CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39687 – iio: light: as73211: Ensure buffer holes are zeroed
https://notcve.org/view.php?id=CVE-2025-39687
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it. In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it. • https://git.kernel.org/stable/c/403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39686 – comedi: Make insn_rw_emulate_bits() do insn->n samples
https://notcve.org/view.php?id=CVE-2025-39686
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: Make insn_rw_emulate_bits() do insn->n samples The `insn_rw_emulate_bits()` function is used as a default handler for `INSN_READ` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default handler for `INSN_WRITE` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the `INSN_READ` or `INSN_WRITE` instruction h... • https://git.kernel.org/stable/c/ed9eccbe8970f6eedc1b978c157caf1251a896d4 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39685 – comedi: pcl726: Prevent invalid irq number
https://notcve.org/view.php?id=CVE-2025-39685
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent invalid irq number The reproducer passed in an irq number(0x80008000) that was too large, which triggered the oob. Added an interrupt number check to prevent users from passing in an irq number that was too large. If `it->options[1]` is 31, then `1 << it->options[1]` is still invalid because it shifts a 1-bit into the sign bit (which is UB in C). Possible solutions include reducing the upper bound on the `it->options... • https://git.kernel.org/stable/c/fff46207245cd9e39c05b638afaee2478e64914b •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39684 – comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
https://notcve.org/view.php?id=CVE-2025-39684
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel buffer is allocated to hold `insn->n` samples (each of which is an `unsigned int`). For some instruction types, `insn->n` samples are copied back to user-space, unless an error code is being returned. The problem is that not all the instruction handlers that need to return data to userspace... • https://git.kernel.org/stable/c/ed9eccbe8970f6eedc1b978c157caf1251a896d4 •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2025-39683 – tracing: Limit access to parser->buffer when trace_get_user failed
https://notcve.org/view.php?id=CVE-2025-39683
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165 CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x34/0x... • https://git.kernel.org/stable/c/634684d79733124f7470b226b0f42aada4426b07 •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39682 – tls: fix handling of zero-length records on the rx_list
https://notcve.org/view.php?id=CVE-2025-39682
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type than what has already been processed we break out of the main processing loop. If the record has already been decrypted (which may be the case for TLS 1.3 where we don't know type until decryption) we queue the pending record to the rx_... • https://git.kernel.org/stable/c/84c61fe1a75b4255df1e1e7c054c9e6d048da417 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39681 – x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
https://notcve.org/view.php?id=CVE-2025-39681
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code. This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon... • https://git.kernel.org/stable/c/923f3a2b48bdccb6a1d1f0dd48de03de7ad936d9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39679 – drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().
https://notcve.org/view.php?id=CVE-2025-39679
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). When the nvif_vmm_type is invalid, we will return error directly without freeing the args in nvif_vmm_ctor(), which leading a memory leak. Fix it by setting the ret -EINVAL and goto done. In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). When the nvif_vmm_type is invalid, we will return error dire... • https://git.kernel.org/stable/c/6b252cf42281045a9f803d2198023500cfa6ebd2 •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39677 – net/sched: Fix backlog accounting in qdisc_dequeue_internal
https://notcve.org/view.php?id=CVE-2025-39677
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdisc_dequeue_internal This issue applies for the following qdiscs: hhf, fq, fq_codel, and fq_pie, and occurs in their change handlers when adjusting to the new limit. The problem is the following in the values passed to the subsequent qdisc_tree_reduce_backlog call given a tbf parent: When the tbf parent runs out of tokens, skbs of these qdiscs will be placed in gso_skb. Their peek handlers are qdisc_pe... • https://git.kernel.org/stable/c/4b549a2ef4bef9965d97cbd992ba67930cd3e0fe •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39676 – scsi: qla4xxx: Prevent a potential error pointer dereference
https://notcve.org/view.php?id=CVE-2025-39676
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Propagating the error pointers will lead to an Oops in the caller, so change the error pointers to NULL. In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() fu... • https://git.kernel.org/stable/c/13483730a13bef372894aefcf73760f5c6c297be •