CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39969 – i40e: fix validation of VF state in get resources
https://notcve.org/view.php?id=CVE-2025-39969
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use I40E_VF_STATE_RESOURCES_LOADED that is set only in i40e_vc_get_vf_resources_msg() and cleared during reset. In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF ... • https://git.kernel.org/stable/c/171527da84149c2c7aa6a60a64b09d24f3546298 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39968 – i40e: add max boundary check for VF filters
https://notcve.org/view.php?id=CVE-2025-39968
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.158-1. • https://git.kernel.org/stable/c/e284fc280473bed23f2e1ed324e102a48f7d17e1 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-39967 – fbcon: fix integer overflow in fbcon_do_set_font
https://notcve.org/view.php?id=CVE-2025-39967
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount multiplication with user-controlled values that can overflow. 2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow 3. This results ... • https://git.kernel.org/stable/c/96e41fc29e8af5c5085fb8a79cab8d0d00bab86c •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39964 – crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
https://notcve.org/view.php?id=CVE-2025-39964
13 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing. In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg ... • https://git.kernel.org/stable/c/8ff590903d5fc7f5a0a988c38267a3d08e6393a2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39961 – iommu/amd/pgtbl: Fix possible race while increase page table level
https://notcve.org/view.php?id=CVE-2025-39961
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels (up to 6 levels), starting with a 3-level configuration that expands based on IOVA address. The kernel maintains a root pointer and current page table level to enable proper page table walks in alloc_pte()/fetch_pte() operations. The IOMMU IOVA allocator initially starts with 32-bit address and o... • https://git.kernel.org/stable/c/754265bcab78a9014f0f99cd35e0d610fcd7dfa7 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39958 – iommu/s390: Make attach succeed when the device was surprise removed
https://notcve.org/view.php?id=CVE-2025-39958
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via (__iommu_release_dma_ownership()), or because the removal happens during probe (__iommu_probe_device()). In both cases zpci_register_ioat() fails with a cc value indicating that the device handle is invalid. This is because the... • https://git.kernel.org/stable/c/359613f2fa009587154511e4842e8ab9532edd15 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39957 – wifi: mac80211: increase scan_ies_len for S1G
https://notcve.org/view.php?id=CVE-2025-39957
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: increase scan_ies_len for S1G Currently the S1G capability element is not taken into account for the scan_ies_len, which leads to a buffer length validation failure in ieee80211_prep_hw_scan() and subsequent WARN in __ieee80211_start_scan(). This prevents hw scanning from functioning. To fix ensure we accommodate for the S1G capability length. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211... • https://git.kernel.org/stable/c/16c9244a62116fe148f6961753b68e7160799f97 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39955 – tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
https://notcve.org/view.php?id=CVE-2025-39955
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Open socket as a new client before the TFO socket completes 3WHS: 1. accept() 2. connect(AF_UNSPEC) 3. connect() to another destination As of accept(), sk->sk_state is TCP_SYN_RECV, and tcp_disconnect() changes it to TCP_CLOSE and makes c... • https://git.kernel.org/stable/c/8336886f786fdacbc19b719c1f7ea91eb70706d4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53687 – tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
https://notcve.org/view.php?id=CVE-2023-53687
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, needs to be freed. If a better match has already been found, we still need to free the new one, otherwise it leaks. In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24... • https://git.kernel.org/stable/c/5f5a7a5578c5885201cf9c85856f023fe8b81765 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53685 – tun: Fix memory leak for detached NAPI queue.
https://notcve.org/view.php?id=CVE-2023-53685
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported [0] memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = {} int fd_tun, fd_tmp; char buf[4] = {}; fd_tun = openat(AT_FDCWD, "/dev/net/tun", O_WRONLY, 0); ifr.ifr_flags = IFF_TUN | IFF_NAPI | IFF_MULTI_QUEUE; ioctl(fd_tun, TUNSETIFF, &ifr); ifr.ifr_flags = IFF_DETACH_QUEUE; ioctl(fd_tun, TUNSETQUEUE, &ifr); ... • https://git.kernel.org/stable/c/cde8b15f1aabe327038ee4e0e11dd6b798572f69 •