CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39762 – drm/amd/display: add null check
https://notcve.org/view.php?id=CVE-2025-39762
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: add null check [WHY] Prevents null pointer dereferences to enhance function robustness [HOW] Adds early null check and return false if invalid. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: add null check [WHY] Prevents null pointer dereferences to enhance function robustness [HOW] Adds early null check and return false if invalid. • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39760 – usb: core: config: Prevent OOB read in SS endpoint companion parsing
https://notcve.org/view.php?id=CVE-2025-39760
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this up by checking the size first before looking at any of the fields in the descriptor. In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss... • https://git.kernel.org/stable/c/5c3097ede7835d3caf6543eb70ff689af4550cd2 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39759 – btrfs: qgroup: fix race between quota disable and quota rescan ioctl
https://notcve.org/view.php?id=CVE-2025-39759
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records from the fs_info->qgroup_tree rbtree. This happens as follows: 1) Task A enters btrfs_ioctl_quota_rescan() -> btrfs_qgroup_rescan(); 2) Task B enters btrfs_quota_disable() and calls btrfs_qgroup_wait_for_completion(), which does nothing ... • https://git.kernel.org/stable/c/7cda0fdde5d9890976861421d207870500f9aace •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39757 – ALSA: usb-audio: Validate UAC3 cluster segment descriptors
https://notcve.org/view.php?id=CVE-2025-39757
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descrip... • https://git.kernel.org/stable/c/11785ef53228d23ec386f5fe4a34601536f0c891 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39756 – fs: Prevent file descriptor table allocations exceeding INT_MAX
https://notcve.org/view.php?id=CVE-2025-39756
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_open is set to a very high value (for example, 1073741816 as set by systemd), processes attempting to use file descriptors near the limit can trigger massive memory allocation attempts that exceed INT_MAX, resulting in a WARNING in mm/slub.c: WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288 This happens because kvmalloc_array() and kvm... • https://git.kernel.org/stable/c/9cfe015aa424b3c003baba3841a60dd9b5ad319b •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39754 – mm/smaps: fix race between smaps_hugetlb_range and migration
https://notcve.org/view.php?id=CVE-2025-39754
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/smaps: fix race between smaps_hugetlb_range and migration smaps_hugetlb_range() handles the pte without holdling ptl, and may be concurrenct with migration, leaing to BUG_ON in pfn_swap_entry_to_page(). The race is as follows. smaps_hugetlb_range migrate_pages huge_ptep_get remove_migration_ptes folio_unlock pfn_swap_entry_folio BUG_ON To fix it, hold ptl lock in smaps_hugetlb_range(). In the Linux kernel, the following vulnerability has... • https://git.kernel.org/stable/c/25ee01a2fca02dfb5a3ce316e77910c468108199 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39753 – gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops
https://notcve.org/view.php?id=CVE-2025-39753
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Clears up the warning added in 7ee3647243e5 ("migrate: Remove call to ->writepage") that occurs in various xfstests, causing "something found in dmesg" failures. [ 341.136573] gfs2_meta_aops does not implement migrate_folio [ 341.136953] WARNING: CPU: 1 PID: 36 at mm/migrate.c:944 move_to_new_folio+0x2f8/0x300 In the Linux kernel, the following vulnerability has been resolved: gfs2: Set .mig... • https://git.kernel.org/stable/c/3d2c05cbc6a3725d832b912b637971f37301c7e5 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39752 – ARM: rockchip: fix kernel hang during smp initialization
https://notcve.org/view.php?id=CVE-2025-39752
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main CPU write trampoline code to SRAM. The trampoline code is written while secondary CPUs are powered on (at least that true for RK3188 CPU). Sometimes that leads to kernel hang. Probably because secondary CPU execute trampoline code while kernel doesn't expect. The patch moves SRAM initialization step to the point where all secondary CPUs are pow... • https://git.kernel.org/stable/c/3ee851e212d0bb6be8c462059fba74ce2e3f6064 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39751 – ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
https://notcve.org/view.php?id=CVE-2025-39751
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control The 'sprintf' call in 'add_tuning_control' may exceed the 44-byte buffer if either string argument is too long. This triggers a compiler warning. Replaced 'sprintf' with 'snprintf' to limit string lengths to prevent overflow. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control The 'sprintf' call in 'add_tun... • https://git.kernel.org/stable/c/95c6e9cb774979c270f0ecb9ec819d02592ec89f •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39749 – rcu: Protect ->defer_qs_iw_pending from data race
https://notcve.org/view.php?id=CVE-2025-39749
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu: Protect ->defer_qs_iw_pending from data race On kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is invoked within an interrupts-disabled region of code [1], it will invoke rcu_read_unlock_special(), which uses an irq-work handler to force the system to notice when the RCU read-side critical section actually ends. That end won't happen until interrupts are enabled at the soonest. In some kernels, such as those booted with r... • https://git.kernel.org/stable/c/74f58f382a7c8333f8d09701aefaa25913bdbe0e •