CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-40088 – hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
https://notcve.org/view.php?id=CVE-2025-40088
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() The hfsplus_strcasecmp() logic can trigger the issue: [ 117.317703][ T9855] ================================================================== [ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490 [ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855 [ 117.319577][ T9855] [ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm... • https://git.kernel.org/stable/c/603158d4efa98a13a746bd586c20f194f4a31ec8 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-40087 – NFSD: Define a proc_layoutcommit for the FlexFiles layout type
https://notcve.org/view.php?id=CVE-2025-40087
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. • https://git.kernel.org/stable/c/9b9960a0ca4773e21c4b153ed355583946346b25 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-7324 – scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
https://notcve.org/view.php?id=CVE-2023-7324
29 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). • https://git.kernel.org/stable/c/af5114d824f3511a69d68beff49ca9a7c32d44e0 •
CVSS: 8.1EPSS: %CPEs: 4EXPL: 0CVE-2025-40084 – ksmbd: transport_ipc: validate payload size before reading handle
https://notcve.org/view.php?id=CVE-2025-40084
29 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/a02e432d5130da4c723aabe1205bac805889fdb2 •
CVSS: 5.5EPSS: %CPEs: 1EXPL: 0CVE-2025-40083 – net/sched: sch_qfq: Fix null-deref in agg_dequeue
https://notcve.org/view.php?id=CVE-2025-40083
29 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c. To avoid code duplication, the following changes are made: 1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static inline function. 2. Moved qdisc_peek_len from net/sched/sch_... • https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379 •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40082 – hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
https://notcve.org/view.php?id=CVE-2025-40082
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace:
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40081 – perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
https://notcve.org/view.php?id=CVE-2025-40081
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB). In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB). • https://git.kernel.org/stable/c/d5d9696b03808bc6be723cc85288c912c3a05606 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40080 – nbd: restrict sockets to TCP and UDP
https://notcve.org/view.php?id=CVE-2025-40080
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 ("nbd: verify socket is supported during setup") made sure the socket supported a shutdown() method. Explicitely accept TCP and UNIX stream sockets. In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Com... • https://git.kernel.org/stable/c/cf1b2326b734896734c6e167e41766f9cee7686a •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40078 – bpf: Explicitly check accesses to bpf_sock_addr
https://notcve.org/view.php?id=CVE-2025-40078
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which triggers: verifier bug: error during ctx access conversion (0) This is happening because offset 60 in bpf_sock_addr corresponds to an implicit padding of 4 bytes, right after msg_src_ip4. Access to this padding isn't rejected in sock_addr_is_valid_access and it thus later fails... • https://git.kernel.org/stable/c/1cedee13d25ab118d325f95588c1a084e9317229 •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40077 – f2fs: fix to avoid overflow while left shift operation
https://notcve.org/view.php?id=CVE-2025-40077
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation. • https://git.kernel.org/stable/c/3265d3db1f16395cfc6b8ea9b31b4001d98d05ef •