangs.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57839 was patched at 2025-03-27, 2025-04-01
221. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57879) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be released with hci_dev_put at the end of iso_listen_bis even if the function returns with an error.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: iso: Always release hdev at the end of iso_listen_bis\n\nSince hci_get_route holds the device before returning, the hdev\nshould be released with hci_dev_put at the end of iso_listen_bis\neven if the function returns with an error.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57879 was patched at 2025-03-27, 2025-04-01
222. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57880) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array The code uses the initialised member of the asoc_sdw_dailink struct to determine if a member of the array is in use. However in the case the array is completely full this will lead to an access 1 past the end of the array, expand the array by one entry to include a space for a terminator.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof_sdw: Add space for a terminator into DAIs array\n\nThe code uses the initialised member of the asoc_sdw_dailink struct to\ndetermine if a member of the array is in use. However in the case the\narray is completely full this will lead to an access 1 past the end of\nthe array, expand the array by one entry to include a space for a\nterminator.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57880 was patched at 2025-03-27, 2025-04-01
223. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57885) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is printed under specific conditions: - CONFIG_PREEMPT_RT=y - Set SELinux as the LSM for the system - Set kptr_restrict to 1 - kmemleak buffer contains at least one item BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 136, name: cat preempt_count: 1, expected: 0 RCU nest depth: 2, expected: 2 6 locks held by cat/136: #0: ffff32e64bcbf950 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb8/0xe30 #1: ffffafe6aaa9dea0 (scan_mutex){+.+.}-{3:3}, at: kmemleak_seq_start+0x34/0x128 #3: ffff32e6546b1cd0 (&object->lock){....}-{2:2}, at: kmemleak_seq_show+0x3c/0x1e0 #4: ffffafe6aa8d8560 (rcu_read_lock){....}-{1:2}, at: has_ns_capability_noaudit+0x8/0x1b0 #5: ffffafe6aabbc0f8 (notif_lock){+.+.}-{2:2}, at: avc_compute_av+0xc4/0x3d0 irq event stamp: 136660 hardirqs last enabled at (136659): [<ffffafe6a80fd7a0>] _raw_spin_unlock_irqrestore+0xa8/0xd8 hardirqs last disabled at (136660): [<ffffafe6a80fd85c>] _raw_spin_lock_irqsave+0x8c/0xb0 softirqs last enabled at (0): [<ffffafe6a5d50b28>] copy_process+0x11d8/0x3df8 softirqs last disabled at (0): [<0000000000000000>] 0x0 Preemption disabled at: [<ffffafe6a6598a4c>] kmemleak_seq_show+0x3c/0x1e0 CPU: 1 UID: 0 PID: 136 Comm: cat Tainted: G E 6.11.0-rt7+ #34 Tainted: [E]=UNSIGNED_MODULE Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0xa0/0x128 show_stack+0x1c/0x30 dump_stack_lvl+0xe8/0x198 dump_stack+0x18/0x20 rt_spin_lock+0x8c/0x1a8 avc_perm_nonode+0xa0/0x150 cred_has_capability.isra.0+0x118/0x218 selinux_capable+0x50/0x80 security_capable+0x7c/0xd0 has_ns_capability_noaudit+0x94/0x1b0 has_capability_noaudit+0x20/0x30 restricted_pointer+0x21c/0x4b0 pointer+0x298/0x760 vsnprintf+0x330/0xf70 seq_printf+0x178/0x218 print_unreferenced+0x1a4/0x2d0 kmemleak_seq_show+0xd0/0x1e0 seq_read_iter+0x354/0xe30 seq_read+0x250/0x378 full_proxy_read+0xd8/0x148 vfs_read+0x190/0x918 ksys_read+0xf0/0x1e0 __arm64_sys_read+0x70/0xa8 invoke_syscall.constprop.0+0xd4/0x1d8 el0_svc+0x50/0x158 el0t_64_sync+0x17c/0x180 %pS and %pK, in the same back trace line, are redundant, and %pS can void %pK service in certain contexts. %pS alone already provides the necessary information, and if it cannot resolve the symbol, it falls back to printing the raw address voiding the original intent behind the %pK. Additionally, %pK requires a privilege check CAP_SYSLOG enforced through the LSM, which can trigger a "sleeping function called from invalid context" warning under RT_PREEMPT kernels when the check occurs in an atomic context. This issue may also affect other LSMs. This change avoids the unnecessary privilege check and resolves the sleeping function warning without any loss of information.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/kmemleak: fix sleeping function called from invalid context at print message\n\nAddress a bug in the kernel that triggers a "sleeping function called from\ninvalid context" warning when /sys/kernel/debug/kmemleak is printed under\nspecific conditions:\n- CONFIG_PREEMPT_RT=y\n- Set SELinux as the LSM for the system\n- Set kptr_restrict to 1\n- kmemleak buffer contains at least one item\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 136, name: cat\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n6 locks held by cat/136:\n #0: ffff32e64bcbf950 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb8/0xe30\n #1: ffffafe6aaa9dea0 (scan_mutex){+.+.}-{3:3}, at: kmemleak_seq_start+0x34/0x128\n #3: ffff32e6546b1cd0 (&object->lock){....}-{2:2}, at: kmemleak_seq_show+0x3c/0x1e0\n #4: ffffafe6aa8d8560 (rcu_read_lock){....}-{1:2}, at: has_ns_capability_noaudit+0x8/0x1b0\n #5: ffffafe6aabbc0f8 (notif_lock){+.+.}-{2:2}, at: avc_compute_av+0xc4/0x3d0\nirq event stamp: 136660\nhardirqs last enabled at (136659): [<ffffafe6a80fd7a0>] _raw_spin_unlock_irqrestore+0xa8/0xd8\nhardirqs last disabled at (136660): [<ffffafe6a80fd85c>] _raw_spin_lock_irqsave+0x8c/0xb0\nsoftirqs last enabled at (0): [<ffffafe6a5d50b28>] copy_process+0x11d8/0x3df8\nsoftirqs last disabled at (0): [<0000000000000000>] 0x0\nPreemption disabled at:\n[<ffffafe6a6598a4c>] kmemleak_seq_show+0x3c/0x1e0\nCPU: 1 UID: 0 PID: 136 Comm: cat Tainted: G E 6.11.0-rt7+ #34\nTainted: [E]=UNSIGNED_MODULE\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace+0xa0/0x128\n show_stack+0x1c/0x30\n dump_stack_lvl+0xe8/0x198\n dump_stack+0x18/0x20\n rt_spin_lock+0x8c/0x1a8\n avc_perm_nonode+0xa0/0x150\n cred_has_capability.isra.0+0x118/0x218\n selinux_capable+0x50/0x80\n security_capable+0x7c/0xd0\n has_ns_capability_noaudit+0x94/0x1b0\n has_capability_noaudit+0x20/0x30\n restricted_pointer+0x21c/0x4b0\n pointer+0x298/0x760\n vsnprintf+0x330/0xf70\n seq_printf+0x178/0x218\n print_unreferenced+0x1a4/0x2d0\n kmemleak_seq_show+0xd0/0x1e0\n seq_read_iter+0x354/0xe30\n seq_read+0x250/0x378\n full_proxy_read+0xd8/0x148\n vfs_read+0x190/0x918\n ksys_read+0xf0/0x1e0\n __arm64_sys_read+0x70/0xa8\n invoke_syscall.constprop.0+0xd4/0x1d8\n el0_svc+0x50/0x158\n el0t_64_sync+0x17c/0x180\n\n%pS and %pK, in the same back trace line, are redundant, and %pS can void\n%pK service in certain contexts.\n\n%pS alone already provides the necessary information, and if it cannot\nresolve the symbol, it falls back to printing the raw address voiding\nthe original intent behind the %pK.\n\nAdditionally, %pK requires a privilege check CAP_SYSLOG enforced through\nthe LSM, which can trigger a "sleeping function called from invalid\ncontext" warning under RT_PREEMPT kernels when the check occurs in an\natomic context. This issue may also affect other LSMs.\n\nThis change avoids the unnecessary privilege check and resolves the\nsleeping function warning without any loss of information.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06259 |
ubuntu: CVE-2024-57885 was patched at 2025-03-27, 2025-04-01
224. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57886) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() Patch series "mm/damon/core: fix memory leaks and ignored inputs from damon_commit_ctx()". Due to two bugs in damon_commit_targets() and damon_commit_schemes(), which are called from damon_commit_ctx(), some user inputs can be ignored, and some mmeory objects can be leaked. Fix those. Note that only DAMON sysfs interface users are affected. Other DAMON core API user modules that more focused more on simple and dedicated production usages, including DAMON_RECLAIM and DAMON_LRU_SORT are not using the buggy function in the way, so not affected. This patch (of 2): When new DAMON targets are added via damon_commit_targets(), the newly created targets are not deallocated when updating the internal data (damon_commit_target()) is failed. Worse yet, even if the setup is successfully done, the new target is not linked to the context. Hence, the new targets are always leaked regardless of the internal data setup failure. Fix the leaks.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: fix new damon_target objects leaks on damon_commit_targets()\n\nPatch series "mm/damon/core: fix memory leaks and ignored inputs from\ndamon_commit_ctx()".\n\nDue to two bugs in damon_commit_targets() and damon_commit_schemes(),\nwhich are called from damon_commit_ctx(), some user inputs can be ignored,\nand some mmeory objects can be leaked. Fix those.\n\nNote that only DAMON sysfs interface users are affected. Other DAMON core\nAPI user modules that more focused more on simple and dedicated production\nusages, including DAMON_RECLAIM and DAMON_LRU_SORT are not using the buggy\nfunction in the way, so not affected.\n\n\nThis patch (of 2):\n\nWhen new DAMON targets are added via damon_commit_targets(), the newly\ncreated targets are not deallocated when updating the internal data\n(damon_commit_target()) is failed. Worse yet, even if the setup is\nsuccessfully done, the new target is not linked to the context. Hence,\nthe new targets are always leaked regardless of the internal data setup\nfailure. Fix the leaks.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57886 was patched at 2025-03-27, 2025-04-01
225. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57918) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix page fault due to max surface definition mismatch DC driver is using two different values to define the maximum number of surfaces: MAX_SURFACES and MAX_SURFACE_NUM. Consolidate MAX_SURFACES as the unique definition for surface updates across DC. It fixes page fault faced by Cosmic users on AMD display versions that support two overlay planes, since the introduction of cursor overlay mode. [Nov26 21:33] BUG: unable to handle page fault for address: 0000000051d0f08b [ +0.000015] #PF: supervisor read access in kernel mode [ +0.000006] #PF: error_code(0x0000) - not-present page [ +0.000005] PGD 0 P4D 0 [ +0.000007] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ +0.000006] CPU: 4 PID: 71 Comm: kworker/u32:6 Not tainted 6.10.0+ #300 [ +0.000006] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024 [ +0.000007] Workqueue: events_unbound commit_work [drm_kms_helper] [ +0.000040] RIP: 0010:copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu] [ +0.000847] Code: 8b 10 49 89 94 24 f8 00 00 00 48 8b 50 08 49 89 94 24 00 01 00 00 8b 40 10 41 89 84 24 08 01 00 00 49 8b 45 78 48 85 c0 74 0b <0f> b6 00 41 88 84 24 90 64 00 00 49 8b 45 60 48 85 c0 74 3b 48 8b [ +0.000010] RSP: 0018:ffffc203802f79a0 EFLAGS: 00010206 [ +0.000009] RAX: 0000000051d0f08b RBX: 0000000000000004 RCX: ffff9f964f0a8070 [ +0.000004] RDX: ffff9f9710f90e40 RSI: ffff9f96600c8000 RDI: ffff9f964f000000 [ +0.000004] RBP: ffffc203802f79f8 R08: 0000000000000000 R09: 0000000000000000 [ +0.000005] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9f96600c8000 [ +0.000004] R13: ffff9f9710f90e40 R14: ffff9f964f000000 R15: ffff9f96600c8000 [ +0.000004] FS: 0000000000000000(0000) GS:ffff9f9970000000(0000) knlGS:0000000000000000 [ +0.000005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000005] CR2: 0000000051d0f08b CR3: 00000002e6a20000 CR4: 0000000000350ef0 [ +0.000005] Call Trace: [ +0.000011] <TASK> [ +0.000010] ? __die_body.cold+0x19/0x27 [ +0.000012] ? page_fault_oops+0x15a/0x2d0 [ +0.000014] ? exc_page_fault+0x7e/0x180 [ +0.000009] ? asm_exc_page_fault+0x26/0x30 [ +0.000013] ? copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu] [ +0.000739] ? dc_commit_state_no_check+0xd6c/0xe70 [amdgpu] [ +0.000470] update_planes_and_stream_state+0x49b/0x4f0 [amdgpu] [ +0.000450] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? commit_minimal_transition_state+0x239/0x3d0 [amdgpu] [ +0.000446] update_planes_and_stream_v2+0x24a/0x590 [amdgpu] [ +0.000464] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? sort+0x31/0x50 [ +0.000007] ? amdgpu_dm_atomic_commit_tail+0x159f/0x3a30 [amdgpu] [ +0.000508] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? amdgpu_crtc_get_scanout_position+0x28/0x40 [amdgpu] [ +0.000377] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? drm_crtc_vblank_helper_get_vblank_timestamp_internal+0x160/0x390 [drm] [ +0.000058] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? dma_fence_default_wait+0x8c/0x260 [ +0.000010] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? wait_for_completion_timeout+0x13b/0x170 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? dma_fence_wait_timeout+0x108/0x140 [ +0.000010] ? commit_tail+0x94/0x130 [drm_kms_helper] [ +0.000024] ? process_one_work+0x177/0x330 [ +0.000008] ? worker_thread+0x266/0x3a0 [ +0.000006] ? __pfx_worker_thread+0x10/0x10 [ +0.000004] ? kthread+0xd2/0x100 [ +0.000006] ? __pfx_kthread+0x10/0x10 [ +0.000006] ? ret_from_fork+0x34/0x50 [ +0.000004] ? __pfx_kthread+0x10/0x10 [ +0.000005] ? ret_from_fork_asm+0x1a/0x30 [ +0.000011] </TASK> (cherry picked from commit 1c86c81a86c60f9b15d3e3f43af0363cf56063e7)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix page fault due to max surface definition mismatch\n\nDC driver is using two different values to define the maximum number of\nsurfaces: MAX_SURFACES and MAX_SURFACE_NUM. Consolidate MAX_SURFACES as\nthe unique definition for surface updates across DC.\n\nIt fixes page fault faced by Cosmic users on AMD display versions that\nsupport two overlay planes, since the introduction of cursor overlay\nmode.\n\n[Nov26 21:33] BUG: unable to handle page fault for address: 0000000051d0f08b\n[ +0.000015] #PF: supervisor read access in kernel mode\n[ +0.000006] #PF: error_code(0x0000) - not-present page\n[ +0.000005] PGD 0 P4D 0\n[ +0.000007] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000006] CPU: 4 PID: 71 Comm: kworker/u32:6 Not tainted 6.10.0+ #300\n[ +0.000006] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024\n[ +0.000007] Workqueue: events_unbound commit_work [drm_kms_helper]\n[ +0.000040] RIP: 0010:copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu]\n[ +0.000847] Code: 8b 10 49 89 94 24 f8 00 00 00 48 8b 50 08 49 89 94 24 00 01 00 00 8b 40 10 41 89 84 24 08 01 00 00 49 8b 45 78 48 85 c0 74 0b <0f> b6 00 41 88 84 24 90 64 00 00 49 8b 45 60 48 85 c0 74 3b 48 8b\n[ +0.000010] RSP: 0018:ffffc203802f79a0 EFLAGS: 00010206\n[ +0.000009] RAX: 0000000051d0f08b RBX: 0000000000000004 RCX: ffff9f964f0a8070\n[ +0.000004] RDX: ffff9f9710f90e40 RSI: ffff9f96600c8000 RDI: ffff9f964f000000\n[ +0.000004] RBP: ffffc203802f79f8 R08: 0000000000000000 R09: 0000000000000000\n[ +0.000005] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9f96600c8000\n[ +0.000004] R13: ffff9f9710f90e40 R14: ffff9f964f000000 R15: ffff9f96600c8000\n[ +0.000004] FS: 0000000000000000(0000) GS:ffff9f9970000000(0000) knlGS:0000000000000000\n[ +0.000005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000005] CR2: 0000000051d0f08b CR3: 00000002e6a20000 CR4: 0000000000350ef0\n[ +0.000005] Call Trace:\n[ +0.000011] <TASK>\n[ +0.000010] ? __die_body.cold+0x19/0x27\n[ +0.000012] ? page_fault_oops+0x15a/0x2d0\n[ +0.000014] ? exc_page_fault+0x7e/0x180\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\n[ +0.000013] ? copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu]\n[ +0.000739] ? dc_commit_state_no_check+0xd6c/0xe70 [amdgpu]\n[ +0.000470] update_planes_and_stream_state+0x49b/0x4f0 [amdgpu]\n[ +0.000450] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? commit_minimal_transition_state+0x239/0x3d0 [amdgpu]\n[ +0.000446] update_planes_and_stream_v2+0x24a/0x590 [amdgpu]\n[ +0.000464] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? sort+0x31/0x50\n[ +0.000007] ? amdgpu_dm_atomic_commit_tail+0x159f/0x3a30 [amdgpu]\n[ +0.000508] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? amdgpu_crtc_get_scanout_position+0x28/0x40 [amdgpu]\n[ +0.000377] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? drm_crtc_vblank_helper_get_vblank_timestamp_internal+0x160/0x390 [drm]\n[ +0.000058] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? dma_fence_default_wait+0x8c/0x260\n[ +0.000010] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? wait_for_completion_timeout+0x13b/0x170\n[ +0.000006] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? dma_fence_wait_timeout+0x108/0x140\n[ +0.000010] ? commit_tail+0x94/0x130 [drm_kms_helper]\n[ +0.000024] ? process_one_work+0x177/0x330\n[ +0.000008] ? worker_thread+0x266/0x3a0\n[ +0.000006] ? __pfx_worker_thread+0x10/0x10\n[ +0.000004] ? kthread+0xd2/0x100\n[ +0.000006] ? __pfx_kthread+0x10/0x10\n[ +0.000006] ? ret_from_fork+0x34/0x50\n[ +0.000004] ? __pfx_kthread+0x10/0x10\n[ +0.000005] ? ret_from_fork_asm+0x1a/0x30\n[ +0.000011] </TASK>\n\n(cherry picked from commit 1c86c81a86c60f9b15d3e3f43af0363cf56063e7)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57918 was patched at 2025-03-27, 2025-04-01
226. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57932) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these conditions are false. In the case of no loaded XDP program, priv->num_xdp_queues=0 which can cause a divide-by-zero error, and in the case of interface down, num_xdp_queues remains untouched to persist XDP queue count for the next interface up, but the TX pointer itself would be NULL. The XDP xmit callback also needs to synchronize with a device transitioning from open to close. This synchronization will happen via the GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call, which waits for any RCU critical sections at call-time to complete.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngve: guard XDP xmit NDO on existence of xdp queues\n\nIn GVE, dedicated XDP queues only exist when an XDP program is installed\nand the interface is up. As such, the NDO XDP XMIT callback should\nreturn early if either of these conditions are false.\n\nIn the case of no loaded XDP program, priv->num_xdp_queues=0 which can\ncause a divide-by-zero error, and in the case of interface down,\nnum_xdp_queues remains untouched to persist XDP queue count for the next\ninterface up, but the TX pointer itself would be NULL.\n\nThe XDP xmit callback also needs to synchronize with a device\ntransitioning from open to close. This synchronization will happen via\nthe GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call,\nwhich waits for any RCU critical sections at call-time to complete.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06259 |
ubuntu: CVE-2024-57932 was patched at 2025-03-27, 2025-04-01
227. Unknown Vulnerability Type - Linux Kernel (CVE-2024-57935) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will be accessed.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix accessing invalid dip_ctx during destroying QP\n\nIf it fails to modify QP to RTR, dip_ctx will not be attached. And\nduring detroying QP, the invalid dip_ctx pointer will be accessed.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2024-57935 was patched at 2025-03-27, 2025-04-01
228. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21632) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure shadow stack is active before "getting" registers The x86 shadow stack support has its own set of registers. Those registers are XSAVE-managed, but they are "supervisor state components" which means that userspace can not touch them with XSAVE/XRSTOR. It also means that they are not accessible from the existing ptrace ABI for XSAVE state. Thus, there is a new ptrace get/set interface for it. The regset code that ptrace uses provides an ->active() handler in addition to the get/set ones. For shadow stack this ->active() handler verifies that shadow stack is enabled via the ARCH_SHSTK_SHSTK bit in the thread struct. The ->active() handler is checked from some call sites of the regset get/set handlers, but not the ptrace ones. This was not understood when shadow stack support was put in place. As a result, both the set/get handlers can be called with XFEATURE_CET_USER in its init state, which would cause get_xsave_addr() to return NULL and trigger a WARN_ON(). The ssp_set() handler luckily has an ssp_active() check to avoid surprising the kernel with shadow stack behavior when the kernel is not ready for it (ARCH_SHSTK_SHSTK==0). That check just happened to avoid the warning. But the ->get() side wasn't so lucky. It can be called with shadow stacks disabled, triggering the warning in practice, as reported by Christina Schimpe: WARNING: CPU: 5 PID: 1773 at arch/x86/kernel/fpu/regset.c:198 ssp_get+0x89/0xa0 [...] Call Trace: <TASK> ? show_regs+0x6e/0x80 ? ssp_get+0x89/0xa0 ? __warn+0x91/0x150 ? ssp_get+0x89/0xa0 ? report_bug+0x19d/0x1b0 ? handle_bug+0x46/0x80 ? exc_invalid_op+0x1d/0x80 ? asm_exc_invalid_op+0x1f/0x30 ? __pfx_ssp_get+0x10/0x10 ? ssp_get+0x89/0xa0 ? ssp_get+0x52/0xa0 __regset_get+0xad/0xf0 copy_regset_to_user+0x52/0xc0 ptrace_regset+0x119/0x140 ptrace_request+0x13c/0x850 ? wait_task_inactive+0x142/0x1d0 ? do_syscall_64+0x6d/0x90 arch_ptrace+0x102/0x300 [...] Ensure that shadow stacks are active in a thread before looking them up in the XSAVE buffer. Since ARCH_SHSTK_SHSTK and user_ssp[SHSTK_EN] are set at the same time, the active check ensures that there will be something to find in the XSAVE buffer. [ dhansen: changelog/subject tweaks ]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Ensure shadow stack is active before "getting" registers\n\nThe x86 shadow stack support has its own set of registers. Those registers\nare XSAVE-managed, but they are "supervisor state components" which means\nthat userspace can not touch them with XSAVE/XRSTOR. It also means that\nthey are not accessible from the existing ptrace ABI for XSAVE state.\nThus, there is a new ptrace get/set interface for it.\n\nThe regset code that ptrace uses provides an ->active() handler in\naddition to the get/set ones. For shadow stack this ->active() handler\nverifies that shadow stack is enabled via the ARCH_SHSTK_SHSTK bit in the\nthread struct. The ->active() handler is checked from some call sites of\nthe regset get/set handlers, but not the ptrace ones. This was not\nunderstood when shadow stack support was put in place.\n\nAs a result, both the set/get handlers can be called with\nXFEATURE_CET_USER in its init state, which would cause get_xsave_addr() to\nreturn NULL and trigger a WARN_ON(). The ssp_set() handler luckily has an\nssp_active() check to avoid surprising the kernel with shadow stack\nbehavior when the kernel is not ready for it (ARCH_SHSTK_SHSTK==0). That\ncheck just happened to avoid the warning.\n\nBut the ->get() side wasn't so lucky. It can be called with shadow stacks\ndisabled, triggering the warning in practice, as reported by Christina\nSchimpe:\n\nWARNING: CPU: 5 PID: 1773 at arch/x86/kernel/fpu/regset.c:198 ssp_get+0x89/0xa0\n[...]\nCall Trace:\n<TASK>\n? show_regs+0x6e/0x80\n? ssp_get+0x89/0xa0\n? __warn+0x91/0x150\n? ssp_get+0x89/0xa0\n? report_bug+0x19d/0x1b0\n? handle_bug+0x46/0x80\n? exc_invalid_op+0x1d/0x80\n? asm_exc_invalid_op+0x1f/0x30\n? __pfx_ssp_get+0x10/0x10\n? ssp_get+0x89/0xa0\n? ssp_get+0x52/0xa0\n__regset_get+0xad/0xf0\ncopy_regset_to_user+0x52/0xc0\nptrace_regset+0x119/0x140\nptrace_request+0x13c/0x850\n? wait_task_inactive+0x142/0x1d0\n? do_syscall_64+0x6d/0x90\narch_ptrace+0x102/0x300\n[...]\n\nEnsure that shadow stacks are active in a thread before looking them up\nin the XSAVE buffer. Since ARCH_SHSTK_SHSTK and user_ssp[SHSTK_EN] are\nset at the same time, the active check ensures that there will be\nsomething to find in the XSAVE buffer.\n\n[ dhansen: changelog/subject tweaks ]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06259 |
