CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-71121 – parisc: Do not reprogram affinitiy on ASP chip
https://notcve.org/view.php?id=CVE-2025-71121
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will crash with a HPMC as the relevant registers don't seem to be at the usual location. Let's avoid the crash by checking the sversion. Also note, that reprogramming isn't necessary either, as the HP730 is a just a single-CPU machine. In the Linux kernel, the fol... • https://git.kernel.org/stable/c/f7c35220305f273bddc0bdaf1e453b4ca280f145 •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-71120 – SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf
https://notcve.org/view.php?id=CVE-2025-71120
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0. In the Linux kernel, the following vulnerability has been resolved: SUNRP... • https://git.kernel.org/stable/c/5866efa8cbfbadf3905072798e96652faf02dbe8 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-71119 – powerpc/kexec: Enable SMT before waking offline CPUs
https://notcve.org/view.php?id=CVE-2025-71119
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228. WARNING: CPU: 0 PID: 9062 at arch/powerpc/kexec/core_64.c:223 kexec_prepare_cpus+0x1b0/0x1bc [snip] NIP kexec_prepare_cpus+0x1b0/0x1bc LR kexec_prepare_cpus+0x1a0/0x1bc Call Trace: kexec_prepare_cpus+0x1a0/0x1bc (unr... • https://git.kernel.org/stable/c/482fa21635c8832db022cd2d649db26b8e6170ac •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71118 – ACPICA: Avoid walking the Namespace if start_node is NULL
https://notcve.org/view.php?id=CVE-2025-71118
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if start_node is NULL Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace if it is not there") fixed the situation when both start_node and acpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed on Honor Magicbook 14 Pro [1]. That happens due to the access to the member of parent_node in acpi_ns_get_next_node(). The NULL pointer dereference will always happen, no matt... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71117 – block: Remove queue freezing from several sysfs store callbacks
https://notcve.org/view.php?id=CVE-2025-71117
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queue_if_no_path option. Additionally, freezing the request queue slows down system boot on systems where sysfs attributes are set synchronously. Fix this by removing the blk_mq_freeze_queue() / blk_mq_unfreeze_queue() calls from the store callba... • https://git.kernel.org/stable/c/af2814149883e2c1851866ea2afcd8eadc040f79 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71116 – libceph: make decode_pool() more resilient against corrupted osdmaps
https://notcve.org/view.php?id=CVE-2025-71116
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value. This patch adds explicit bounds checks for each field that is decoded or skipped. In the Linux kernel, the fol... • https://git.kernel.org/stable/c/4f6a7e5ee1393ec4b243b39dac9f36992d161540 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71114 – via_wdt: fix critical boot hang due to unnamed resource allocation
https://notcve.org/view.php?id=CVE-2025-71114
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: via_wdt: fix critical boot hang due to unnamed resource allocation The VIA watchdog driver uses allocate_resource() to reserve a MMIO region for the watchdog control register. However, the allocated resource was not given a name, which causes the kernel resource tree to contain an entry marked as "
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71113 – crypto: af_alg - zero initialize memory allocated via sock_kmalloc
https://notcve.org/view.php?id=CVE-2025-71113
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initialize memory allocated via sock_kmalloc Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, relying on callers to set fields explicitly. This resulted in the use of uninitialized data in certain error paths or when new fields are added in the future. The ACVP patches also contain two user-space interface files: algif_kpp.c and algif_akcipher.c. These too rely on pro... • https://git.kernel.org/stable/c/fe869cdb89c95d060c77eea20204d6c91f233b53 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71112 – net: hns3: add VLAN id validation before using
https://notcve.org/view.php?id=CVE-2025-71112
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_VID). It may cause out-of-bounds memory access once the VLAN id is bigger than or equal to VLAN_N_VID. Therefore, VLAN id needs to be checked to ensure it is within the range of VLAN_N_VID. In the Linux kernel, the following vulnerabil... • https://git.kernel.org/stable/c/fe4144d47eef8453459c53a34e9d5940a3e6c219 •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71111 – hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
https://notcve.org/view.php?id=CVE-2025-71111
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially causing divide-by-zero errors. Convert the macro to a static function. This guarantees that arguments are evaluated only once (pass-by-value), preventing the race conditions. Add... • https://git.kernel.org/stable/c/9873964d6eb24bd0205394f9b791de9eddbcb855 •