CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40109 – crypto: rng - Ensure set_ent is always present
https://notcve.org/view.php?id=CVE-2025-40109
09 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure set_ent is always present Ensure that set_ent is always set since only drbg provides it. • https://git.kernel.org/stable/c/77ebdabe8de7c02f43c6de3357f79ff96f9f0579 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40108 – serial: qcom-geni: Fix blocked task
https://notcve.org/view.php?id=CVE-2025-40108
09 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for serial driver") and its dependent commit 86fa39dd6fb7 ("serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms") because the first one causes regression - hang task on Qualcomm RB1 board (QRB2210) and unable to use serial at all during normal boot: INFO: task kworker/u16:0:12 blocked for more than 42 seconds. Not tainted 6.17.0-... • https://git.kernel.org/stable/c/1afa70632c390488308d8e94e037df6895a3e1ac •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40107 – can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
https://notcve.org/view.php?id=CVE-2025-40107
03 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up"). In the `hi311x` driver, when the device resumes from sleep, the driver schedules `priv->restart_work`. However, if the network interface was not previously enabled, the... • https://git.kernel.org/stable/c/d1fc4c041459e2d4856c1b2501486ba4f0cbf96b •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40106 – comedi: fix divide-by-zero in comedi_buf_munge()
https://notcve.org/view.php?id=CVE-2025-40106
31 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if chanlist_len is zero. If a user program submits a command with chanlist_len set to zero, this causes a divide-by-zero error when the device processes data in the interrupt handler path. Add a check for zero chanlist_len at the beginning of the function, similar ... • https://git.kernel.org/stable/c/4ffea48c69cb2b96a281cb7e5e42d706996631db •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40105 – vfs: Don't leak disconnected dentries on umount
https://notcve.org/view.php?id=CVE-2025-40105
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail ... • https://git.kernel.org/stable/c/f1ee616214cb22410e939d963bbb2349c2570f02 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40104 – ixgbevf: fix mailbox API compatibility by negotiating supported features
https://notcve.org/view.php?id=CVE-2025-40104
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily negotiate mailbox API. This convention has been broken since introducing API 1.4. Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support for IPSec which is specific only for the kernel ixgbe driver. ... • https://git.kernel.org/stable/c/0062e7cc955e0827a88570ed36ea511a7dcb391e •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40103 – smb: client: Fix refcount leak for cifs_sb_tlink
https://notcve.org/view.php?id=CVE-2025-40103
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks. In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fi... • https://git.kernel.org/stable/c/8ceb984379462f94bdebef3288d569c6e1f912ea •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40102 – KVM: arm64: Prevent access to vCPU events before init
https://notcve.org/view.php?id=CVE-2025-40102
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of uninitialized garbage for routing / injecting the exception. In one case the injection code and the hyp disagree on whether the vCPU has a 32bit EL1 and put the vCPU into an illegal mode for AArch64, tripping the BUG(... • https://git.kernel.org/stable/c/b7b27facc7b50a5fce0afaa3df56157136ce181a •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40101 – btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST
https://notcve.org/view.php?id=CVE-2025-40101
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST At the end of btrfs_load_block_group_zone_info() the first thing we do is to ensure that if the mapping type is not a SINGLE one and there is no RAID stripe tree, then we return early with an error. Doing that, though, prevents the code from running the last calls from this function which are about freeing memory allocated during its run. Hence, in this case, in... • https://git.kernel.org/stable/c/5906333cc4af7b3fdb8cfff1cb3e8e579bd13174 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40100 – btrfs: do not assert we found block group item when creating free space tree
https://notcve.org/view.php?id=CVE-2025-40100
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populate_free_space_tree(), if we are not using the block group tree feature, we always expect to find block group items (either extent items or a block group item with key type BTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with btrfs_search_slot_for_read(), so we assert that we found an item. However this ... • https://git.kernel.org/stable/c/a5ed91828518ab076209266c2bc510adabd078df •