CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39756 – fs: Prevent file descriptor table allocations exceeding INT_MAX
https://notcve.org/view.php?id=CVE-2025-39756
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_open is set to a very high value (for example, 1073741816 as set by systemd), processes attempting to use file descriptors near the limit can trigger massive memory allocation attempts that exceed INT_MAX, resulting in a WARNING in mm/slub.c: WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288 This happens because kvmalloc_array() and kvm... • https://git.kernel.org/stable/c/9cfe015aa424b3c003baba3841a60dd9b5ad319b •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39754 – mm/smaps: fix race between smaps_hugetlb_range and migration
https://notcve.org/view.php?id=CVE-2025-39754
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/smaps: fix race between smaps_hugetlb_range and migration smaps_hugetlb_range() handles the pte without holdling ptl, and may be concurrenct with migration, leaing to BUG_ON in pfn_swap_entry_to_page(). The race is as follows. smaps_hugetlb_range migrate_pages huge_ptep_get remove_migration_ptes folio_unlock pfn_swap_entry_folio BUG_ON To fix it, hold ptl lock in smaps_hugetlb_range(). In the Linux kernel, the following vulnerability has... • https://git.kernel.org/stable/c/25ee01a2fca02dfb5a3ce316e77910c468108199 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39752 – ARM: rockchip: fix kernel hang during smp initialization
https://notcve.org/view.php?id=CVE-2025-39752
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main CPU write trampoline code to SRAM. The trampoline code is written while secondary CPUs are powered on (at least that true for RK3188 CPU). Sometimes that leads to kernel hang. Probably because secondary CPU execute trampoline code while kernel doesn't expect. The patch moves SRAM initialization step to the point where all secondary CPUs are pow... • https://git.kernel.org/stable/c/3ee851e212d0bb6be8c462059fba74ce2e3f6064 •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39749 – rcu: Protect ->defer_qs_iw_pending from data race
https://notcve.org/view.php?id=CVE-2025-39749
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu: Protect ->defer_qs_iw_pending from data race On kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is invoked within an interrupts-disabled region of code [1], it will invoke rcu_read_unlock_special(), which uses an irq-work handler to force the system to notice when the RCU read-side critical section actually ends. That end won't happen until interrupts are enabled at the soonest. In some kernels, such as those booted with r... • https://git.kernel.org/stable/c/0864f057b050bc6dd68106b3185e02db5140012d •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39748 – bpf: Forget ranges when refining tnum after JSET
https://notcve.org/view.php?id=CVE-2025-39748
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Forget ranges when refining tnum after JSET Syzbot reported a kernel warning due to a range invariant violation on the following BPF program. 0: call bpf_get_netns_cookie 1: if r0 == 0 goto
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39747 – drm/msm: Add error handling for krealloc in metadata setup
https://notcve.org/view.php?id=CVE-2025-39747
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krealloc in metadata setup Function msm_ioctl_gem_info_set_metadata() now checks for krealloc failure and returns -ENOMEM, avoiding potential NULL pointer dereference. Explicitly avoids __GFP_NOFAIL due to deadlock risks and allocation constraints. Patchwork: https://patchwork.freedesktop.org/patch/661235/ In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krea... • https://git.kernel.org/stable/c/0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39746 – wifi: ath10k: shutdown driver when hardware is unreliable
https://notcve.org/view.php?id=CVE-2025-39746
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: shutdown driver when hardware is unreliable In rare cases, ath10k may lose connection with the PCIe bus due to some unknown reasons, which could further lead to system crashes during resuming due to watchdog timeout: ath10k_pci 0000:01:00.0: wmi command 20486 timeout, restarting hardware ath10k_pci 0000:01:00.0: already restarting ath10k_pci 0000:01:00.0: failed to stop WMI vdev 0: -11 ath10k_pci 0000:01:00.0: failed to stop v... • https://git.kernel.org/stable/c/5e3dd157d7e70f0e3cea3f2573ed69fb156a19d5 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39744 – rcu: Fix rcu_read_unlock() deadloop due to IRQ work
https://notcve.org/view.php?id=CVE-2025-39744
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcu_read_unlock() deadloop due to IRQ work During rcu_read_unlock_special(), if this happens during irq_exit(), we can lockup if an IPI is issued. This is because the IPI itself triggers the irq_exit() path causing a recursive lock up. This is precisely what Xiongfeng found when invoking a BPF program on the trace_tick_stop() tracepoint As shown in the trace below. Fix by managing the irq_work state correctly. irq_exit() __irq_exit... • https://git.kernel.org/stable/c/0864f057b050bc6dd68106b3185e02db5140012d •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39743 – jfs: truncate good inode pages when hard link is 0
https://notcve.org/view.php?id=CVE-2025-39743
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGR_RESERVED_I. When executing evict, its hard link number is 0, so its inode pages are not truncated. This causes the bugon to be triggered when executing clear_inode() because nrpages is greater than 0. In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is... • https://git.kernel.org/stable/c/32983696a48a6c41d99f3eca82ba7510a552d843 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39742 – RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
https://notcve.org/view.php?id=CVE-2025-39742
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error. Fix it by moving the check prior to division. This also helps to save one indentation level. In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find... • https://git.kernel.org/stable/c/b094a36f90975373c3a241839869217a65f17d81 •