CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39711 – media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls
https://notcve.org/view.php?id=CVE-2025-39711
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Both the ACE and CSI driver are missing a mei_cldev_disable() call in their remove() function. This causes the mei_cl client to stay part of the mei_device->file_list list even though its memory is freed by mei_cl_bus_dev_release() calling kfree(cldev->cl). This leads to a use-after-free when mei_vsc_remove() runs mei_stop() which first removes all mei bus devices c... • https://git.kernel.org/stable/c/29006e196a5661d9afc8152fa2bf8a5347ac17b4 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39710 – media: venus: Add a check for packet size after reading from shared memory
https://notcve.org/view.php?id=CVE-2025-39710
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures that the size provided by the firmware is safe to process and prevent potential out-of-bounds memory access. In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet s... • https://git.kernel.org/stable/c/d96d3f30c0f2f564f6922bf4ccdf4464992e31fb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39709 – media: venus: protect against spurious interrupts during probe
https://notcve.org/view.php?id=CVE-2025-39709
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hfi_create(), it's possible that an interrupt fires before the handler setup is complete, leading to a NULL dereference. This error condition has been observed during system boot on Rb3Gen2. In the Linux kernel, the following vulnerability has been resolved: media: ... • https://git.kernel.org/stable/c/af2c3834c8ca7cc65d15592ac671933df8848115 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39707 – drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
https://notcve.org/view.php?id=CVE-2025-39707
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities HUBBUB structure is not initialized on DCE hardware, so check if it is NULL to avoid null dereference while accessing amdgpu_dm_capabilities file in debugfs. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities HUBBUB structure is not initialized on DCE hardware, so check if it is NULL to... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39706 – drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
https://notcve.org/view.php?id=CVE-2025-39706
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior to kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but kfd_process_destroy_wq calls kfd_debugfs_remove_process. This line debugfs_remove_recursive(entry->proc... • https://git.kernel.org/stable/c/4a488a7ad71401169cecee75dc94bcce642e2c53 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39705 – drm/amd/display: fix a Null pointer dereference vulnerability
https://notcve.org/view.php?id=CVE-2025-39705
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability [Why] A null pointer dereference vulnerability exists in the AMD display driver's (DC module) cleanup function dc_destruct(). When display control context (dc->ctx) construction fails (due to memory allocation failure), this pointer remains NULL. During subsequent error handling when dc_destruct() is called, there's no NULL check before dereferencing the perf_trace member (dc->ct... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39703 – net, hsr: reject HSR frame if skb can't hold tag
https://notcve.org/view.php?id=CVE-2025-39703
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash (kernel BUG): [ 45.390915] skbuff: skb_under_panic: text:ffffffff86f32cac len:26 put:14 head:ffff888042418000 data:ffff888042417ff4 tail:0xe end:0x180 dev:bridge_slave_1 [ 45.392559] ------------[ cut here ]------------ [ 45.392912] kernel BUG at net/core/skbuff.c:211! [ 45.393276] Oops: invalid opcod... • https://git.kernel.org/stable/c/f6442ee08fe66c8e45c4f246531a2aaf4f17a7a7 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39702 – ipv6: sr: Fix MAC comparison to be constant-time
https://notcve.org/view.php?id=CVE-2025-39702
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. Several vulnerabilities have been discovered i... • https://git.kernel.org/stable/c/bf355b8d2c30a289232042cacc1cfaea4923936c •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39701 – ACPI: pfr_update: Fix the driver update version check
https://notcve.org/view.php?id=CVE-2025-39701
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-version-number check should be used rather than the runtime version check for driver updates. Otherwise, the firmware update would fail when the update binary had a lower runtime version number than the current one. [ rjw: Changelog edits ] In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-v... • https://git.kernel.org/stable/c/0db89fa243e5edc5de38c88b369e4c3755c5fb74 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39698 – io_uring/futex: ensure io_futex_wait() cleans up properly on failure
https://notcve.org/view.php?id=CVE-2025-39698
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at that point. Those two should always go together, as the flag tells io_uring whether the field is valid or not. Additionally, on failure cleanup, the futex handler frees the data but does not clear ->async_data. Clear the data and the f... • https://git.kernel.org/stable/c/194bb58c6090e39bd7d9b9c888a079213628e1f6 • CWE-416: Use After Free •