CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-40325 – md/raid10: wait barrier before returning discard request with REQ_NOWAIT
https://notcve.org/view.php?id=CVE-2025-40325
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_handle_discard should wait barrier before returning a discard bio which has REQ_NOWAIT. And there is no need to print warning calltrace if a discard bio has REQ_NOWAIT flag. Quality engineer usually checks dmesg and reports error if dmesg has warning/error calltrace. • https://git.kernel.org/stable/c/c9aa889b035fca4598ae985a0f0c76ebbb547ad2 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-40114 – iio: light: Add check for array bounds in veml6075_read_int_time_ms
https://notcve.org/view.php?id=CVE-2025-40114
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, which could lead to out-of-bounds access. The check prevents this issue. Coverity Issue CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN) overrun-local: Overrunning array veml6075_it_ms of 5 4-byte elements at element index 7 (byte offset 31) using index in... • https://git.kernel.org/stable/c/3b82f43238aecd73464aeacc9c73407079511533 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-40014 – objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()
https://notcve.org/view.php?id=CVE-2025-40014
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objto... • https://git.kernel.org/stable/c/3fe26121dc3a9bf64e18fe0075cd9a92c9cd1b1a •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-39989 – x86/mce: use is_copy_from_user() to determine copy-from-user context
https://notcve.org/view.php?id=CVE-2025-39989
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mce: use is_copy_from_user() to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. What am I trying to do: This patchset resolves two critical regressions related to memory failure handling that have appeared in the upstream kernel since version 5.17, as compared to 5.10 LTS. - copyin case: poison found in user page while kernel copying from user space - instr case: poison ... • https://git.kernel.org/stable/c/4c132d1d844a53fc4e4b5c34e36ef10d6124b783 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-39778 – objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
https://notcve.org/view.php?id=CVE-2025-39778
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() The csts_state_names[] array only has six sparse entries, but the iteration code in nvmet_ctrl_state_show() iterates seven, resulting in a potential out-of-bounds stack read. Fix that. Fixes the following warning with an UBSAN kernel: vmlinux.o: warning: objtool: .text.nvmet_ctrl_state_show: unexpected end of section • https://git.kernel.org/stable/c/649fd41420a816b11b07423ebf4dbd4ac1ac2905 •
CVSS: -EPSS: %CPEs: 11EXPL: 0CVE-2025-39735 – jfs: fix slab-out-of-bounds read in ea_get()
https://notcve.org/view.php?id=CVE-2025-39735
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended attribute" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t... • https://git.kernel.org/stable/c/6e39b681d1eb16f408493bf5023788b57f68998c •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-39728 – clk: samsung: Fix UBSAN panic in samsung_clk_init()
https://notcve.org/view.php?id=CVE-2025-39728
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-39688 – nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
https://notcve.org/view.php?id=CVE-2025-39688
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() The pynfs DELEG8 test fails when run against nfsd. It acquires a delegation and then lets the lease time out. It then tries to use the deleg stateid and expects to see NFS4ERR_DELEG_REVOKED, but it gets bad NFS4ERR_BAD_STATEID instead. When a delegation is revoked, it's initially marked with SC_STATUS_REVOKED, or SC_STATUS_ADMIN_REVOKED and later, it's marked with the S... • https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-38637 – net_sched: skbprio: Remove overly strict queue assertions
https://notcve.org/view.php?id=CVE-2025-38637
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packets in the child qdisc without actually dequeuing them when tokens are unavailable. This peek operation creates a discrepancy between the parent ... • https://git.kernel.org/stable/c/aea5f654e6b78a0c976f7a25950155932c77a53f •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38575 – ksmbd: use aead_request_free to match aead_request_alloc
https://notcve.org/view.php?id=CVE-2025-38575
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed. • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •