CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39760 – usb: core: config: Prevent OOB read in SS endpoint companion parsing
https://notcve.org/view.php?id=CVE-2025-39760
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this up by checking the size first before looking at any of the fields in the descriptor. In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss... • https://git.kernel.org/stable/c/5c3097ede7835d3caf6543eb70ff689af4550cd2 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39759 – btrfs: qgroup: fix race between quota disable and quota rescan ioctl
https://notcve.org/view.php?id=CVE-2025-39759
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records from the fs_info->qgroup_tree rbtree. This happens as follows: 1) Task A enters btrfs_ioctl_quota_rescan() -> btrfs_qgroup_rescan(); 2) Task B enters btrfs_quota_disable() and calls btrfs_qgroup_wait_for_completion(), which does nothing ... • https://git.kernel.org/stable/c/7cda0fdde5d9890976861421d207870500f9aace •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39756 – fs: Prevent file descriptor table allocations exceeding INT_MAX
https://notcve.org/view.php?id=CVE-2025-39756
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_open is set to a very high value (for example, 1073741816 as set by systemd), processes attempting to use file descriptors near the limit can trigger massive memory allocation attempts that exceed INT_MAX, resulting in a WARNING in mm/slub.c: WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288 This happens because kvmalloc_array() and kvm... • https://git.kernel.org/stable/c/9cfe015aa424b3c003baba3841a60dd9b5ad319b •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39753 – gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops
https://notcve.org/view.php?id=CVE-2025-39753
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Clears up the warning added in 7ee3647243e5 ("migrate: Remove call to ->writepage") that occurs in various xfstests, causing "something found in dmesg" failures. [ 341.136573] gfs2_meta_aops does not implement migrate_folio [ 341.136953] WARNING: CPU: 1 PID: 36 at mm/migrate.c:944 move_to_new_folio+0x2f8/0x300 In the Linux kernel, the following vulnerability has been resolved: gfs2: Set .mig... • https://git.kernel.org/stable/c/3d2c05cbc6a3725d832b912b637971f37301c7e5 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39751 – ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
https://notcve.org/view.php?id=CVE-2025-39751
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control The 'sprintf' call in 'add_tuning_control' may exceed the 44-byte buffer if either string argument is too long. This triggers a compiler warning. Replaced 'sprintf' with 'snprintf' to limit string lengths to prevent overflow. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control The 'sprintf' call in 'add_tun... • https://git.kernel.org/stable/c/95c6e9cb774979c270f0ecb9ec819d02592ec89f •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39749 – rcu: Protect ->defer_qs_iw_pending from data race
https://notcve.org/view.php?id=CVE-2025-39749
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu: Protect ->defer_qs_iw_pending from data race On kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is invoked within an interrupts-disabled region of code [1], it will invoke rcu_read_unlock_special(), which uses an irq-work handler to force the system to notice when the RCU read-side critical section actually ends. That end won't happen until interrupts are enabled at the soonest. In some kernels, such as those booted with r... • https://git.kernel.org/stable/c/74f58f382a7c8333f8d09701aefaa25913bdbe0e •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39748 – bpf: Forget ranges when refining tnum after JSET
https://notcve.org/view.php?id=CVE-2025-39748
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Forget ranges when refining tnum after JSET Syzbot reported a kernel warning due to a range invariant violation on the following BPF program. 0: call bpf_get_netns_cookie 1: if r0 == 0 goto
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39747 – drm/msm: Add error handling for krealloc in metadata setup
https://notcve.org/view.php?id=CVE-2025-39747
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krealloc in metadata setup Function msm_ioctl_gem_info_set_metadata() now checks for krealloc failure and returns -ENOMEM, avoiding potential NULL pointer dereference. Explicitly avoids __GFP_NOFAIL due to deadlock risks and allocation constraints. Patchwork: https://patchwork.freedesktop.org/patch/661235/ In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krea... • https://git.kernel.org/stable/c/0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39746 – wifi: ath10k: shutdown driver when hardware is unreliable
https://notcve.org/view.php?id=CVE-2025-39746
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: shutdown driver when hardware is unreliable In rare cases, ath10k may lose connection with the PCIe bus due to some unknown reasons, which could further lead to system crashes during resuming due to watchdog timeout: ath10k_pci 0000:01:00.0: wmi command 20486 timeout, restarting hardware ath10k_pci 0000:01:00.0: already restarting ath10k_pci 0000:01:00.0: failed to stop WMI vdev 0: -11 ath10k_pci 0000:01:00.0: failed to stop v... • https://git.kernel.org/stable/c/5e3dd157d7e70f0e3cea3f2573ed69fb156a19d5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39745 – rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels
https://notcve.org/view.php?id=CVE-2025-39745
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels For built with CONFIG_PREEMPT_RT=y kernels, running rcutorture tests resulted in the following splat: [ 68.797425] rcutorture_one_extend_check during change: Current 0x1 To add 0x1 To remove 0x0 preempt_count() 0x0 [ 68.797533] WARNING: CPU: 2 PID: 512 at kernel/rcu/rcutorture.c:1993 rcutorture_one_extend_check+0x419/0x560 [rcutorture] [ 68.797601] Call Trace: [ 68.797602]