CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40137 – f2fs: fix to truncate first page in error path of f2fs_truncate()
https://notcve.org/view.php?id=CVE-2025-40137
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fs_truncate() syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs (loop0): Wrong SSA boundary, start(3584) end(4096) blocks(3072) F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): f2fs_convert_inline_folio: corrupted inline inode ino=3, i_addr[0]:0x1601, run fsck to fix. ------------[ c... • https://git.kernel.org/stable/c/92dffd01790a5219d234fc83c3ba854f4490b7f4 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40135 – ipv6: use RCU in ip6_xmit()
https://notcve.org/view.php?id=CVE-2025-40135
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF. In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF. • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40134 – dm: fix NULL pointer dereference in __dm_suspend()
https://notcve.org/view.php?id=CVE-2025-40134
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG: kernel NULL pointer dereference, address: 0000000000000054 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 6 PID: 6798 Comm: dmsetup Not tainted 6.6.0-g7e52f5f0ca9b #62 Hardware name: QEMU Standard PC (i440FX + PIIX, 19... • https://git.kernel.org/stable/c/c4576aed8d85d808cd6443bda58393d525207d01 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40127 – hwrng: ks-sa - fix division by zero in ks_sa_rng_init
https://notcve.org/view.php?id=CVE-2025-40127
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in ks_sa_rng_init Fix division by zero in ks_sa_rng_init caused by missing clock pointer initialization. The clk_get_rate() call is performed on an uninitialized clk pointer, resulting in division by zero when calculating delay values. Add clock initialization code before using the clock. drivers/char/hw_random/ks-sa-rng.c | 7 +++++++ 1 file changed, 7 insertions(+) In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/6d01d8511dceb9cd40f72eb102b7d24f0b2e997b •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40126 – sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC
https://notcve.org/view.php?id=CVE-2025-40126
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a couple of bad calculations. This will fix the return value of copy_from_user and copy_to_us... • https://git.kernel.org/stable/c/cb736fdbb208eb3420f1a2eb2bfc024a6e9dcada •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40125 – blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx
https://notcve.org/view.php?id=CVE-2025-40125
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx In __blk_mq_update_nr_hw_queues() the return value of blk_mq_sysfs_register_hctxs() is not checked. If sysfs creation for hctx fails, later changing the number of hw_queues or removing disk will trigger the following warning: kernfs: can not remove 'nr_tags', no directory WARNING: CPU: 2 PID: 637 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0x13f/0x160 Call T... • https://git.kernel.org/stable/c/477e19dedc9d3e1f4443a1d4ae00572a988120ea •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40124 – sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III
https://notcve.org/view.php?id=CVE-2025-40124
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Anthony Yznaga tracked down that a BUG_ON in ext4 code with large folios enabled resulted from copy_from_user() returning impossibly large values greater than the size to be copied. This lead to __copy_from_iter() returning impossible values instead of the actual number of bytes it was able to copy. The BUG_ON has been reported in https://lore.kernel.org/r/b14... • https://git.kernel.org/stable/c/ee841d0aff649164080e445e84885015958d8ff4 •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40123 – bpf: Enforce expected_attach_type for tailcall compatibility
https://notcve.org/view.php?id=CVE-2025-40123
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expected_attach_type for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpf_prog_test_run_xdp() function within the Linux kernel's BPF subsystem. This leads to a NULL pointer dereference when a BPF program attempts to deference the txq member of struct xdp_buff object. The test initializes two programs of BPF_PROG_TYPE_XDP: progA acts as the entry point f... • https://git.kernel.org/stable/c/5e43f899b03a3492ce5fc44e8900becb04dae9c0 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40121 – ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
https://notcve.org/view.php?id=CVE-2025-40121
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver just ignores and leaves as is, which may lead to unepxected results like OOB access. This patch adds the sanity check and corrects the input mapping to the certain default value if an invalid value is passed. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: F... • https://git.kernel.org/stable/c/64484ccee7af53f08cca2ee3853cb8e18914d8b2 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-40118 – scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
https://notcve.org/view.php?id=CVE-2025-40118
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 ("scsi: pm80xx: Set phy_attached to zero when device is gone") UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001_sas.c:786:17 index 28 is out of range for type 'pm8001_phy [16]' on rmmod when using an expander. For a direct attached device, attached_phy contains the local phy id. For a device behind an expander, attached_phy contain... • https://git.kernel.org/stable/c/05b512879eab41faa515b67fa3896d0005e97909 •