ubuntu: CVE-2025-21632 was patched at 2025-03-27, 2025-04-01
229. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21643) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel async DIO Netfslib needs to be able to handle kernel-initiated asynchronous DIO that is supplied with a bio_vec[] array. Currently, because of the async flag, this gets passed to netfs_extract_user_iter() which throws a warning and fails because it only handles IOVEC and UBUF iterators. This can be triggered through a combination of cifs and a loopback blockdev with something like: mount //my/cifs/share /foo dd if=/dev/zero of=/foo/m0 bs=4K count=1K losetup --sector-size 4096 --direct-io=on /dev/loop2046 /foo/m0 echo hello >/dev/loop2046 This causes the following to appear in syslog: WARNING: CPU: 2 PID: 109 at fs/netfs/iterator.c:50 netfs_extract_user_iter+0x170/0x250 [netfs] and the write to fail. Fix this by removing the check in netfs_unbuffered_write_iter_locked() that causes async kernel DIO writes to be handled as userspace writes. Note that this change relies on the kernel caller maintaining the existence of the bio_vec array (or kvec[] or folio_queue) until the op is complete.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix kernel async DIO\n\nNetfslib needs to be able to handle kernel-initiated asynchronous DIO that\nis supplied with a bio_vec[] array. Currently, because of the async flag,\nthis gets passed to netfs_extract_user_iter() which throws a warning and\nfails because it only handles IOVEC and UBUF iterators. This can be\ntriggered through a combination of cifs and a loopback blockdev with\nsomething like:\n\n mount //my/cifs/share /foo\n dd if=/dev/zero of=/foo/m0 bs=4K count=1K\n losetup --sector-size 4096 --direct-io=on /dev/loop2046 /foo/m0\n echo hello >/dev/loop2046\n\nThis causes the following to appear in syslog:\n\n WARNING: CPU: 2 PID: 109 at fs/netfs/iterator.c:50 netfs_extract_user_iter+0x170/0x250 [netfs]\n\nand the write to fail.\n\nFix this by removing the check in netfs_unbuffered_write_iter_locked() that\ncauses async kernel DIO writes to be handled as userspace writes. Note\nthat this change relies on the kernel caller maintaining the existence of\nthe bio_vec array (or kvec[] or folio_queue) until the op is complete.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00025, EPSS Percentile is 0.05143 |
ubuntu: CVE-2025-21643 was patched at 2025-03-27, 2025-04-01
230. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21654) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ovl: support encoding fid from inode with no alias Dmitry Safonov reported that a WARN_ON() assertion can be trigered by userspace when calling inotify_show_fdinfo() for an overlayfs watched inode, whose dentry aliases were discarded with drop_caches. The WARN_ON() assertion in inotify_show_fdinfo() was removed, because it is possible for encoding file handle to fail for other reason, but the impact of failing to encode an overlayfs file handle goes beyond this assertion. As shown in the LTP test case mentioned in the link below, failure to encode an overlayfs file handle from a non-aliased inode also leads to failure to report an fid with FAN_DELETE_SELF fanotify events. As Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails if it cannot find an alias for the inode, but this failure can be fixed. ovl_encode_fh() seldom uses the alias and in the case of non-decodable file handles, as is often the case with fanotify fid info, ovl_encode_fh() never needs to use the alias to encode a file handle. Defer finding an alias until it is actually needed so ovl_encode_fh() will not fail in the common case of FAN_DELETE_SELF fanotify events.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\novl: support encoding fid from inode with no alias\n\nDmitry Safonov reported that a WARN_ON() assertion can be trigered by\nuserspace when calling inotify_show_fdinfo() for an overlayfs watched\ninode, whose dentry aliases were discarded with drop_caches.\n\nThe WARN_ON() assertion in inotify_show_fdinfo() was removed, because\nit is possible for encoding file handle to fail for other reason, but\nthe impact of failing to encode an overlayfs file handle goes beyond\nthis assertion.\n\nAs shown in the LTP test case mentioned in the link below, failure to\nencode an overlayfs file handle from a non-aliased inode also leads to\nfailure to report an fid with FAN_DELETE_SELF fanotify events.\n\nAs Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails\nif it cannot find an alias for the inode, but this failure can be fixed.\novl_encode_fh() seldom uses the alias and in the case of non-decodable\nfile handles, as is often the case with fanotify fid info,\novl_encode_fh() never needs to use the alias to encode a file handle.\n\nDefer finding an alias until it is actually needed so ovl_encode_fh()\nwill not fail in the common case of FAN_DELETE_SELF fanotify events.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06259 |
ubuntu: CVE-2025-21654 was patched at 2025-03-27, 2025-04-01
231. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21659) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the very least NAPI instance belongs to the same netns as the owner of the genl sock. napi_by_id() can become static now, but it needs to move because of dev_get_by_napi_id().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00031, EPSS Percentile is 0.07051 |
ubuntu: CVE-2025-21659 was patched at 2025-03-27, 2025-04-01
232. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21663) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SID) to be written to the MGBE_WRAP_AXI_ASID0_CTRL register. The current driver is hard coded to use MGBE0's SID for all controllers. This causes softirq time outs and kernel panics when using controllers other than MGBE0. Example dmesg errors when an ethernet cable is connected to MGBE1: [ 116.133290] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx [ 121.851283] tegra-mgbe 6910000.ethernet eth1: NETDEV WATCHDOG: CPU: 5: transmit queue 0 timed out 5690 ms [ 121.851782] tegra-mgbe 6910000.ethernet eth1: Reset adapter. [ 121.892464] tegra-mgbe 6910000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0 [ 121.905920] tegra-mgbe 6910000.ethernet eth1: PHY [stmmac-1:00] driver [Aquantia AQR113] (irq=171) [ 121.907356] tegra-mgbe 6910000.ethernet eth1: Enabling Safety Features [ 121.907578] tegra-mgbe 6910000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported [ 121.908399] tegra-mgbe 6910000.ethernet eth1: registered PTP clock [ 121.908582] tegra-mgbe 6910000.ethernet eth1: configuring for phy/10gbase-r link mode [ 125.961292] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx [ 181.921198] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 181.921404] rcu: \t7-....: (1 GPs behind) idle=540c/1/0x4000000000000002 softirq=1748/1749 fqs=2337 [ 181.921684] rcu: \t(detected by 4, t=6002 jiffies, g=1357, q=1254 ncpus=8) [ 181.921878] Sending NMI from CPU 4 to CPUs 7: [ 181.921886] NMI backtrace for cpu 7 [ 181.922131] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Kdump: loaded Not tainted 6.13.0-rc3+ #6 [ 181.922390] Hardware name: NVIDIA CTI Forge + Orin AGX/Jetson, BIOS 202402.1-Unknown 10/28/2024 [ 181.922658] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 181.922847] pc : handle_softirqs+0x98/0x368 [ 181.922978] lr : __do_softirq+0x18/0x20 [ 181.923095] sp : ffff80008003bf50 [ 181.923189] x29: ffff80008003bf50 x28: 0000000000000008 x27: 0000000000000000 [ 181.923379] x26: ffffce78ea277000 x25: 0000000000000000 x24: 0000001c61befda0 [ 181.924486] x23: 0000000060400009 x22: ffffce78e99918bc x21: ffff80008018bd70 [ 181.925568] x20: ffffce78e8bb00d8 x19: ffff80008018bc20 x18: 0000000000000000 [ 181.926655] x17: ffff318ebe7d3000 x16: ffff800080038000 x15: 0000000000000000 [ 181.931455] x14: ffff000080816680 x13: ffff318ebe7d3000 x12: 000000003464d91d [ 181.938628] x11: 0000000000000040 x10: ffff000080165a70 x9 : ffffce78e8bb0160 [ 181.945804] x8 : ffff8000827b3160 x7 : f9157b241586f343 x6 : eeb6502a01c81c74 [ 181.953068] x5 : a4acfcdd2e8096bb x4 : ffffce78ea277340 x3 : 00000000ffffd1e1 [ 181.960329] x2 : 0000000000000101 x1 : ffffce78ea277340 x0 : ffff318ebe7d3000 [ 181.967591] Call trace: [ 181.970043] handle_softirqs+0x98/0x368 (P) [ 181.974240] __do_softirq+0x18/0x20 [ 181.977743] ____do_softirq+0x14/0x28 [ 181.981415] call_on_irq_stack+0x24/0x30 [ 181.985180] do_softirq_own_stack+0x20/0x30 [ 181.989379] __irq_exit_rcu+0x114/0x140 [ 181.993142] irq_exit_rcu+0x14/0x28 [ 181.996816] el1_interrupt+0x44/0xb8 [ 182.000316] el1h_64_irq_handler+0x14/0x20 [ 182.004343] el1h_64_irq+0x80/0x88 [ 182.007755] cpuidle_enter_state+0xc4/0x4a8 (P) [ 182.012305] cpuidle_enter+0x3c/0x58 [ 182.015980] cpuidle_idle_call+0x128/0x1c0 [ 182.020005] do_idle+0xe0/0xf0 [ 182.023155] cpu_startup_entry+0x3c/0x48 [ 182.026917] secondary_start_kernel+0xdc/0x120 [ 182.031379] __secondary_switched+0x74/0x78 [ 212.971162] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 7-.... } 6103 jiffies s: 417 root: 0x80/. [ 212.985935] rcu: blocking rcu_node structures (internal RCU debug): [ 212.992758] Sending NMI from CPU 0 to CPUs 7: [ 212.998539] NMI backtrace for cpu 7 [ 213.004304] CPU: 7 UID: 0 PI ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: dwmac-tegra: Read iommu stream id from device tree\n\nNvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SID) to be\nwritten to the MGBE_WRAP_AXI_ASID0_CTRL register.\n\nThe current driver is hard coded to use MGBE0's SID for all controllers.\nThis causes softirq time outs and kernel panics when using controllers\nother than MGBE0.\n\nExample dmesg errors when an ethernet cable is connected to MGBE1:\n\n[ 116.133290] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx\n[ 121.851283] tegra-mgbe 6910000.ethernet eth1: NETDEV WATCHDOG: CPU: 5: transmit queue 0 timed out 5690 ms\n[ 121.851782] tegra-mgbe 6910000.ethernet eth1: Reset adapter.