CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40306 – orangefs: fix xattr related buffer overflow...
https://notcve.org/view.php?id=CVE-2025-40306
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40305 – 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN
https://notcve.org/view.php?id=CVE-2025-40305
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN p9_read_work() doesn't set Rworksched and doesn't do schedule_work(m->rq) if list_empty(&m->req_list). However, if the pipe is full, we need to read more data and this used to work prior to commit aaec5a95d59615 ("pipe_read: don't wake up the writer if the pipe is still full"). p9_read_work() does p9_fd_read() -> ... -> anon_pipe_read() which (before the commit above) triggered the unnec... • https://git.kernel.org/stable/c/2e1461034aef99e905a1fe5589aaf00eaea73eee •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40304 – fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
https://notcve.org/view.php?id=CVE-2025-40304
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip image height to screen boundary. Break from the rendering loop if the X position is off-screen. When clipping image width to fit the screen, update the character count to match the clipped width to prevent buffer siz... • https://git.kernel.org/stable/c/996bfaa7372d6718b6d860bdf78f6618e850c702 •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40303 – btrfs: ensure no dirty metadata is written back for an fs with errors
https://notcve.org/view.php?id=CVE-2025-40303
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure no dirty metadata is written back for an fs with errors [BUG] During development of a minor feature (make sure all btrfs_bio::end_io() is called in task context), I noticed a crash in generic/388, where metadata writes triggered new works after btrfs_stop_all_workers(). It turns out that it can even happen without any code modification, just using RAID5 for metadata and the same workload from generic/388 is going to trigger th... • https://git.kernel.org/stable/c/066ee13f05fbd82ada01883e51f0695172f98dff •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40289 – drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
https://notcve.org/view.php?id=CVE-2025-40289
06 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash. • https://git.kernel.org/stable/c/39a1c8c860e32d775f29917939e87b6a7c08ebb1 •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40288 – drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
https://notcve.org/view.php?id=CVE-2025-40288
06 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root cause is not that the `struct ttm_resource_manager *man` pointer itself is NULL, but that `man->bdev` (the backing device pointer within the manager) remains uninitialized (NULL) on APUs—since APUs lack dedicate... • https://git.kernel.org/stable/c/e70113b741ba253886cd71dbadfe3ea444bb2f5c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40287 – exfat: fix improper check of dentry.stream.valid_size
https://notcve.org/view.php?id=CVE-2025-40287
06 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is ne... • https://git.kernel.org/stable/c/6c627bcc1896ba62ec793d0c00da74f3c93ce3ad •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40286 – smb/server: fix possible memory leak in smb2_read()
https://notcve.org/view.php?id=CVE-2025-40286
06 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree(). In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree(). • https://git.kernel.org/stable/c/0797c6cf3b857cc229ab2bc69552938dcd738d78 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40285 – smb/server: fix possible refcount leak in smb2_sess_setup()
https://notcve.org/view.php?id=CVE-2025-40285
06 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2_sess_setup() Reference count of ksmbd_session will leak when session need reconnect. Fix this by adding the missing ksmbd_user_session_put(). In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2_sess_setup() Reference count of ksmbd_session will leak when session need reconnect. Fix this by adding the missing ksmbd_user_session_put()... • https://git.kernel.org/stable/c/6fc935f798d44a8eb8a5e6659198399fbf57b981 •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40282 – Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
https://notcve.org/view.php?id=CVE-2025-40282
06 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has header_ops, so it must set link-local header for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW Add missing skb_reset_mac_header() for uncompressed ipv6 RX path. For the compressed one, it is done in lowpan_header_decompress(). Log: (BlueZ 6lowpan-tester Client Recv Raw - Success) ------ kernel BUG at net/core/skbuff.c:212! Call Trace: ... • https://git.kernel.org/stable/c/18722c247023035b9e2e2a08a887adec2a9a6e49 •