CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40355 – sysfs: check visibility before changing group attribute ownership
https://notcve.org/view.php?id=CVE-2025-40355
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 ("net: sysfs: Implement is_visible for phys_(port_id, port_name, switch_id)"), __dev_change_net_namespace() can hit WARN_ON() when trying to change owner of a file that isn't visible. See the trace below: WARNING: CPU: 6 PID: 2938 at net/core/dev.c:12410 __dev_change_net_namespace+0xb89/0xc30 CPU: 6 UID: 0 PID: 2938 Comm: incusd Not tainted 6.17.1-1-... • https://git.kernel.org/stable/c/303a42769c4c4d8e5e3ad928df87eb36f8c1fa60 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40354 – drm/amd/display: increase max link count and fix link->enc NULL pointer access
https://notcve.org/view.php?id=CVE-2025-40354
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 12 to 14. 2.) hw_init() access null LINK_ENC for dpia non display_endpoint. (cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45) • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40353 – arm64: mte: Do not warn if the page is already tagged in copy_highpage()
https://notcve.org/view.php?id=CVE-2025-40353
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copy_highpage() The arm64 copy_highpage() assumes that the destination page is newly allocated and not MTE-tagged (PG_mte_tagged unset) and warns accordingly. However, following commit 060913999d7a ("mm: migrate: support poisoned recover from migrate folio"), folio_mc_copy() is called before __folio_migrate_mapping(). If the latter fails (-EAGAIN), the copy will be done again to the s... • https://git.kernel.org/stable/c/5ff5765a1fc526f07d3bbaedb061d970eb13bcf4 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40351 – hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
https://notcve.org/view.php?id=CVE-2025-40351
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() The syzbot reported issue in hfsplus_delete_cat(): [ 70.682285][ T9333] ===================================================== [ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220 [ 70.683640][ T9333] hfsplus_subfolders_dec+0x1d7/0x220 [ 70.684141][ T9333] hfsplus_delete_cat+0x105d/0x12b0 [ 70.684621][ T9333] hfsplus_rmdir+0x13d/0x310 [ 70.685048][ T... • https://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40349 – hfs: validate record offset in hfsplus_bmap_alloc
https://notcve.org/view.php?id=CVE-2025-40349
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: validate record offset in hfsplus_bmap_alloc hfsplus_bmap_alloc can trigger a crash if a record offset or length is larger than node_size [ 15.264282] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_alloc+0x887/0x8b0 [ 15.265192] Read of size 8 at addr ffff8881085ca188 by task test/183 [ 15.265949] [ 15.266163] CPU: 0 UID: 0 PID: 183 Comm: test Not tainted 6.17.0-rc2-gc17b750b3ad9 #14 PREEMPT(voluntary) [ 15.266165] Hardware name: QEMU ... • https://git.kernel.org/stable/c/f7d9f600c7c3ff5dab36181a388af55f2c95604c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40347 – net: enetc: fix the deadlock of enetc_mdio_lock
https://notcve.org/view.php?id=CVE-2025-40347
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix the deadlock of enetc_mdio_lock After applying the workaround for err050089, the LS1028A platform experiences RCU stalls on RT kernel. This issue is caused by the recursive acquisition of the read lock enetc_mdio_lock. Here list some of the call stacks identified under the enetc_poll path that may lead to a deadlock: enetc_poll -> enetc_lock_mdio -> enetc_clean_rx_ring OR napi_complete_done -> napi_gro_receive -> enetc_start... • https://git.kernel.org/stable/c/6d36ecdbc4410e61a0e02adc5d3abeee22a8ffd3 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40346 – arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()
https://notcve.org/view.php?id=CVE-2025-40346
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() which causes the code to proceed with NULL clock pointers. The current logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both valid pointers and NULL, leading to potential NULL pointer dereference in clk_get_rate(). Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns... • https://git.kernel.org/stable/c/b8fe128dad8f97cc9af7c55a264d1fc5ab677195 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40345 – usb: storage: sddr55: Reject out-of-bound new_pba
https://notcve.org/view.php?id=CVE-2025-40345
12 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogus device could report values beyond the block count derived from info->capacity, letting the driver walk off the end of pba_to_lba[] and corrupt heap memory. Reject PBAs that exceed the computed block count and fail the transfer so we avoid touching out-of-ran... • https://git.kernel.org/stable/c/d00a6c04a502cd52425dbf35588732c652b16490 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40343 – nvmet-fc: avoid scheduling association deletion twice
https://notcve.org/view.php?id=CVE-2025-40343
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid scheduling association deletion twice When forcefully shutting down a port via the configfs interface, nvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and then nvmet_disable_port(). Both functions will eventually schedule all remaining associations for deletion. The current implementation checks whether an association is about to be removed, but only after the work item has already been scheduled. As a resul... • https://git.kernel.org/stable/c/a07b4970f464f13640e28e16dad6cfa33647cc99 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40342 – nvme-fc: use lock accessing port_state and rport state
https://notcve.org/view.php?id=CVE-2025-40342
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reconnect logic, because nvme_fc_create_association is not taking a lock to check the port_state and atomically increase the active count on the rport. In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock ... • https://git.kernel.org/stable/c/e399441de9115cd472b8ace6c517708273ca7997 •