\n[ 121.892464] tegra-mgbe 6910000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0\n[ 121.905920] tegra-mgbe 6910000.ethernet eth1: PHY [stmmac-1:00] driver [Aquantia AQR113] (irq=171)\n[ 121.907356] tegra-mgbe 6910000.ethernet eth1: Enabling Safety Features\n[ 121.907578] tegra-mgbe 6910000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported\n[ 121.908399] tegra-mgbe 6910000.ethernet eth1: registered PTP clock\n[ 121.908582] tegra-mgbe 6910000.ethernet eth1: configuring for phy/10gbase-r link mode\n[ 125.961292] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx\n[ 181.921198] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:\n[ 181.921404] rcu: \t7-....: (1 GPs behind) idle=540c/1/0x4000000000000002 softirq=1748/1749 fqs=2337\n[ 181.921684] rcu: \t(detected by 4, t=6002 jiffies, g=1357, q=1254 ncpus=8)\n[ 181.921878] Sending NMI from CPU 4 to CPUs 7:\n[ 181.921886] NMI backtrace for cpu 7\n[ 181.922131] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Kdump: loaded Not tainted 6.13.0-rc3+ #6\n[ 181.922390] Hardware name: NVIDIA CTI Forge + Orin AGX/Jetson, BIOS 202402.1-Unknown 10/28/2024\n[ 181.922658] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 181.922847] pc : handle_softirqs+0x98/0x368\n[ 181.922978] lr : __do_softirq+0x18/0x20\n[ 181.923095] sp : ffff80008003bf50\n[ 181.923189] x29: ffff80008003bf50 x28: 0000000000000008 x27: 0000000000000000\n[ 181.923379] x26: ffffce78ea277000 x25: 0000000000000000 x24: 0000001c61befda0\n[ 181.924486] x23: 0000000060400009 x22: ffffce78e99918bc x21: ffff80008018bd70\n[ 181.925568] x20: ffffce78e8bb00d8 x19: ffff80008018bc20 x18: 0000000000000000\n[ 181.926655] x17: ffff318ebe7d3000 x16: ffff800080038000 x15: 0000000000000000\n[ 181.931455] x14: ffff000080816680 x13: ffff318ebe7d3000 x12: 000000003464d91d\n[ 181.938628] x11: 0000000000000040 x10: ffff000080165a70 x9 : ffffce78e8bb0160\n[ 181.945804] x8 : ffff8000827b3160 x7 : f9157b241586f343 x6 : eeb6502a01c81c74\n[ 181.953068] x5 : a4acfcdd2e8096bb x4 : ffffce78ea277340 x3 : 00000000ffffd1e1\n[ 181.960329] x2 : 0000000000000101 x1 : ffffce78ea277340 x0 : ffff318ebe7d3000\n[ 181.967591] Call trace:\n[ 181.970043] handle_softirqs+0x98/0x368 (P)\n[ 181.974240] __do_softirq+0x18/0x20\n[ 181.977743] ____do_softirq+0x14/0x28\n[ 181.981415] call_on_irq_stack+0x24/0x30\n[ 181.985180] do_softirq_own_stack+0x20/0x30\n[ 181.989379] __irq_exit_rcu+0x114/0x140\n[ 181.993142] irq_exit_rcu+0x14/0x28\n[ 181.996816] el1_interrupt+0x44/0xb8\n[ 182.000316] el1h_64_irq_handler+0x14/0x20\n[ 182.004343] el1h_64_irq+0x80/0x88\n[ 182.007755] cpuidle_enter_state+0xc4/0x4a8 (P)\n[ 182.012305] cpuidle_enter+0x3c/0x58\n[ 182.015980] cpuidle_idle_call+0x128/0x1c0\n[ 182.020005] do_idle+0xe0/0xf0\n[ 182.023155] cpu_startup_entry+0x3c/0x48\n[ 182.026917] secondary_start_kernel+0xdc/0x120\n[ 182.031379] __secondary_switched+0x74/0x78\n[ 212.971162] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 7-.... } 6103 jiffies s: 417 root: 0x80/.\n[ 212.985935] rcu: blocking rcu_node structures (internal RCU debug):\n[ 212.992758] Sending NMI from CPU 0 to CPUs 7:\n[ 212.998539] NMI backtrace for cpu 7\n[ 213.004304] CPU: 7 UID: 0 PI\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.0003, EPSS Percentile is 0.06801 |
ubuntu: CVE-2025-21663 was patched at 2025-03-27, 2025-04-01
233. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21834) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: seccomp: passthrough uretprobe systemcall without filtering When attaching uretprobes to processes running inside docker, the attached process is segfaulted when encountering the retprobe. The reason is that now that uretprobe is a system call the default seccomp filters in docker block it as they only allow a specific set of known syscalls. This is true for other userspace applications which use seccomp to control their syscall surface. Since uretprobe is a "kernel implementation detail" system call which is not used by userspace application code directly, it is impractical and there's very little point in forcing all userspace applications to explicitly allow it in order to avoid crashing tracked processes. Pass this systemcall through seccomp without depending on configuration. Note: uretprobe is currently only x86_64 and isn't expected to ever be supported in i386. [kees: minimized changes for easier backporting, tweaked commit log]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nseccomp: passthrough uretprobe systemcall without filtering\n\nWhen attaching uretprobes to processes running inside docker, the attached\nprocess is segfaulted when encountering the retprobe.\n\nThe reason is that now that uretprobe is a system call the default seccomp\nfilters in docker block it as they only allow a specific set of known\nsyscalls. This is true for other userspace applications which use seccomp\nto control their syscall surface.\n\nSince uretprobe is a "kernel implementation detail" system call which is\nnot used by userspace application code directly, it is impractical and\nthere's very little point in forcing all userspace applications to\nexplicitly allow it in order to avoid crashing tracked processes.\n\nPass this systemcall through seccomp without depending on configuration.\n\nNote: uretprobe is currently only x86_64 and isn't expected to ever be\nsupported in i386.\n\n[kees: minimized changes for easier backporting, tweaked commit log]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00027, EPSS Percentile is 0.05749 |
ubuntu: CVE-2025-21834 was patched at 2025-03-27, 2025-04-01
234. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21881) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobe_write_opcode() We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3 flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff) raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x32/0x50 bad_page+0x69/0xf0 free_unref_page_prepare+0x401/0x500 free_unref_page+0x6d/0x1b0 uprobe_write_opcode+0x460/0x8e0 install_breakpoint.part.0+0x51/0x80 register_for_each_vma+0x1d9/0x2b0 __uprobe_register+0x245/0x300 bpf_uprobe_multi_link_attach+0x29b/0x4f0 link_create+0x1e2/0x280 __sys_bpf+0x75f/0xac0 __x64_sys_bpf+0x1a/0x30 do_syscall_64+0x56/0x100 entry_SYSCALL_64_after_hwframe+0x78/0xe2 BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1 The following syzkaller test case can be used to reproduce: r2 = creat(&(0x7f0000000000)='./file0\\x00', 0x8) write$nbd(r2, &(0x7f0000000580)=ANY=[], 0x10) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0) r5 = userfaultfd(0x80801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x20}) r6 = userfaultfd(0x80801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x2, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000120000000000000000000095"], &(0x7f0000000000)='GPL\\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={&(0x7f0000000080)='./file0\\x00', &(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40) The cause is that zero pfn is set to the PTE without increasing the RSS count in mfill_atomic_pte_zeropage() and the refcount of zero folio does not increase accordingly. Then, the operation on the same pfn is performed in uprobe_write_opcode()->__replace_page() to unconditional decrease the RSS count and old_folio's refcount. Therefore, two bugs are introduced: 1. The RSS count is incorrect, when process exit, the check_mm() report error "Bad rss-count". 2. The reserved folio (zero folio) is freed when folio->refcount is zero, then free_pages_prepare->free_page_is_bad() report error "Bad page state". There is more, the following warning could also theoretically be triggered: __replace_page() -> ... -> folio_remove_rmap_pte() -> VM_WARN_ON_FOLIO(is_zero_folio(folio), folio) Considering that uprobe hit on the zero folio is a very rare case, just reject zero old folio immediately after get_user_page_vma_remote(). [ mingo: Cleaned up the changelog ]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n <TASK>\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(&(0x7f0000000000)='./file0\\x00', 0x8)\n write$nbd(r2, &(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\\x00', 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x2, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000120000000000000000000095"], &(0x7f0000000000)='GPL\\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={&(0x7f0000000080)='./file0\\x00', &(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()->__replace_page() to unconditional decrease the\nRSS count and old_folio's refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error "Bad rss-count".\n\n 2. The reserved folio (zero folio) is freed when folio->refcount is zero,\n then free_pages_prepare->free_page_is_bad() report error\n "Bad page state".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -> ...\n -> folio_remove_rmap_pte()\n -> VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13359 |
debian: CVE-2025-21881 was patched at 2025-04-12, 2025-04-23
235. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21899) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting named_triggers list The following commands causes a crash: ~# cd /sys/kernel/tracing/events/rcu/rcu_callback ~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' > trigger bash: echo: write error: Invalid argument ~# echo 'hist:name=bad:keys=common_pid' > trigger Because the following occurs: event_trigger_write() { trigger_process_regex() { event_hist_trigger_parse() { data = event_trigger_alloc(..); event_trigger_register(.., data) { cmd_ops->reg(.., data, ..) [hist_register_trigger()] { data->ops->init() [event_hist_trigger_init()] { save_named_trigger(name, data) { list_add(&data->named_list, &named_triggers); } } } } ret = create_actions(); (return -EINVAL) if (ret) goto out_unreg; [..] ret = hist_trigger_enable(data, ...) { list_add_tail_rcu(&data->list, &file->triggers); <<<---- SKIPPED!!! (this is important!) [..] out_unreg: event_hist_unregister(.., data) { cmd_ops->unreg(.., data, ..) [hist_unregister_trigger()] { list_for_each_entry(iter, &file->triggers, list) { if (!hist_trigger_match(data, iter, named_data, false)) <- never matches continue; [..] test = iter; } if (test && test->ops->free) <<<-- test is NULL test->ops->free(test) [event_hist_trigger_free()] { [..] if (data->name) del_named_trigger(data) { list_del(&data->named_list); <<<<-- NEVER gets removed! } } } } [..] kfree(data); <<<-- frees item but it is still on list The next time a hist with name is registered, it causes an u-a-f bug and the kernel can crash. Move the code around such that if event_trigger_register() succeeds, the next thing called is hist_trigger_enable() which adds it to the list. A bunch of actions is called if get_named_trigger_data() returns false. But that doesn't need to be called after event_trigger_register(), so it can be moved up, allowing event_trigger_register() to be called just before hist_trigger_enable() keeping them together and allowing the file->triggers to be properly populated.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix bad hist from corrupting named_triggers list\n\nThe following commands causes a crash:\n\n ~# cd /sys/kernel/tracing/events/rcu/rcu_callback\n ~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' > trigger\n bash: echo: write error: Invalid argument\n ~# echo 'hist:name=bad:keys=common_pid' > trigger\n\nBecause the following occurs:\n\nevent_trigger_write() {\n trigger_process_regex() {\n event_hist_trigger_parse() {\n\n data = event_trigger_alloc(..);\n\n event_trigger_register(.., data) {\n cmd_ops->reg(.., data, ..) [hist_register_trigger()] {\n data->ops->init() [event_hist_trigger_init()] {\n save_named_trigger(name, data) {\n list_add(&data->named_list, &named_triggers);\n }\n }\n }\n }\n\n ret = create_actions(); (return -EINVAL)\n if (ret)\n goto out_unreg;\n[..]\n ret = hist_trigger_enable(data, ...) {\n list_add_tail_rcu(&data->list, &file->triggers); <<<---- SKIPPED!!! (this is important!)\n[..]\n out_unreg:\n event_hist_unregister(.., data) {\n cmd_ops->unreg(.., data, ..) [hist_unregister_trigger()] {\n list_for_each_entry(iter, &file->triggers, list) {\n if (!hist_trigger_match(data, iter, named_data, false)) <- never matches\n continue;\n [..]\n test = iter;\n }\n if (test && test->ops->free) <<<-- test is NULL\n\n test->ops->free(test) [event_hist_trigger_free()] {\n [..]\n if (data->name)\n del_named_trigger(data) {\n list_del(&data->named_list); <<<<-- NEVER gets removed!\n }\n }\n }\n }\n\n [..]\n kfree(data); <<<-- frees item but it is still on list\n\nThe next time a hist with name is registered, it causes an u-a-f bug and\nthe kernel can crash.\n\nMove the code around such that if event_trigger_register() succeeds, the\nnext thing called is hist_trigger_enable() which adds it to the list.\n\nA bunch of actions is called if get_named_trigger_data() returns false.\nBut that doesn't need to be called after event_trigger_register(), so it\ncan be moved up, allowing event_trigger_register() to be called just\nbefore hist_trigger_enable() keeping them together and allowing the\nfile->triggers to be properly populated.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.11863 |
