CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40335 – drm/amdgpu: validate userq input args
https://notcve.org/view.php?id=CVE-2025-40335
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place. • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40334 – drm/amdgpu: validate userq buffer virtual address and size
https://notcve.org/view.php?id=CVE-2025-40334
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to determine whether it is residented in a valid vm mapping. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to determine whether it is residented in a valid vm mapping. • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40333 – f2fs: fix infinite loop in __insert_extent_tree()
https://notcve.org/view.php?id=CVE-2025-40333
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by return NULL and print some kernel messages in that case. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it w... • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40332 – drm/amdkfd: Fix mmap write lock not release
https://notcve.org/view.php?id=CVE-2025-40332
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fault, mmap write lock is not released because svm_range_restore_pages calls mmap_read_unlock then returns. This causes deadlock and system hangs later because mmap read or write lock cannot be taken. Downgrade mmap write lock to read lock if draining retry fault fix this bug. In the Linux kernel, the following vulnerability has been resolved: drm/a... • https://git.kernel.org/stable/c/4a488a7ad71401169cecee75dc94bcce642e2c53 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40331 – sctp: Prevent TOCTOU out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-40331
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump() make sure not to exceed bounds in case the address list has grown between buffer allocation (time-of-check) and write (time-of-use). In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock... • https://git.kernel.org/stable/c/8f840e47f190cbe61a96945c13e9551048d42cef •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40329 – drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb
https://notcve.org/view.php?id=CVE-2025-40329
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb The Mesa issue referenced below pointed out a possible deadlock: [ 1231.611031] Possible interrupt unsafe locking scenario: [ 1231.611033] CPU0 CPU1 [ 1231.611034] ---- ---- [ 1231.611035] lock(&xa->xa_lock#17); [ 1231.611038] local_irq_disable(); [ 1231.611039] lock(&fence->lock); [ 1231.611041] lock(&xa->xa_lock#17); [ 1231.611044]
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40328 – smb: client: fix potential UAF in smb2_close_cached_fid()
https://notcve.org/view.php?id=CVE-2025-40328
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_close_cached_fid() find_or_create_cached_dir() could grab a new reference after kref_put() had seen the refcount drop to zero but before cfid_list_lock is acquired in smb2_close_cached_fid(), leading to use-after-free. Switch to kref_put_lock() so cfid_release() is called with cfid_list_lock held, closing that gap. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix pot... • https://git.kernel.org/stable/c/ebe98f1447bbccf8228335c62d86af02a0ed23f7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40324 – NFSD: Fix crash in nfsd4_read_release()
https://notcve.org/view.php?id=CVE-2025-40324
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix crash in nfsd4_read_release() When tracing is enabled, the trace_nfsd_read_done trace point crashes during the pynfs read.testNoFh test. In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix crash in nfsd4_read_release() When tracing is enabled, the trace_nfsd_read_done trace point crashes during the pynfs read.testNoFh test. • https://git.kernel.org/stable/c/65a33135e91e6dd661ecdf1194b9d90c49ae3570 •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40323 – fbcon: Set fb_display[i]->mode to NULL when the mode is released
https://notcve.org/view.php?id=CVE-2025-40323
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fb_display[i]->mode to NULL when the mode is released Recently, we discovered the following issue through syzkaller: BUG: KASAN: slab-use-after-free in fb_mode_is_equal+0x285/0x2f0 Read of size 4 at addr ff11000001b3c69c by task syz.xxx ... Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40322 – fbdev: bitblit: bound-check glyph index in bit_putcs*
https://notcve.org/view.php?id=CVE-2025-40322
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the built-in font array. Clamp the index to the actual glyph count before computing the address. This fixes a global out-of-bounds read reported by syzbot. In the Linux kernel, the following vulnerability has been... • https://git.kernel.org/stable/c/a10cede006f9614b465cf25609a8753efbfd45cc •