CVSS: 8.5EPSS: %CPEs: 6EXPL: 0CVE-2025-71144 – mptcp: ensure context reset on disconnect()
https://notcve.org/view.php?id=CVE-2025-71144
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect() After the blamed commit below, if the MPC subflow is already in TCP_CLOSE status or has fallback to TCP at mptcp_disconnect() time, mptcp_do_fastclose() skips setting the `send_fastclose flag` and the later __mptcp_close_ssk() does not reset anymore the related subflow context. Any later connection will be created with both the `request_mptcp` flag and the msk-level fallback status off (it is unco... • https://git.kernel.org/stable/c/3a13454fd098ed51e733958488f8ec62859a9ed8 •
CVSS: 7.2EPSS: %CPEs: 4EXPL: 0CVE-2025-71143 – clk: samsung: exynos-clkout: Assign .num before accessing .hws
https://notcve.org/view.php?id=CVE-2025-71143
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with... • https://git.kernel.org/stable/c/f316cdff8d677db9ad9c90acb44c4cd535b0ee27 •
CVSS: 7.2EPSS: %CPEs: 2EXPL: 0CVE-2025-71142 – cpuset: fix warning when disabling remote partition
https://notcve.org/view.php?id=CVE-2025-71142
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: cpuset: fix warning when disabling remote partition A warning was triggered as follows: WARNING: kernel/cgroup/cpuset.c:1651 at remote_partition_disable+0xf7/0x110 RIP: 0010:remote_partition_disable+0xf7/0x110 RSP: 0018:ffffc90001947d88 EFLAGS: 00000206 RAX: 0000000000007fff RBX: ffff888103b6e000 RCX: 0000000000006f40 RDX: 0000000000006f00 RSI: ffffc90001947da8 RDI: ffff888103b6e000 RBP: ffff888103b6e000 R08: 0000000000000000 R09: 000000000... • https://git.kernel.org/stable/c/f62a5d39368e34a966c8df63e1f05eed7fe9c5de •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-71141 – drm/tilcdc: Fix removal actions in case of failed probe
https://notcve.org/view.php?id=CVE-2025-71141
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered. Currently, these functions are called unconditionally in tilcdc_fini(), which causes warnings during probe deferral scenarios. [ 7.972317] WARNING: CPU: 0 PID: 23 at drivers/gpu/drm/drm_atomic_state_helper.c:175 drm_atomic_helper_crtc_duplicate... • https://git.kernel.org/stable/c/69f03be1fa08a66735d53d92d3429c052540e3bf •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2025-71140 – media: mediatek: vcodec: Use spinlock for context list protection lock
https://notcve.org/view.php?id=CVE-2025-71140
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context pointer to go invalid, resulting in a NULL pointer dereference in the IPI handler. Turns out on the MT8173, the VPU IPI handler is called from hard IRQ context. This causes a big warning from the scheduler. This was ... • https://git.kernel.org/stable/c/0a2dc707aa42214f9c4827bd57e344e29a0841d6 •
CVSS: 7.2EPSS: %CPEs: 2EXPL: 0CVE-2025-71139 – kernel/kexec: fix IMA when allocation happens in CMA area
https://notcve.org/view.php?id=CVE-2025-71139
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area *** Bug description *** When I tested kexec with the latest kernel, I ran into the following warning: [ 40.712410] ------------[ cut here ]------------ [ 40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198 [...] [ 40.816047] Call trace: [ 40.818498] kimage_map_segment+0x144/0x198 (P) [ 40.823221] ima_kexec_post_load+0x58/0xc0 [ 40.827246] _... • https://git.kernel.org/stable/c/07d24902977e4704fab8472981e73a0ad6dfa1fd •
CVSS: 5.6EPSS: %CPEs: 4EXPL: 0CVE-2025-71138 – drm/msm/dpu: Add missing NULL pointer check for pingpong interface
https://notcve.org/view.php?id=CVE-2025-71138
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpu_encoder_phys_wb_setup_ctl(), but in a single place the check is missing. Also use convenient locals instead of phys_enc->* where available. Patchwork: https://patchwork.freedesktop.org/patch/693860/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is ch... • https://git.kernel.org/stable/c/d7d0e73f7de33a2b9998b607707a3e944ef3b86d •
CVSS: 6.6EPSS: %CPEs: 5EXPL: 0CVE-2025-71137 – octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"
https://notcve.org/view.php?id=CVE-2025-71137
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring sizes via ethtool -G. In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below th... • https://git.kernel.org/stable/c/d45d8979840d9c9ac93d3fe8cfc8e794b7228445 •
CVSS: 5.6EPSS: %CPEs: 5EXPL: 0CVE-2025-71136 – media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()
https://notcve.org/view.php?id=CVE-2025-71136
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() It's possible for cp_read() and hdmi_read() to return -EIO. Those values are further used as indexes for accessing arrays. Fix that by checking return values where it's needed. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds a... • https://git.kernel.org/stable/c/a89bcd4c6c2023615a89001b5a11b0bb77eb9491 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2025-71135 – md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt()
https://notcve.org/view.php?id=CVE-2025-71135
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() The variable mddev->private is first assigned to conf and then checked: conf = mddev->private; if (!conf) ... If conf is NULL, then mddev->private is also NULL. In this case, null-pointer dereferences can occur when calling raid5_quiesce(): raid5_quiesce(mddev, true); raid5_quiesce(mddev, false); since mddev->private is assigned to conf again in raid5_quiesce... • https://git.kernel.org/stable/c/be19e6e4339d1579d5f2fae8ce4facf9521dbbfc •