debian: CVE-2025-21899 was patched at 2025-04-12, 2025-04-23
236. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21913) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Xen doesn't offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results in the following warning: unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0) Call Trace: xen_read_msr+0x1e/0x30 amd_get_mmconfig_range+0x2b/0x80 quirk_amd_mmconfig_area+0x28/0x100 pnp_fixup_device+0x39/0x50 __pnp_add_device+0xf/0x150 pnp_add_device+0x3d/0x100 pnpacpi_add_device_handler+0x1f9/0x280 acpi_ns_get_device_callback+0x104/0x1c0 acpi_ns_walk_namespace+0x1d0/0x260 acpi_get_devices+0x8a/0xb0 pnpacpi_init+0x50/0x80 do_one_initcall+0x46/0x2e0 kernel_init_freeable+0x1da/0x2f0 kernel_init+0x16/0x1b0 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1b/0x30 based on quirks for a "PNP0c01" device. Treating MMCFG as disabled is the right course of action, so no change is needed there. This was most likely exposed by fixing the Xen MSR accessors to not be silently-safe.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()\n\nXen doesn't offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results\nin the following warning:\n\n unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0)\n Call Trace:\n xen_read_msr+0x1e/0x30\n amd_get_mmconfig_range+0x2b/0x80\n quirk_amd_mmconfig_area+0x28/0x100\n pnp_fixup_device+0x39/0x50\n __pnp_add_device+0xf/0x150\n pnp_add_device+0x3d/0x100\n pnpacpi_add_device_handler+0x1f9/0x280\n acpi_ns_get_device_callback+0x104/0x1c0\n acpi_ns_walk_namespace+0x1d0/0x260\n acpi_get_devices+0x8a/0xb0\n pnpacpi_init+0x50/0x80\n do_one_initcall+0x46/0x2e0\n kernel_init_freeable+0x1da/0x2f0\n kernel_init+0x16/0x1b0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\n\nbased on quirks for a "PNP0c01" device. Treating MMCFG as disabled is the\nright course of action, so no change is needed there.\n\nThis was most likely exposed by fixing the Xen MSR accessors to not be\nsilently-safe.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.11863 |
debian: CVE-2025-21913 was patched at 2025-04-12, 2025-04-23
237. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21938) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr If multiple connection requests attempt to create an implicit mptcp endpoint in parallel, more than one caller may end up in mptcp_pm_nl_append_new_local_addr because none found the address in local_addr_list during their call to mptcp_pm_nl_get_local_id. In this case, the concurrent new_local_addr calls may delete the address entry created by the previous caller. These deletes use synchronize_rcu, but this is not permitted in some of the contexts where this function may be called. During packet recv, the caller may be in a rcu read critical section and have preemption disabled. An example stack: BUG: scheduling while atomic: swapper/2/0/0x00000302 Call Trace: <IRQ> dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1)) dump_stack (lib/dump_stack.c:124) __schedule_bug (kernel/sched/core.c:5943) schedule_debug.constprop.0 (arch/x86/include/asm/preempt.h:33 kernel/sched/core.c:5970) __schedule (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 kernel/sched/features.h:29 kernel/sched/core.c:6621) schedule (arch/x86/include/asm/preempt.h:84 kernel/sched/core.c:6804 kernel/sched/core.c:6818) schedule_timeout (kernel/time/timer.c:2160) wait_for_completion (kernel/sched/completion.c:96 kernel/sched/completion.c:116 kernel/sched/completion.c:127 kernel/sched/completion.c:148) __wait_rcu_gp (include/linux/rcupdate.h:311 kernel/rcu/update.c:444) synchronize_rcu (kernel/rcu/tree.c:3609) mptcp_pm_nl_append_new_local_addr (net/mptcp/pm_netlink.c:966 net/mptcp/pm_netlink.c:1061) mptcp_pm_nl_get_local_id (net/mptcp/pm_netlink.c:1164) mptcp_pm_get_local_id (net/mptcp/pm.c:420) subflow_check_req (net/mptcp/subflow.c:98 net/mptcp/subflow.c:213) subflow_v4_route_req (net/mptcp/subflow.c:305) tcp_conn_request (net/ipv4/tcp_input.c:7216) subflow_v4_conn_request (net/mptcp/subflow.c:651) tcp_rcv_state_process (net/ipv4/tcp_input.c:6709) tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1934) tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2334) ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205 (discriminator 1)) ip_local_deliver_finish (include/linux/rcupdate.h:813 net/ipv4/ip_input.c:234) ip_local_deliver (include/linux/netfilter.h:314 include/linux/netfilter.h:308 net/ipv4/ip_input.c:254) ip_sublist_rcv_finish (include/net/dst.h:461 net/ipv4/ip_input.c:580) ip_sublist_rcv (net/ipv4/ip_input.c:640) ip_list_rcv (net/ipv4/ip_input.c:675) __netif_receive_skb_list_core (net/core/dev.c:5583 net/core/dev.c:5631) netif_receive_skb_list_internal (net/core/dev.c:5685 net/core/dev.c:5774) napi_complete_done (include/linux/list.h:37 include/net/gro.h:449 include/net/gro.h:444 net/core/dev.c:6114) igb_poll (drivers/net/ethernet/intel/igb/igb_main.c:8244) igb __napi_poll (net/core/dev.c:6582) net_rx_action (net/core/dev.c:6653 net/core/dev.c:6787) handle_softirqs (kernel/softirq.c:553) __irq_exit_rcu (kernel/softirq.c:588 kernel/softirq.c:427 kernel/softirq.c:636) irq_exit_rcu (kernel/softirq.c:651) common_interrupt (arch/x86/kernel/irq.c:247 (discriminator 14)) </IRQ> This problem seems particularly prevalent if the user advertises an endpoint that has a different external vs internal address. In the case where the external address is advertised and multiple connections already exist, multiple subflow SYNs arrive in parallel which tends to trigger the race during creation of the first local_addr_list entries which have the internal address instead. Fix by skipping the replacement of an existing implicit local address if called via mptcp_pm_nl_get_local_id.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr\n\nIf multiple connection requests attempt to create an implicit mptcp\nendpoint in parallel, more than one caller may end up in\nmptcp_pm_nl_append_new_local_addr because none found the address in\nlocal_addr_list during their call to mptcp_pm_nl_get_local_id. In this\ncase, the concurrent new_local_addr calls may delete the address entry\ncreated by the previous caller. These deletes use synchronize_rcu, but\nthis is not permitted in some of the contexts where this function may be\ncalled. During packet recv, the caller may be in a rcu read critical\nsection and have preemption disabled.\n\nAn example stack:\n\n BUG: scheduling while atomic: swapper/2/0/0x00000302\n\n Call Trace:\n <IRQ>\n dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\n dump_stack (lib/dump_stack.c:124)\n __schedule_bug (kernel/sched/core.c:5943)\n schedule_debug.constprop.0 (arch/x86/include/asm/preempt.h:33 kernel/sched/core.c:5970)\n __schedule (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 kernel/sched/features.h:29 kernel/sched/core.c:6621)\n schedule (arch/x86/include/asm/preempt.h:84 kernel/sched/core.c:6804 kernel/sched/core.c:6818)\n schedule_timeout (kernel/time/timer.c:2160)\n wait_for_completion (kernel/sched/completion.c:96 kernel/sched/completion.c:116 kernel/sched/completion.c:127 kernel/sched/completion.c:148)\n __wait_rcu_gp (include/linux/rcupdate.h:311 kernel/rcu/update.c:444)\n synchronize_rcu (kernel/rcu/tree.c:3609)\n mptcp_pm_nl_append_new_local_addr (net/mptcp/pm_netlink.c:966 net/mptcp/pm_netlink.c:1061)\n mptcp_pm_nl_get_local_id (net/mptcp/pm_netlink.c:1164)\n mptcp_pm_get_local_id (net/mptcp/pm.c:420)\n subflow_check_req (net/mptcp/subflow.c:98 net/mptcp/subflow.c:213)\n subflow_v4_route_req (net/mptcp/subflow.c:305)\n tcp_conn_request (net/ipv4/tcp_input.c:7216)\n subflow_v4_conn_request (net/mptcp/subflow.c:651)\n tcp_rcv_state_process (net/ipv4/tcp_input.c:6709)\n tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1934)\n tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2334)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205 (discriminator 1))\n ip_local_deliver_finish (include/linux/rcupdate.h:813 net/ipv4/ip_input.c:234)\n ip_local_deliver (include/linux/netfilter.h:314 include/linux/netfilter.h:308 net/ipv4/ip_input.c:254)\n ip_sublist_rcv_finish (include/net/dst.h:461 net/ipv4/ip_input.c:580)\n ip_sublist_rcv (net/ipv4/ip_input.c:640)\n ip_list_rcv (net/ipv4/ip_input.c:675)\n __netif_receive_skb_list_core (net/core/dev.c:5583 net/core/dev.c:5631)\n netif_receive_skb_list_internal (net/core/dev.c:5685 net/core/dev.c:5774)\n napi_complete_done (include/linux/list.h:37 include/net/gro.h:449 include/net/gro.h:444 net/core/dev.c:6114)\n igb_poll (drivers/net/ethernet/intel/igb/igb_main.c:8244) igb\n __napi_poll (net/core/dev.c:6582)\n net_rx_action (net/core/dev.c:6653 net/core/dev.c:6787)\n handle_softirqs (kernel/softirq.c:553)\n __irq_exit_rcu (kernel/softirq.c:588 kernel/softirq.c:427 kernel/softirq.c:636)\n irq_exit_rcu (kernel/softirq.c:651)\n common_interrupt (arch/x86/kernel/irq.c:247 (discriminator 14))\n </IRQ>\n\nThis problem seems particularly prevalent if the user advertises an\nendpoint that has a different external vs internal address. In the case\nwhere the external address is advertised and multiple connections\nalready exist, multiple subflow SYNs arrive in parallel which tends to\ntrigger the race during creation of the first local_addr_list entries\nwhich have the internal address instead.\n\nFix by skipping the replacement of an existing implicit local address if\ncalled via mptcp_pm_nl_get_local_id.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.11863 |
debian: CVE-2025-21938 was patched at 2025-04-12, 2025-04-23
238. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21944) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix bug on trap in smb2_lock If lock count is greater than 1, flags could be old value. It should be checked with flags of smb_lock, not flags. It will cause bug-on trap from locks_free_lock in error handling routine.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix bug on trap in smb2_lock\n\nIf lock count is greater than 1, flags could be old value.\nIt should be checked with flags of smb_lock, not flags.\nIt will cause bug-on trap from locks_free_lock in error handling\nroutine.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.11863 |
