CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-40027 – net/9p: fix double req put in p9_fd_cancelled
https://notcve.org/view.php?id=CVE-2025-40027
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/9p: fix double req put in p9_fd_cancelled Syzkaller reports a KASAN issue as below: general protection fault, probably for non-canonical address 0xfbd59c0000000021: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: maybe wild-memory-access in range [0xdead000000000108-0xdead00000000010f] CPU: 0 PID: 5083 Comm: syz-executor.2 Not tainted 6.1.134-syzkaller-00037-g855bd1d7d838 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 ... • https://git.kernel.org/stable/c/afd8d65411551839b7ab14a539d00075b2793451 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-40026 – KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
https://notcve.org/view.php?id=CVE-2025-40026
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instruction execution, i.e. has already committed to allowing L2 to perform I/O. If L1 (or host userspace) modifies the I/O permission bitmaps during the exit to userspace, KVM will treat the access as being intercepted de... • https://git.kernel.org/stable/c/8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9 •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40025 – f2fs: fix to do sanity check on node footer for non inode dnode
https://notcve.org/view.php?id=CVE-2025-40025
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer for non inode dnode As syzbot reported below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/file.c:1243! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(full) RIP: 0010:f2fs_truncate_hole+0x69e/0x6c0 fs/f2fs/file.c:1243 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40021 – tracing: dynevent: Add a missing lockdown check on dynevent
https://notcve.org/view.php?id=CVE-2025-40021
24 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdown status and reject if it is set. In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it... • https://git.kernel.org/stable/c/17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40020 – can: peak_usb: fix shift-out-of-bounds issue
https://notcve.org/view.php?id=CVE-2025-40020
24 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its shifting is 32 (which is the case for PC CAN FD interfaces supported by this driver). [mkl: update subject, apply manually] In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its shifting is 32 (whic... • https://git.kernel.org/stable/c/bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40019 – crypto: essiv - Check ssize for decryption and in-place encryption
https://notcve.org/view.php?id=CVE-2025-40019
24 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption. Se... • https://git.kernel.org/stable/c/be1eb7f78aa8fbe34779c56c266ccd0364604e71 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40018 – ipvs: Defer ip_vs_ftp unregister during netns cleanup
https://notcve.org/view.php?id=CVE-2025-40018
24 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_modul... • https://git.kernel.org/stable/c/61b1ab4583e275af216c8454b9256de680499b19 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53733 – net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode
https://notcve.org/view.php?id=CVE-2023-53733
24 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode When u32_replace_hw_knode fails, we need to undo the tcf_bind_filter operation done at u32_set_parms. In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode When u32_replace_hw_knode fails, we need to undo the tcf_bind_filter operation done at u32_set_parms. The SUSE Linux Enterprise 15 SP6 Azure k... • https://git.kernel.org/stable/c/d34e3e181395192d6d1f50dd97bd7854e04e33a4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53732 – fs/ntfs3: Fix NULL dereference in ni_write_inode
https://notcve.org/view.php?id=CVE-2023-53732
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL dereference in ni_write_inode Syzbot reports a NULL dereference in ni_write_inode. When creating a new inode, if allocation fails in mi_init function (called in mi_format_new function), mi->mrec is set to NULL. In the error path of this inode creation, mi->mrec is later dereferenced in ni_write_inode. Add a NULL check to prevent NULL dereference. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-53731 – netlink: fix potential deadlock in netlink_set_err()
https://notcve.org/view.php?id=CVE-2023-53731
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlink_set_err() syzbot reported a possible deadlock in netlink_set_err() [1] A similar issue was fixed in commit 1d482e666b8e ("netlink: disable IRQs for netlink_lock_table()") in netlink_lock_table() This patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump() which were not covered by cited commit. [1] WARNING: possible irq lock inversion dependency detected 6.4.0-rc6-syzkaller-00240-g4e9f... • https://git.kernel.org/stable/c/82b2ea5f904b3826934df4a00f3b8806272185f6 •