CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39889 – Bluetooth: l2cap: Check encryption key size on incoming connection
https://notcve.org/view.php?id=CVE-2025-39889
24 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case: Security Mode 4 Level 4, Responder - Invalid Encryption Key Size - 128 bit This tests the security key with size from 1 to 15 bytes while the Security Mode 4 Level 4 requests 16 bytes key size. Currently PTS fails with the following logs: - expected:Connection Response: Code: [3 (0x03)] Code Identifier: (lt)Wild... • https://git.kernel.org/stable/c/288c06973daae4637f25a0d1bdaf65fdbf8455f9 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-58241 – Bluetooth: hci_core: Disable works on hci_unregister_dev
https://notcve.org/view.php?id=CVE-2024-58241
24 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is about to be freed new submissions are not disarable. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is about to be freed new submissions are not disarable. • https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913 •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39886 – bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init()
https://notcve.org/view.php?id=CVE-2025-39886
23 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() Currently, calling bpf_map_kmalloc_node() from __bpf_async_init() can cause various locking issues; see the following stack trace (edited for style) as one example: ... [10.011566] do_raw_spin_lock.cold [10.011570] try_to_wake_up (5) double-acquiring the same [10.011575] kick_pool rq_lock, causing a hardlockup [10.011579] __queue_work [10.011582] queue_work_on [10.011585] ... • https://git.kernel.org/stable/c/b00628b1c7d595ae5b544e059c27b1f5828314b4 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39885 – ocfs2: fix recursive semaphore deadlock in fiemap call
https://notcve.org/view.php?id=CVE-2025-39885
23 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FS_IOC_FIEMAP of the extent list on a specially crafted mmap file. context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0x165/0x360 kernel/sched/core.c:7058 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115 rws... • https://git.kernel.org/stable/c/00dc417fa3e763345b34ccb6034d72de76eea0a1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39883 – mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory
https://notcve.org/view.php?id=CVE-2025-39883
23 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include/linux/page-flags.h:616! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 720 Comm: bash Not tainted 6.10.0-rc1-00195-g148743902568 #40 RIP: 0010:unpoison_memory+0x2f3/0x590 RSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246 RAX:... • https://git.kernel.org/stable/c/f1dd2cd13c4bbbc9a7c4617b3b034fa643de98fe •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39880 – libceph: fix invalid accesses to ceph_connection_v1_info
https://notcve.org/view.php?id=CVE-2025-39880
23 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another place where it is writing to con->v1 union member without checking that the union member is active (i.e. msgr1 is in use). On 64-bit systems, con->v1.auth_retry overlaps with con->v2.out_iter, so such a read is almost guaranteed to return a bogus value instead of 0 when msgr2 is in use. This ends up being fairly... • https://git.kernel.org/stable/c/cd1a677cad994021b19665ed476aea63f5d54f31 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2025-39876 – net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
https://notcve.org/view.php?id=CVE-2025-39876
23 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev. In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev. The SUSE Linux Enterprise 15 SP6 A... • https://git.kernel.org/stable/c/9e70485b40c8306298adea8bdc867ca27f88955a •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39873 – can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB
https://notcve.org/view.php?id=CVE-2025-39873
23 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put_echo_skb() takes ownership of the SKB and it may be freed during or after the call. However, xilinx_can xcan_write_frame() keeps using SKB after the call. Fix that by only calling can_put_echo_skb() after the code is done touching the SKB. The tx_lock is held for the entire xcan_write_frame() execution and also on the can_get_echo_skb() side so the order of o... • https://git.kernel.org/stable/c/1598efe57b3e768056e4ca56cb9cf33111e68d1c •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39869 – dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
https://notcve.org/view.php?id=CVE-2025-39869
23 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug in edma_setup_from_hw() where queue_priority_map was allocated with insufficient memory. The code declared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8), but allocated memory using sizeof(s8) instead of the correct size. This caused out-of-bounds memory writes when accessing: queue_priority_map[i][0] = i; queue_priority_m... • https://git.kernel.org/stable/c/2b6b3b7420190888793c49e97276e1e73bd7eaed •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 1CVE-2025-39866 – fs: writeback: fix use-after-free in __mark_inode_dirty()
https://notcve.org/view.php?id=CVE-2025-39866
19 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1 ...... pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __mark_inode_dirty+0x124/0x418 lr : __mark_inode_dirty+0x118/0x418 sp : ffffffc08c9dbbc0 ........ Call trace: __mark... • https://packetstorm.news/files/id/209969 •