debian: CVE-2025-21944 was patched at 2025-04-12, 2025-04-23
239. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21960) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() The bnxt_rx_pkt() updates ip_summed value at the end if checksum offload is enabled. When the XDP-MB program is attached and it returns XDP_PASS, the bnxt_xdp_build_skb() is called to update skb_shared_info. The main purpose of bnxt_xdp_build_skb() is to update skb_shared_info, but it updates ip_summed value too if checksum offload is enabled. This is actually duplicate work. When the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed is CHECKSUM_NONE or not. It means that ip_summed should be CHECKSUM_NONE at this moment. But ip_summed may already be updated to CHECKSUM_UNNECESSARY in the XDP-MB-PASS path. So the by skb_checksum_none_assert() WARNS about it. This is duplicate work and updating ip_summed in the bnxt_xdp_build_skb() is not needed. Splat looks like: WARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en] Modules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_] CPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27 Tainted: [W]=WARN Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en] Code: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff <0f> 0b f RSP: 0018:ffff88881ba09928 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000 RDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8 RBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070 R10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080 R13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000 FS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <IRQ> ? __warn+0xcd/0x2f0 ? bnxt_rx_pkt+0x479b/0x7610 ? report_bug+0x326/0x3c0 ? handle_bug+0x53/0xa0 ? exc_invalid_op+0x14/0x50 ? asm_exc_invalid_op+0x16/0x20 ? bnxt_rx_pkt+0x479b/0x7610 ? bnxt_rx_pkt+0x3e41/0x7610 ? __pfx_bnxt_rx_pkt+0x10/0x10 ? napi_complete_done+0x2cf/0x7d0 __bnxt_poll_work+0x4e8/0x1220 ? __pfx___bnxt_poll_work+0x10/0x10 ? __pfx_mark_lock.part.0+0x10/0x10 bnxt_poll_p5+0x36a/0xfa0 ? __pfx_bnxt_poll_p5+0x10/0x10 __napi_poll.constprop.0+0xa0/0x440 net_rx_action+0x899/0xd00 ... Following ping.py patch adds xdp-mb-pass case. so ping.py is going to be able to reproduce this issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: do not update checksum in bnxt_xdp_build_skb()\n\nThe bnxt_rx_pkt() updates ip_summed value at the end if checksum offload\nis enabled.\nWhen the XDP-MB program is attached and it returns XDP_PASS, the\nbnxt_xdp_build_skb() is called to update skb_shared_info.\nThe main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,\nbut it updates ip_summed value too if checksum offload is enabled.\nThis is actually duplicate work.\n\nWhen the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed\nis CHECKSUM_NONE or not.\nIt means that ip_summed should be CHECKSUM_NONE at this moment.\nBut ip_summed may already be updated to CHECKSUM_UNNECESSARY in the\nXDP-MB-PASS path.\nSo the by skb_checksum_none_assert() WARNS about it.\n\nThis is duplicate work and updating ip_summed in the\nbnxt_xdp_build_skb() is not needed.\n\nSplat looks like:\nWARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nModules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]\nCPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27\nTainted: [W]=WARN\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nCode: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff <0f> 0b f\nRSP: 0018:ffff88881ba09928 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000\nRDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8\nRBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070\nR10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080\nR13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000\nFS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? __warn+0xcd/0x2f0\n ? bnxt_rx_pkt+0x479b/0x7610\n ? report_bug+0x326/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? bnxt_rx_pkt+0x479b/0x7610\n ? bnxt_rx_pkt+0x3e41/0x7610\n ? __pfx_bnxt_rx_pkt+0x10/0x10\n ? napi_complete_done+0x2cf/0x7d0\n __bnxt_poll_work+0x4e8/0x1220\n ? __pfx___bnxt_poll_work+0x10/0x10\n ? __pfx_mark_lock.part.0+0x10/0x10\n bnxt_poll_p5+0x36a/0xfa0\n ? __pfx_bnxt_poll_p5+0x10/0x10\n __napi_poll.constprop.0+0xa0/0x440\n net_rx_action+0x899/0xd00\n...\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going\nto be able to reproduce this issue.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.11863 |
debian: CVE-2025-21960 was patched at 2025-04-12, 2025-04-23
240. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21978) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/hyperv: Fix address space leak when Hyper-V DRM device is removed When a Hyper-V DRM device is probed, the driver allocates MMIO space for the vram, and maps it cacheable. If the device removed, or in the error path for device probing, the MMIO space is released but no unmap is done. Consequently the kernel address space for the mapping is leaked. Fix this by adding iounmap() calls in the device removal path, and in the error path during device probing.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hyperv: Fix address space leak when Hyper-V DRM device is removed\n\nWhen a Hyper-V DRM device is probed, the driver allocates MMIO space for\nthe vram, and maps it cacheable. If the device removed, or in the error\npath for device probing, the MMIO space is released but no unmap is done.\nConsequently the kernel address space for the mapping is leaked.\n\nFix this by adding iounmap() calls in the device removal path, and in the\nerror path during device probing.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.11863 |
debian: CVE-2025-21978 was patched at 2025-04-12, 2025-04-23
241. Unknown Vulnerability Type - Linux Kernel (CVE-2025-21986) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Convert blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding / removing notifiers to / from the chain and acquired for reading when traversing the chain and informing notifiers about an event. In case of the blocking switchdev notification chain, recursive notifications are possible which leads to the semaphore being acquired twice for reading and to lockdep warnings being generated [1]. Specifically, this can happen when the bridge driver processes a SWITCHDEV_BRPORT_UNOFFLOADED event which causes it to emit notifications about deferred events when calling switchdev_deferred_process(). Fix this by converting the notification chain to a raw notification chain in a similar fashion to the netdev notification chain. Protect the chain using the RTNL mutex by acquiring it when modifying the chain. Events are always informed under the RTNL mutex, but add an assertion in call_switchdev_blocking_notifiers() to make sure this is not violated in the future. Maintain the "blocking" prefix as events are always emitted from process context and listeners are allowed to block. [1]: WARNING: possible recursive locking detected 6.14.0-rc4-custom-g079270089484 #1 Not tainted -------------------------------------------- ip/52731 is trying to acquire lock: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 but task is already holding lock: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock((switchdev_blocking_notif_chain).rwsem); lock((switchdev_blocking_notif_chain).rwsem); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by ip/52731: #0: ffffffff84f795b0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x727/0x1dc0 #1: ffffffff8731f628 (&net->rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x790/0x1dc0 #2: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 stack backtrace: ... ? __pfx_down_read+0x10/0x10 ? __pfx_mark_lock+0x10/0x10 ? __pfx_switchdev_port_attr_set_deferred+0x10/0x10 blocking_notifier_call_chain+0x58/0xa0 switchdev_port_attr_notify.constprop.0+0xb3/0x1b0 ? __pfx_switchdev_port_attr_notify.constprop.0+0x10/0x10 ? mark_held_locks+0x94/0xe0 ? switchdev_deferred_process+0x11a/0x340 switchdev_port_attr_set_deferred+0x27/0xd0 switchdev_deferred_process+0x164/0x340 br_switchdev_port_unoffload+0xc8/0x100 [bridge] br_switchdev_blocking_event+0x29f/0x580 [bridge] notifier_call_chain+0xa2/0x440 blocking_notifier_call_chain+0x6e/0xa0 switchdev_bridge_port_unoffload+0xde/0x1a0 ...', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: switchdev: Convert blocking notification chain to a raw one\n\nA blocking notification chain uses a read-write semaphore to protect the\nintegrity of the chain. The semaphore is acquired for writing when\nadding / removing notifiers to / from the chain and acquired for reading\nwhen traversing the chain and informing notifiers about an event.\n\nIn case of the blocking switchdev notification chain, recursive\nnotifications are possible which leads to the semaphore being acquired\ntwice for reading and to lockdep warnings being generated [1].\n\nSpecifically, this can happen when the bridge driver processes a\nSWITCHDEV_BRPORT_UNOFFLOADED event which causes it to emit notifications\nabout deferred events when calling switchdev_deferred_process().\n\nFix this by converting the notification chain to a raw notification\nchain in a similar fashion to the netdev notification chain. Protect\nthe chain using the RTNL mutex by acquiring it when modifying the chain.\nEvents are always informed under the RTNL mutex, but add an assertion in\ncall_switchdev_blocking_notifiers() to make sure this is not violated in\nthe future.\n\nMaintain the "blocking" prefix as events are always emitted from process\ncontext and listeners are allowed to block.\n\n[1]:\nWARNING: possible recursive locking detected\n6.14.0-rc4-custom-g079270089484 #1 Not tainted\n--------------------------------------------\nip/52731 is trying to acquire lock:\nffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0\n\nbut task is already holding lock:\nffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0\n\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0\n----\nlock((switchdev_blocking_notif_chain).rwsem);\nlock((switchdev_blocking_notif_chain).rwsem);\n\n*** DEADLOCK ***\nMay be due to missing lock nesting notation\n3 locks held by ip/52731:\n #0: ffffffff84f795b0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x727/0x1dc0\n #1: ffffffff8731f628 (&net->rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x790/0x1dc0\n #2: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0\n\nstack backtrace:\n...\n? __pfx_down_read+0x10/0x10\n? __pfx_mark_lock+0x10/0x10\n? __pfx_switchdev_port_attr_set_deferred+0x10/0x10\nblocking_notifier_call_chain+0x58/0xa0\nswitchdev_port_attr_notify.constprop.0+0xb3/0x1b0\n? __pfx_switchdev_port_attr_notify.constprop.0+0x10/0x10\n? mark_held_locks+0x94/0xe0\n? switchdev_deferred_process+0x11a/0x340\nswitchdev_port_attr_set_deferred+0x27/0xd0\nswitchdev_deferred_process+0x164/0x340\nbr_switchdev_port_unoffload+0xc8/0x100 [bridge]\nbr_switchdev_blocking_event+0x29f/0x580 [bridge]\nnotifier_call_chain+0xa2/0x440\nblocking_notifier_call_chain+0x6e/0xa0\nswitchdev_bridge_port_unoffload+0xde/0x1a0\n...', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.11863 |
debian: CVE-2025-21986 was patched at 2025-04-12, 2025-04-23
