CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39980 – nexthop: Forbid FDB status change while nexthop is in a group
https://notcve.org/view.php?id=CVE-2025-39980
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: # ip nexthop add id 1 via 192.0.2.1 fdb # ip nexthop add id 2 group 1 Error: Non FDB nexthop group cannot have fdb nexthops. And vice versa: # ip nexthop add id 3 via 192.0.2.2 dev dummy1 # ip nexthop add id 4 group 3 fdb Error: FDB nexthop group can only have fdb nexthops. However, as long as no routes ... • https://git.kernel.org/stable/c/38428d68719c454d269cb03b776d8a4b0ad66111 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39978 – octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
https://notcve.org/view.php?id=CVE-2025-39978
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Two lines later, we take a mutex so I don't think this is an RCU safe region. Re-order it to do the dereferences before queuing up the free. In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc... • https://git.kernel.org/stable/c/68fbff68dbea35f9e6f7649dd22fce492a5aedac •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39977 – futex: Prevent use-after-free during requeue-PI
https://notcve.org/view.php?id=CVE-2025-39977
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futex_wait_requeue_pi() futex_do_wait() schedule() futex_requeue() futex_proxy_trylock_atomic() futex_requeue_pi_prepare() requeue_pi_wake_futex() futex_requeue_pi_complete() /* preempt */ * timeout/ signal wakes T1 * futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED futex_hash_put() // back to userland, on stack futex_q is garbage /* bac... • https://git.kernel.org/stable/c/07d91ef510fb16a2e0ca7453222105835b7ba3b8 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39973 – i40e: add validation for ring_len param
https://notcve.org/view.php?id=CVE-2025-39973
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to the hardware memory context (HMC) without any validation. To address this, introduce an upper boundary check for both Tx and Rx queue lengths. The maximum number of descriptors supported by the hardware is 8k-32. Additionally, enforce alignment constraints: Tx rings must be a multiple of 8, and Rx rings must be a mu... • https://git.kernel.org/stable/c/5c3c48ac6bf56367c4e89f6453cd2d61e50375bd •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39972 – i40e: fix idx validation in i40e_validate_queue_map
https://notcve.org/view.php?id=CVE-2025-39972
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_validate_queue_map(). In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_validate_queue_map(). • https://git.kernel.org/stable/c/c27eac48160de72dee33d42b5a33cc7b8a2eb1f5 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39971 – i40e: fix idx validation in config queues msg
https://notcve.org/view.php?id=CVE-2025-39971
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg(). In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg(). • https://git.kernel.org/stable/c/c27eac48160de72dee33d42b5a33cc7b8a2eb1f5 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39970 – i40e: fix input validation logic for action_meta
https://notcve.org/view.php?id=CVE-2025-39970
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference. • https://git.kernel.org/stable/c/e284fc280473bed23f2e1ed324e102a48f7d17e1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39969 – i40e: fix validation of VF state in get resources
https://notcve.org/view.php?id=CVE-2025-39969
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use I40E_VF_STATE_RESOURCES_LOADED that is set only in i40e_vc_get_vf_resources_msg() and cleared during reset. In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF ... • https://git.kernel.org/stable/c/171527da84149c2c7aa6a60a64b09d24f3546298 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39968 – i40e: add max boundary check for VF filters
https://notcve.org/view.php?id=CVE-2025-39968
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it. • https://git.kernel.org/stable/c/e284fc280473bed23f2e1ed324e102a48f7d17e1 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-39967 – fbcon: fix integer overflow in fbcon_do_set_font
https://notcve.org/view.php?id=CVE-2025-39967
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount multiplication with user-controlled values that can overflow. 2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow 3. This results ... • https://git.kernel.org/stable/c/96e41fc29e8af5c5085fb8a79cab8d0d00bab86c •