CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40083 – net/sched: sch_qfq: Fix null-deref in agg_dequeue
https://notcve.org/view.php?id=CVE-2025-40083
29 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c. To avoid code duplication, the following changes are made: 1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static inline function. 2. Moved qdisc_peek_len from net/sched/sch_... • https://git.kernel.org/stable/c/71d84658a61322e5630c85c5388fc25e4a2d08b2 •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40082 – hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
https://notcve.org/view.php?id=CVE-2025-40082
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace:
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40081 – perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
https://notcve.org/view.php?id=CVE-2025-40081
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB). In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB). Several vulnerabilities have been discovered in the Linux kernel that may lead t... • https://git.kernel.org/stable/c/d5d9696b03808bc6be723cc85288c912c3a05606 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40080 – nbd: restrict sockets to TCP and UDP
https://notcve.org/view.php?id=CVE-2025-40080
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 ("nbd: verify socket is supported during setup") made sure the socket supported a shutdown() method. Explicitely accept TCP and UNIX stream sockets. In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Com... • https://git.kernel.org/stable/c/cf1b2326b734896734c6e167e41766f9cee7686a •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40079 – riscv, bpf: Sign extend struct ops return values properly
https://notcve.org/view.php?id=CVE-2025-40079
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct ops return values properly The ns_bpf_qdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58 Current test_progs pgtable: 4K pagesize, 57-bit VAs, pgdp=0x00000001109cc000 [ffffffffa38dbf58] pgd=000000011fffd801, p4d=000000011fffd401, pud=000000011fffd001, pmd=0000000000000000 Oops [#1] Modules linked in: bpf_testmod(OE) xt_conntrack nls_iso8859_1 [...]... • https://git.kernel.org/stable/c/25ad10658dc1068a671553ff10e19a812c2a3783 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40078 – bpf: Explicitly check accesses to bpf_sock_addr
https://notcve.org/view.php?id=CVE-2025-40078
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which triggers: verifier bug: error during ctx access conversion (0) This is happening because offset 60 in bpf_sock_addr corresponds to an implicit padding of 4 bytes, right after msg_src_ip4. Access to this padding isn't rejected in sock_addr_is_valid_access and it thus later fails... • https://git.kernel.org/stable/c/1cedee13d25ab118d325f95588c1a084e9317229 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40077 – f2fs: fix to avoid overflow while left shift operation
https://notcve.org/view.php?id=CVE-2025-40077
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation. These are all security issues fixed in the kernel-devel-6.17.7... • https://git.kernel.org/stable/c/3265d3db1f16395cfc6b8ea9b31b4001d98d05ef •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40075 – tcp_metrics: use dst_dev_net_rcu()
https://notcve.org/view.php?id=CVE-2025-40075
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: use dst_dev_net_rcu() Replace three dst_dev() with a lockdep enabled helper. These are all security issues fixed in the kernel-devel-6.17.7-1.1 package on the GA media of openSUSE Tumbleweed. • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40074 – ipv4: start using dst_dev_rcu()
https://notcve.org/view.php?id=CVE-2025-40074
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu(). In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_m... • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40071 – tty: n_gsm: Don't block input queue by waiting MSC
https://notcve.org/view.php?id=CVE-2025-40071
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Don't block input queue by waiting MSC Currently gsm_queue() processes incoming frames and when opening a DLC channel it calls gsm_dlci_open() which calls gsm_modem_update(). If basic mode is used it calls gsm_modem_upd_via_msc() and it cannot block the input queue by waiting the response to come into the same input queue. Instead allow sending Modem Status Command without waiting for remote end to respond. Define a new function... • https://git.kernel.org/stable/c/48473802506d2d6151f59e0e764932b33b53cb3b •