242. Unknown Vulnerability Type - Linux Kernel (CVE-2025-22008) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed when first accessing it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: check that dummy regulator has been probed before using it\n\nDue to asynchronous driver probing there is a chance that the dummy\nregulator hasn't already been probed when first accessing it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00032, EPSS Percentile is 0.07556 |
debian: CVE-2025-22008 was patched at 2025-04-12, 2025-04-23
243. Denial of Service - Unknown Product (CVE-2025-30258) - Low [160]
Description: {'nvd_cve_data_all': 'In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.3 | 10 | CVSS Base Score is 2.7. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.0001, EPSS Percentile is 0.00775 |
debian: CVE-2025-30258 was patched at 2025-04-23
ubuntu: CVE-2025-30258 was patched at 2025-04-03
244. Memory Corruption - Unknown Product (CVE-2023-48184) - Low [148]
Description: {'nvd_cve_data_all': 'QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0 | 14 | Unknown Product | |
0.4 | 10 | CVSS Base Score is 3.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14812 |
ubuntu: CVE-2023-48184 was patched at 2025-04-15
245. Memory Corruption - Unknown Product (CVE-2025-32365) - Low [136]
Description: {'nvd_cve_data_all': 'Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0 | 14 | Unknown Product | |
0.4 | 10 | CVSS Base Score is 4.0. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.0273 |
debian: CVE-2025-32365 was patched at 2025-04-23
ubuntu: CVE-2025-32365 was patched at 2025-04-08, 2025-04-09
246. Unknown Vulnerability Type - MongoDB (CVE-2024-8013) - Low [135]
Description: {'nvd_cve_data_all': 'A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.6 | 14 | MongoDB is a source-available, cross-platform, document-oriented database program | |
0.3 | 10 | CVSS Base Score is 3.3. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.0001, EPSS Percentile is 0.00753 |
redos: CVE-2024-8013 was patched at 2025-03-26
247. Unknown Vulnerability Type - Unknown Product (CVE-2025-30204) - Low [95]
Description: {'nvd_cve_data_all': 'golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00024, EPSS Percentile is 0.04945 |
almalinux: CVE-2025-30204 was patched at 2025-03-27
debian: CVE-2025-30204 was patched at 2025-04-23
oraclelinux: CVE-2025-30204 was patched at 2025-03-27
redhat: CVE-2025-30204 was patched at 2025-03-27, 2025-03-31, 2025-04-07, 2025-04-08
248. Unknown Vulnerability Type - Unknown Product (CVE-2025-27796) - Low [59]
Description: {'nvd_cve_data_all': 'ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.5 | 10 | CVSS Base Score is 4.5. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00021, EPSS Percentile is 0.03893 |
ubuntu: CVE-2025-27796 was patched at 2025-04-14
249. Unknown Vulnerability Type - Unknown Product (CVE-2024-33263) - Low [47]
Description: {'nvd_cve_data_all': 'QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.4 | 10 | CVSS Base Score is 4.0. According to NVD data source | |
0.0 | 10 | EPSS Probability is 0.00014, EPSS Percentile is 0.01471 |
ubuntu: CVE-2024-33263 was patched at 2025-04-15
250. Unknown Vulnerability Type - Unknown Product (CVE-2024-53159) - Low [0]
Description: {'nvd_cve_data_all': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
redos: CVE-2024-53159 was patched at 2025-03-20
251. Unknown Vulnerability Type - Unknown Product (CVE-2025-31510) - Low [0]
Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2025-31510 was patched at 2025-04-08, 2025-04-23
redos: CVE-2025-26794 was patched at 2025-04-03
redos: CVE-2023-39593 was patched at 2025-03-26
redos: CVE-2025-21626 was patched at 2025-04-02
redos: CVE-2025-23024 was patched at 2025-04-02
debian: CVE-2024-56406 was patched at 2025-04-13, 2025-04-23
ubuntu: CVE-2024-56406 was patched at 2025-04-14, 2025-04-23
almalinux: CVE-2025-3028 was patched at 2025-04-03, 2025-04-24
debian: CVE-2025-3028 was patched at 2025-04-02, 2025-04-03, 2025-04-23
oraclelinux: CVE-2025-3028 was patched at 2025-04-03, 2025-04-22, 2025-04-24
redhat: CVE-2025-3028 was patched at 2025-04-03, 2025-04-07, 2025-04-23, 2025-04-24
redos: CVE-2025-3028 was patched at 2025-04-17
debian: CVE-2025-32050 was patched at 2025-04-23
ubuntu: CVE-2025-32050 was patched at 2025-04-10
debian: CVE-2025-2476 was patched at 2025-03-20, 2025-04-23
debian: CVE-2025-3066 was patched at 2025-04-09, 2025-04-23
redos: CVE-2025-2476 was patched at 2025-04-24
debian: CVE-2025-21867 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21887 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21904 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21905 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21917 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21918 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21919 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21920 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21928 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21934 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21936 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21937 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21941 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21945 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21947 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21948 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21957 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21968 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21975 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21979 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21980 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21981 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21993 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21999 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-22004 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-22007 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-22015 was patched at 2025-04-12, 2025-04-23
redos: CVE-2024-53185 was patched at 2025-04-09
ubuntu: CVE-2024-48873 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-51729 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-52319 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-53185 was patched at 2025-04-23, 2025-04-24
ubuntu: CVE-2024-56561 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24
ubuntu: CVE-2024-56577 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56580 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56613 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56617 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56620 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56621 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56635 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56646 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56652 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56653 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56667 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56669 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56710 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56711 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56764 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56772 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56773 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-57799 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57801 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57881 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57921 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57926 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57933 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57934 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57944 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21633 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21642 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21644 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21650 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21652 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21661 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21993 was patched at 2025-04-23, 2025-04-24, 2025-04-25, 2025-04-28
debian: CVE-2025-2784 was patched at 2025-04-23
ubuntu: CVE-2025-2784 was patched at 2025-04-10
almalinux: CVE-2025-24209 was patched at 2025-04-08, 2025-04-17
almalinux: CVE-2025-24216 was patched at 2025-04-08, 2025-04-17
almalinux: CVE-2025-30427 was patched at 2025-04-08, 2025-04-17
debian: CVE-2025-24209 was patched at 2025-04-10, 2025-04-23
debian: CVE-2025-24213 was patched at 2025-04-10, 2025-04-23
debian: CVE-2025-24216 was patched at 2025-04-10, 2025-04-23
debian: CVE-2025-30427 was patched at 2025-04-10, 2025-04-23
oraclelinux: CVE-2025-24209 was patched at 2025-04-08, 2025-04-17
oraclelinux: CVE-2025-24216 was patched at 2025-04-08, 2025-04-17
oraclelinux: CVE-2025-30427 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2025-24209 was patched at 2025-04-08, 2025-04-09, 2025-04-17
redhat: CVE-2025-24216 was patched at 2025-04-08, 2025-04-09, 2025-04-17
redhat: CVE-2025-30427 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2025-24209 was patched at 2025-04-14
ubuntu: CVE-2025-24213 was patched at 2025-04-14
ubuntu: CVE-2025-24216 was patched at 2025-04-14
ubuntu: CVE-2025-30427 was patched at 2025-04-14
debian: CVE-2025-31115 was patched at 2025-04-05, 2025-04-23
ubuntu: CVE-2025-31115 was patched at 2025-04-03
redos: CVE-2023-23933 was patched at 2025-04-03
debian: CVE-2025-32365 was patched at 2025-04-23
debian: CVE-2025-32464 was patched at 2025-04-23
ubuntu: CVE-2023-48183 was patched at 2025-04-15
ubuntu: CVE-2023-48184 was patched at 2025-04-15
ubuntu: CVE-2025-32365 was patched at 2025-04-08, 2025-04-09
ubuntu: CVE-2025-32464 was patched at 2025-04-10, 2025-04-23
redos: CVE-2022-24838 was patched at 2025-03-26
ubuntu: CVE-2024-11235 was patched at 2025-03-31
almalinux: CVE-2025-3030 was patched at 2025-04-03, 2025-04-24
debian: CVE-2025-3030 was patched at 2025-04-02, 2025-04-03, 2025-04-23
oraclelinux: CVE-2025-3030 was patched at 2025-04-03, 2025-04-22, 2025-04-24
redhat: CVE-2025-3030 was patched at 2025-04-03, 2025-04-07, 2025-04-23, 2025-04-24
debian: CVE-2025-30219 was patched at 2025-04-23
ubuntu: CVE-2025-30219 was patched at 2025-03-31
ubuntu: CVE-2025-26682 was patched at 2025-04-08
almalinux: CVE-2024-44192 was patched at 2025-04-08, 2025-04-17
almalinux: CVE-2024-54551 was patched at 2025-04-08, 2025-04-17
debian: CVE-2024-44192 was patched at 2025-03-23, 2025-04-23
debian: CVE-2024-54551 was patched at 2025-04-10, 2025-04-23
oraclelinux: CVE-2024-44192 was patched at 2025-04-08, 2025-04-17
oraclelinux: CVE-2024-54551 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2024-44192 was patched at 2025-04-08, 2025-04-09, 2025-04-17
redhat: CVE-2024-54551 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2024-44192 was patched at 2025-03-31
ubuntu: CVE-2024-54551 was patched at 2025-04-14
debian: CVE-2025-21925 was patched at 2025-04-12, 2025-04-23
ubuntu: CVE-2024-56649 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
redhat: CVE-2024-47535 was patched at 2025-03-27, 2025-04-01
debian: CVE-2025-2704 was patched at 2025-04-23
ubuntu: CVE-2025-2704 was patched at 2025-04-03
debian: CVE-2025-32051 was patched at 2025-04-23
ubuntu: CVE-2025-32051 was patched at 2025-04-10
