CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53151 – md/raid10: prevent soft lockup while flush writes
https://notcve.org/view.php?id=CVE-2023-53151
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup while flush writes Currently, there is no limit for raid1/raid10 plugged bio. While flushing writes, raid1 has cond_resched() while raid10 doesn't, and too many writes can cause soft lockup. Follow up soft lockup can be triggered easily with writeback test for raid10 with ramdisks: watchdog: BUG: soft lockup - CPU#10 stuck for 27s! [md0_raid10:1293] Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53150 – scsi: qla2xxx: Pointer may be dereferenced
https://notcve.org/view.php?id=CVE-2023-53150
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport() may be NULL and will be dereferenced. Add a fix to validate rport before dereferencing. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport() may be NULL and will be de... • https://git.kernel.org/stable/c/005961bd8f066fe931104f67c34ebfcc7f240099 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53148 – igb: Fix igb_down hung on surprise removal
https://notcve.org/view.php?id=CVE-2023-53148
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: Fix igb_down hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet and a display through USB Type-C, users may experience a hung task timeout when they remove the cable between the PC and the Thunderbolt hub. This is because the igb_down function is called multiple times when the Thunderbolt hub is unplugged. For example, the igb_io_error_detected triggers the first call, and the igb_remove triggers the secon... • https://git.kernel.org/stable/c/c2312e1d12b1c3ee4100c173131b102e2aed4d04 • CWE-1341: Multiple Releases of Same Resource or Handle •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39801 – usb: dwc3: Remove WARN_ON for device endpoint command timeouts
https://notcve.org/view.php?id=CVE-2025-39801
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'panic_on_warn' is enabled and unnecessary call trace prints when 'panic_on_warn' is disabled. It is seen during fast software-controlled connect/disconnect testcases. The following is one such endpoint command timeout that we observed: 1. Connect ======= ->dwc3_thread_int... • https://git.kernel.org/stable/c/dfe40159eec6ca63b40133bfa783eee2e3ed829f •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39800 – btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
https://notcve.org/view.php?id=CVE-2025-39800
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() If we find an unexpected generation for the extent buffer we are cloning at btrfs_copy_root(), we just WARN_ON() and don't error out and abort the transaction, meaning we allow to persist metadata with an unexpected generation. Instead of warning only, abort the transaction and return -EUCLEAN. In the Linux kernel, the following vulnerability has been resolved: btrfs:... • https://git.kernel.org/stable/c/4290e34fb87ae556b12c216efd0ae91583446b7a •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39797 – xfrm: Duplicate SPI Handling
https://notcve.org/view.php?id=CVE-2025-39797
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers the kernel function xfrm_alloc_spi(). This function is expected to ensure uniqueness of the Security Parameter Index (SPI) for inbound Security Associations (SAs). However, it can return success even when the requested SPI is already in use, leading to duplicate SPIs assigned to multiple inbound SAs, differentiate... • https://git.kernel.org/stable/c/3d8090bb53424432fa788fe9a49e8ceca74f0544 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39795 – block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
https://notcve.org/view.php?id=CVE-2025-39795
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size value. However, by finding the chunk_sectors value in bytes, we may overflow the unsigned int which holds chunk_sectors, so change the check to be based on sectors. In the Linux kernel, the following vulnerability has been resolved: block: avoid possible over... • https://git.kernel.org/stable/c/418751910044649baa2b424ea31cce3fc4dcc253 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39794 – ARM: tegra: Use I/O memcpy to write to IRAM
https://notcve.org/view.php?id=CVE-2025-39794
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient bra... • https://git.kernel.org/stable/c/b28c1a14accc79ead1e87bbdae53309da60be1e7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39782 – jbd2: prevent softlockup in jbd2_log_do_checkpoint()
https://notcve.org/view.php?id=CVE-2025-39782
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2_log_do_checkpoint() Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() periodically release j_list_lock after processing a batch of buffers to avoid long hold times on the j_list_lock. However, since both functions contend for j_list_lock, the combined time spent waiting and processing can be significant. jbd2_journal_shrink_checkpoint_list() explicitly calls cond_resched() when need_res... • https://git.kernel.org/stable/c/f683d611518d30334813eecf9a8c687453e2800e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39781 – parisc: Drop WARN_ON_ONCE() from flush_cache_vmap
https://notcve.org/view.php?id=CVE-2025-39781
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Drop WARN_ON_ONCE() from flush_cache_vmap I have observed warning to occassionally trigger. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.48-1. • https://git.kernel.org/stable/c/69cf90e5aa50fe3cb0c1a63cabc4761db44b0035 •