CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39737 – mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
https://notcve.org/view.php?id=CVE-2025-39737
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() A soft lockup warning was observed on a relative small system x86-64 system with 16 GB of memory when running a debug kernel with kmemleak enabled. watchdog: BUG: soft lockup - CPU#8 stuck for 33s! [kworker/8:1:134] The test system was running a workload with hot unplug happening in parallel. Then kemleak decided to disable itself due to its inability to allocate more kmemleak object... • https://git.kernel.org/stable/c/2abd839aa7e615f2bbc50c8ba7deb9e40d186768 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39736 – mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
https://notcve.org/view.php?id=CVE-2025-39736
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. This occurs because pr_warn_once() may trigger netpoll, which eventually leads to __alloc_skb() and back into kmemleak code, attempting to reacquire kmemleak_lock. This is the path for the deadlock. mem_p... • https://git.kernel.org/stable/c/c5665868183fec689dbab9fb8505188b2c4f0757 •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2025-40300 – x86/vmscape: Add conditional IBPB mitigation
https://notcve.org/view.php?id=CVE-2025-40300
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB ... • https://git.kernel.org/stable/c/15d45071523d89b3fb7372e2135fbd72f6af9506 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39730 – NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
https://notcve.org/view.php?id=CVE-2025-39730
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle. A flaw out of boundary read in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system. It was discovered that improper initialization of CPU cache memory could allow a local at... • https://git.kernel.org/stable/c/20fa19027286983ab2734b5910c4a687436e0c31 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39726 – s390/ism: fix concurrency management in ism_cmd()
https://notcve.org/view.php?id=CVE-2025-39726
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ism_cmd() The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in time. Unfortunately as of today the s390/ism driver in Linux does not honor that requirement. This patch aims to rectify that. This problem was discovered based on Aliaksei's bug report which states that for certain workloads the ISM functions end up entering e... • https://git.kernel.org/stable/c/684b89bc39ce4f204b1a2b180f39f2eb36a6b695 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-39724 – serial: 8250: fix panic due to PSLVERR
https://notcve.org/view.php?id=CVE-2025-39724
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled. In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function enables the FI... • https://git.kernel.org/stable/c/c49436b657d0a56a6ad90d14a7c3041add7cf64d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39716 – parisc: Revise __get_user() to probe user read access
https://notcve.org/view.php?id=CVE-2025-39716
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Revise __get_user() to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so __get_user() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call. Fix this by probing read access rights at privilege... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39714 – media: usbtv: Lock resolution while streaming
https://notcve.org/view.php?id=CVE-2025-39714
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Lock resolution while streaming When an program is streaming (ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes due to trying to copy to unmapped memory. Changing from NTSC to PAL increases the resolution in the usbtv struct, but the video plane buffer isn't adjusted, so it overflows. [hverkuil: call vb2_is_busy instead of vb2_is_streaming] In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/0e0fe3958fdd13dbf55c3a787acafde6efd04272 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39713 – media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
https://notcve.org/view.php?id=CVE-2025-39713
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interrupt handler rain_interrupt(), the buffer full check on rain->buf_len is performed before acquiring rain->buf_lock. This creates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as rain->buf_len is concurrently accessed and modified in the work handler rain_irq_work_handler() under the same lock. Multiple interrupt invocations can race, with each reading... • https://git.kernel.org/stable/c/0f314f6c2e77beb1a232be21dd6be4e1849ba5ac •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39710 – media: venus: Add a check for packet size after reading from shared memory
https://notcve.org/view.php?id=CVE-2025-39710
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures that the size provided by the firmware is safe to process and prevent potential out-of-bounds memory access. In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet s... • https://git.kernel.org/stable/c/d96d3f30c0f2f564f6922bf4ccdf4464992e31fb •