debian: CVE-2025-30211 was patched at 2025-04-20, 2025-04-23
debian: CVE-2025-30258 was patched at 2025-04-23
debian: CVE-2025-31160 was patched at 2025-04-03, 2025-04-23
debian: CVE-2025-32364 was patched at 2025-04-23
redhat: CVE-2024-8447 was patched at 2025-03-27
redhat: CVE-2025-27144 was patched at 2025-03-25, 2025-03-27, 2025-04-03
ubuntu: CVE-2024-42643 was patched at 2025-03-25
ubuntu: CVE-2025-30211 was patched at 2025-04-08
ubuntu: CVE-2025-30258 was patched at 2025-04-03
ubuntu: CVE-2025-32364 was patched at 2025-04-08, 2025-04-09
almalinux: CVE-2025-30691 was patched at 2025-04-16
almalinux: CVE-2025-30698 was patched at 2025-04-16
debian: CVE-2025-3068 was patched at 2025-04-03, 2025-04-23
debian: CVE-2025-3069 was patched at 2025-04-03, 2025-04-23
debian: CVE-2025-30691 was patched at 2025-04-23
debian: CVE-2025-30698 was patched at 2025-04-23
debian: CVE-2025-3070 was patched at 2025-04-03, 2025-04-23
debian: CVE-2025-3071 was patched at 2025-04-03, 2025-04-23
oraclelinux: CVE-2025-30691 was patched at 2025-04-17
oraclelinux: CVE-2025-30698 was patched at 2025-04-17
redhat: CVE-2025-30691 was patched at 2025-04-16
redhat: CVE-2025-30698 was patched at 2025-04-16
debian: CVE-2025-21877 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-32696 was patched at 2025-04-13, 2025-04-23
debian: CVE-2025-32697 was patched at 2025-04-13, 2025-04-23
debian: CVE-2025-3067 was patched at 2025-04-03, 2025-04-23
debian: CVE-2025-30232 was patched at 2025-03-26, 2025-04-23
redos: CVE-2025-30232 was patched at 2025-04-17
ubuntu: CVE-2025-30232 was patched at 2025-03-26
redos: CVE-2025-23046 was patched at 2025-04-02
almalinux: CVE-2025-3029 was patched at 2025-04-03, 2025-04-24
debian: CVE-2025-3029 was patched at 2025-04-02, 2025-04-03, 2025-04-23
oraclelinux: CVE-2025-3029 was patched at 2025-04-03, 2025-04-22, 2025-04-24
redhat: CVE-2025-3029 was patched at 2025-04-03, 2025-04-07, 2025-04-23, 2025-04-24
redos: CVE-2023-23612 was patched at 2025-04-03
almalinux: CVE-2025-21587 was patched at 2025-04-16
almalinux: CVE-2025-30691 was patched at 2025-04-16
almalinux: CVE-2025-30698 was patched at 2025-04-16
debian: CVE-2025-21587 was patched at 2025-04-23
debian: CVE-2025-30691 was patched at 2025-04-23
debian: CVE-2025-30698 was patched at 2025-04-23
oraclelinux: CVE-2025-21587 was patched at 2025-04-17
oraclelinux: CVE-2025-30691 was patched at 2025-04-17
oraclelinux: CVE-2025-30698 was patched at 2025-04-17
redhat: CVE-2025-21587 was patched at 2025-04-16
redhat: CVE-2025-30691 was patched at 2025-04-16
redhat: CVE-2025-30698 was patched at 2025-04-16
redhat: CVE-2025-23367 was patched at 2025-04-01
redos: CVE-2025-25192 was patched at 2025-04-02
almalinux: CVE-2024-54467 was patched at 2025-04-08, 2025-04-17
debian: CVE-2024-54467 was patched at 2025-03-23, 2025-04-23
oraclelinux: CVE-2024-54467 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2024-54467 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2024-54467 was patched at 2025-03-31
redos: CVE-2023-23613 was patched at 2025-04-03
redos: CVE-2023-25806 was patched at 2025-04-03
debian: CVE-2025-32698 was patched at 2025-04-13, 2025-04-23
almalinux: CVE-2025-31492 was patched at 2025-04-17
debian: CVE-2025-31492 was patched at 2025-04-17, 2025-04-23
debian: CVE-2025-32700 was patched at 2025-04-13, 2025-04-23
oraclelinux: CVE-2025-31492 was patched at 2025-04-22
redhat: CVE-2025-31492 was patched at 2025-04-16, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2025-31492 was patched at 2025-04-23
ubuntu: CVE-2024-53859 was patched at 2025-03-20
redos: CVE-2025-27147 was patched at 2025-04-03
redos: CVE-2025-24965 was patched at 2025-04-03
redos: CVE-2025-21627 was patched at 2025-04-02
almalinux: CVE-2025-24208 was patched at 2025-04-08, 2025-04-17
debian: CVE-2025-24208 was patched at 2025-04-10, 2025-04-23
oraclelinux: CVE-2025-24208 was patched at 2025-04-08, 2025-04-17
redhat: CVE-2025-24208 was patched at 2025-04-08, 2025-04-09, 2025-04-17
ubuntu: CVE-2025-24208 was patched at 2025-04-14
redos: CVE-2024-53985 was patched at 2025-04-02
debian: CVE-2025-3469 was patched at 2025-04-13, 2025-04-23
debian: CVE-2025-2361 was patched at 2025-03-22, 2025-04-23
redos: CVE-2024-53986 was patched at 2025-04-02
redos: CVE-2024-53987 was patched at 2025-04-02
redos: CVE-2024-53988 was patched at 2025-04-02
redos: CVE-2024-53989 was patched at 2025-04-02
debian: CVE-2025-21898 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21962 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21963 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21964 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21997 was patched at 2025-04-12, 2025-04-23
ubuntu: CVE-2024-57919 was patched at 2025-03-27, 2025-04-01
debian: CVE-2025-3072 was patched at 2025-04-03, 2025-04-23
debian: CVE-2025-3073 was patched at 2025-04-03, 2025-04-23
debian: CVE-2025-3074 was patched at 2025-04-03, 2025-04-23
redos: CVE-2022-40186 was patched at 2025-04-02
debian: CVE-2024-58090 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21871 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21875 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21878 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21881 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21891 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21899 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21909 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21910 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21912 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21913 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21914 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21916 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21922 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21924 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21926 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21935 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21938 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21943 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21944 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21950 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21951 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21956 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21959 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21960 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21970 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21971 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21978 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21986 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21991 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21992 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21994 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-21996 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-22005 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-22008 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-22010 was patched at 2025-04-12, 2025-04-23
debian: CVE-2025-22014 was patched at 2025-04-12, 2025-04-23
oraclelinux: CVE-2024-56656 was patched at 2025-04-11
oraclelinux: CVE-2024-56760 was patched at 2025-04-11
ubuntu: CVE-2024-41932 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-48876 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-53681 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-53682 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-54191 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-54193 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-54455 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-54460 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-55639 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-55641 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-55642 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56368 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56372 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56550 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56552 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56559 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56563 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56564 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56573 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56607 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56618 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56624 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56632 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56638 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-56639 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56654 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56655 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56656 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56671 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56673 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56713 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56714 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56760 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56761 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56768 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-56771 was patched at 2025-03-27, 2025-04-01, 2025-04-23, 2025-04-24, 2025-04-28
ubuntu: CVE-2024-57793 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57805 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57806 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57839 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57878 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57879 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57880 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57885 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57886 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57905 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57918 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57932 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2024-57935 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21632 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21643 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21654 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21659 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21663 was patched at 2025-03-27, 2025-04-01
ubuntu: CVE-2025-21834 was patched at 2025-03-27, 2025-04-01
redos: CVE-2024-6375 was patched at 2025-03-26
redos: CVE-2024-8013 was patched at 2025-03-26
ubuntu: CVE-2024-24198 was patched at 2025-03-25
ubuntu: CVE-2024-24199 was patched at 2025-03-25
debian: CVE-2025-32052 was patched at 2025-04-23
debian: CVE-2025-32053 was patched at 2025-04-23
ubuntu: CVE-2025-32052 was patched at 2025-04-10
ubuntu: CVE-2025-32053 was patched at 2025-04-10
debian: CVE-2025-32699 was patched at 2025-04-13, 2025-04-23
almalinux: CVE-2025-30204 was patched at 2025-03-27
debian: CVE-2025-30204 was patched at 2025-04-23
debian: CVE-2025-31510 was patched at 2025-04-08, 2025-04-23
oraclelinux: CVE-2025-30204 was patched at 2025-03-27
redhat: CVE-2025-30204 was patched at 2025-03-27, 2025-03-31, 2025-04-07, 2025-04-08
redos: CVE-2024-53159 was patched at 2025-03-20
ubuntu: CVE-2024-33263 was patched at 2025-04-15
ubuntu: CVE-2025-27796 was patched at 2025-04-14