CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40197 – media: mc: Clear minor number before put device
https://notcve.org/view.php?id=CVE-2025-40197
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released. • https://git.kernel.org/stable/c/dd156f44ea82cc249f46c519eed3b2f8983c8002 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40196 – fs: quota: create dedicated workqueue for quota_release_work
https://notcve.org/view.php?id=CVE-2025-40196
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set. This issue occurs when writeback is triggered due to sync call for an opened file(ie, writeback reason is WB_REASON_SYNC). When f2fs balance is needed at sync path, flush for quota_release_work is triggered. By default quota_release_work is queued to "events_unbound" queue which does not have WQ_MEM_RECLAIM flag. ... • https://git.kernel.org/stable/c/bcacb52a985f1b6d280f698a470b873dfe52728a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40195 – mount: handle NULL values in mnt_ns_release()
https://notcve.org/view.php?id=CVE-2025-40195
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully. In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully. • https://git.kernel.org/stable/c/2d68f8a7379d9c61005e982600c61948d4d019bd •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40194 – cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
https://notcve.org/view.php?id=CVE-2025-40194
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_psta... • https://git.kernel.org/stable/c/da5c504c7aae96db68c4b38e2564a88e91842d89 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40193 – xtensa: simdisk: add input size check in proc_write_simdisk
https://notcve.org/view.php?id=CVE-2025-40193
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in proc_write_simdisk A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 ("netdevsim: prevent bad user input in nsim_dev_health_break_write()") In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in proc_write_simdisk A malicious user could ... • https://git.kernel.org/stable/c/b6c7e873daf765e41233b9752083b66442703b7a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40192 – Revert "ipmi: fix msg stack when IPMI is disconnected"
https://notcve.org/view.php?id=CVE-2025-40192
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack when IPMI is disconnected" This reverts commit c608966f3f9c2dca596967501d00753282b395fc. This patch has a subtle bug that can cause the IPMI driver to go into an infinite loop if the BMC misbehaves in a certain way. Apparently certain BMCs do misbehave this way because several reports have come in recently about this. In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack ... • https://git.kernel.org/stable/c/c608966f3f9c2dca596967501d00753282b395fc •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40190 – ext4: guard against EA inode refcount underflow in xattr update
https://notcve.org/view.php?id=CVE-2025-40190
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1). That lets the refcount underflow and we proceed with a bogus value, triggering errors like: EXT4-fs error: EA inode
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40189 – net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom
https://notcve.org/view.php?id=CVE-2025-40189
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout ===================================================== BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline] BUG: KMSAN: uninit-value in lan78xx_init_mac_ad... • https://git.kernel.org/stable/c/8b1b2ca83b200fa46fdfb81e80ad5fe34537e6d4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40188 – pwm: berlin: Fix wrong register in suspend/resume
https://notcve.org/view.php?id=CVE-2025-40188
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there will be cpu exception then kernel panic during suspend/resume. In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE, otherwi... • https://git.kernel.org/stable/c/bbf0722c1c663b08f612bd8c58af27f45aa84862 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40187 – net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
https://notcve.org/view.php?id=CVE-2025-40187
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() If new_asoc->peer.adaptation_ind=0 and sctp_ulpevent_make_authkey=0 and sctp_ulpevent_make_authkey() returns 0, then the variable ai_ev remains zero and the zero will be dereferenced in the sctp_ulpevent_free() function. In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() If new_... • https://git.kernel.org/stable/c/30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b •