CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-71134 – mm/page_alloc: change all pageblocks migrate type on coalescing
https://notcve.org/view.php?id=CVE-2025-71134
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to match the one of the page being freed. However, only the first pageblock of the buddy page is updated, while the rest of the pageblocks are left unchanged. That causes warnings in later expand() and other code paths (l... • https://git.kernel.org/stable/c/e6cf9e1c4cde8a53385423ecb8ca581097f42e02 •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-71133 – RDMA/irdma: avoid invalid read in irdma_net_event
https://notcve.org/view.php?id=CVE-2025-71133
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdma_net_event irdma_net_event() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE. Other events come with different structures pointed to by "ptr" and they may be smaller than struct neighbour. Move the read of neigh->dev under the NETEVENT_NEIGH_UPDATE case. The bug is mostly harmless, but it triggers KASAN on debug kernels: BUG: KASAN... • https://git.kernel.org/stable/c/915cc7ac0f8e2a23675ee896e87f17c7d3c47089 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-71132 – smc91x: fix broken irq-context in PREEMPT_RT
https://notcve.org/view.php?id=CVE-2025-71132
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPT_RT When smc91x.c is built with PREEMPT_RT, the following splat occurs in FVP_RevC: [ 13.055000] smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 [ 13.062137] BUG: workqueue leaked atomic, lock or RCU: kworker/2:1[106] [ 13.062137] preempt=0x00000000 lock=0->0 RCU=0->1 workfn=mld_ifc_work [ 13.062266] C ** replaying previous printk message ** [ 13.062266] CPU: 2 UID: 0 PID: 106 Comm:... • https://git.kernel.org/stable/c/342a93247e0837101f27bbcca26f402902df98dc •
CVSS: 6.6EPSS: %CPEs: 5EXPL: 0CVE-2025-71131 – crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
https://notcve.org/view.php?id=CVE-2025-71131
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv after crypto_aead_encrypt As soon as crypto_aead_encrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req->iv after it returns is invalid. Instead of checking req->iv against info, create a new variable unaligned_info and use it for that purpose instead. In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv... • https://git.kernel.org/stable/c/0a270321dbf948963aeb0e8382fe17d2c2eb3771 •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-71130 – drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer
https://notcve.org/view.php?id=CVE-2025-71130
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb->vma[i].vma pointers to NULL, simplifying cleanup and getting rid of the bug described below. During the execution of eb_lookup_vmas(), the eb->vma array is successively filled up with struct eb_vma objects. This process includes calling eb_add_vma(), whi... • https://git.kernel.org/stable/c/544460c33821b44c2f0c643121303c3dc3f66ef1 •
CVSS: 5.6EPSS: %CPEs: 4EXPL: 0CVE-2025-71129 – LoongArch: BPF: Sign extend kfunc call arguments
https://notcve.org/view.php?id=CVE-2025-71129
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by adding a new emit_abi_ext() helper. The emit_abi_ext() helper performs extension in place meaning a value already store in the target register (Note: this is different from the existing sign_extend() helper and thus we can't reuse it).... • https://git.kernel.org/stable/c/5dc615520c4dfb358245680f1904bad61116648e •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2025-71128 – erspan: Initialize options_len before referencing options.
https://notcve.org/view.php?id=CVE-2025-71128
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize options_len before referencing options. The struct ip_tunnel_info has a flexible array member named options that is protected by a counted_by(options_len) attribute. The compiler will use this information to enforce runtime bounds checking deployed by FORTIFY_SOURCE string helpers. As laid out in the GCC documentation, the counter must be initialized before the first reference to the flexible array member. After scanning ... • https://git.kernel.org/stable/c/bb5e62f2d547c4de6d1b144cbce2373a76c33f18 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-71127 – wifi: mac80211: Discard Beacon frames to non-broadcast address
https://notcve.org/view.php?id=CVE-2025-71127
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 ("The Address 1 field of the Beacon .. frame shall be set to the broadcast address"). A unicast Beacon frame might be used as a targeted attack to get one of the associated STAs to do something (e.g., using CSA to move it to another channel). As such, it is better have strict filte... • https://git.kernel.org/stable/c/af2d14b01c32d7cba65f73503586e5b621afb139 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-71126 – mptcp: avoid deadlock on fallback while reinjecting
https://notcve.org/view.php?id=CVE-2025-71126
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported an MPTCP deadlock at fallback time: WARNING: possible recursive locking detected 6.18.0-rc7-virtme #1 Not tainted -------------------------------------------- mptcp_connect/20858 is trying to acquire lock: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_try_fallback+0xd8/0x280 but task is already holding lock: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3... • https://git.kernel.org/stable/c/5586518bec27666c747cd52aabb62d485686d0bf •
CVSS: 5.6EPSS: %CPEs: 5EXPL: 0CVE-2025-71125 – tracing: Do not register unsupported perf events
https://notcve.org/view.php?id=CVE-2025-71125
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer which triggers: ------------[ cut here ]------------ WARNING: kernel/tracepoint.c:175 at tracepoint_add_func+0x357/0x370, CPU#2: perf/2272 Modules linked in: kvm_intel kvm irqbypass CPU: 2 UID: 0 PID: 2272 Comm: perf Not tainted 6.18.0... • https://git.kernel.org/stable/c/4b147936fa509650beaf638b331573c23ba4d609 •