CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40094 – usb: gadget: f_acm: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40094
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address... • https://git.kernel.org/stable/c/1f1ba11b64947051fc32aa15fcccef6463b433f7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40093 – usb: gadget: f_ecm: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40093
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/da741b8c56d612b5dd26ffa31341911a5fea23ee •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40092 – usb: gadget: f_ncm: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40092
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address... • https://git.kernel.org/stable/c/9f6ce4240a2bf456402c15c06768059e5973f28c •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40088 – hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
https://notcve.org/view.php?id=CVE-2025-40088
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() The hfsplus_strcasecmp() logic can trigger the issue: [ 117.317703][ T9855] ================================================================== [ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490 [ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855 [ 117.319577][ T9855] [ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm... • https://git.kernel.org/stable/c/603158d4efa98a13a746bd586c20f194f4a31ec8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40087 – NFSD: Define a proc_layoutcommit for the FlexFiles layout type
https://notcve.org/view.php?id=CVE-2025-40087
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. These are all security issues fixed in the kerne... • https://git.kernel.org/stable/c/9b9960a0ca4773e21c4b153ed355583946346b25 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-7324 – scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
https://notcve.org/view.php?id=CVE-2023-7324
29 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). • https://git.kernel.org/stable/c/af5114d824f3511a69d68beff49ca9a7c32d44e0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40083 – net/sched: sch_qfq: Fix null-deref in agg_dequeue
https://notcve.org/view.php?id=CVE-2025-40083
29 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c. To avoid code duplication, the following changes are made: 1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static inline function. 2. Moved qdisc_peek_len from net/sched/sch_... • https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199 •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40082 – hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
https://notcve.org/view.php?id=CVE-2025-40082
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace:
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40081 – perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
https://notcve.org/view.php?id=CVE-2025-40081
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB). In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB). These are all security issues fixed in the kernel-devel-6.17.7-1.1 package on th... • https://git.kernel.org/stable/c/d5d9696b03808bc6be723cc85288c912c3a05606 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40080 – nbd: restrict sockets to TCP and UDP
https://notcve.org/view.php?id=CVE-2025-40080
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 ("nbd: verify socket is supported during setup") made sure the socket supported a shutdown() method. Explicitely accept TCP and UNIX stream sockets. In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Com... • https://git.kernel.org/stable/c/cf1b2326b734896734c6e167e41766f9cee7686a •