CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40165 – media: nxp: imx8-isi: m2m: Fix streaming cleanup on release
https://notcve.org/view.php?id=CVE-2025-40165
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usage_count will never reach zero and the ISI channel won't be freed. Besides from that, if the input line width is more than 2K, it will trigger a WARN_ON(): [ 59.222120] ------------[ cut here ]------------ [ 59.226758] WARNING: drivers/media/platform/nxp/imx8-isi/i... • https://git.kernel.org/stable/c/cf21f328fcafacf4f96e7a30ef9dceede1076378 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40164 – usbnet: Fix using smp_processor_id() in preemptible code warnings
https://notcve.org/view.php?id=CVE-2025-40164
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879 caller is usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331 CPU: 1 UID: 0 PID: 2879 Comm: dhcpcd Not tainted 6.15.0-rc4-syzkaller-00098-g615dca38c2ea #0 PREEMPT(voluntary) Call Trace:
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40160 – xen/events: Return -EEXIST for bound VIRQs
https://notcve.org/view.php?id=CVE-2025-40160
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially ... • https://git.kernel.org/stable/c/612ef6056855c0aacb9b25d1d853c435754483f7 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40158 – ipv6: use RCU in ip6_output()
https://notcve.org/view.php?id=CVE-2025-40158
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2(). In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2... • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40157 – EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
https://notcve.org/view.php?id=CVE-2025-40157
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nm_edac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:16 shift exponent -66 is negative ... __ubsan_handle_shift_out_of_bounds+0x1e3/0x390 skx_get_dimm_info.cold+0x47/0xd40 [skx_edac_common] i10nm_get_dimm_config+0x23e/0x390 [i10nm_edac] skx_register_mci+0x159/0x... • https://git.kernel.org/stable/c/ba987eaaabf99b462cdfed86274e3455d5126349 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40156 – PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe()
https://notcve.org/view.php?id=CVE-2025-40156
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE_DEFER) which would lead to a error pointer dereference. Use IS_ERR_OR_NULL() to check that the pointer is valid. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE... • https://git.kernel.org/stable/c/e09bd5757b5227d6804b30c58d4587f7f87d1afa •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40155 – iommu/vt-d: debugfs: Fix legacy mode page table dump logic
https://notcve.org/view.php?id=CVE-2025-40155
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oops like: Oops: general protection fault, probably for non-canonical address 0xf00087d3f000f000: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 786 Comm: cat Not tainted 6.16.0 #191 PREEMPT(voluntary) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc... • https://git.kernel.org/stable/c/2b437e80456654df3980706384065d444f4bb54d •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40154 – ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
https://notcve.org/view.php?id=CVE-2025-40154
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB access. This patch corrects the input mapping to the certain default value if an invalid value is passed. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid q... • https://git.kernel.org/stable/c/063422ca2a9de238401c3848c1b3641c07b6316c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40153 – mm: hugetlb: avoid soft lockup when mprotect to large memory area
https://notcve.org/view.php?id=CVE-2025-40153
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect() to a large hugetlb memory area in our customer's workload (~300GB hugetlb memory), soft lockup was observed: watchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916] CPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7 Hardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025 pstate: 20400009 (... • https://git.kernel.org/stable/c/8f860591ffb29738cf5539b6fbf27f50dcdeb380 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40150 – f2fs: fix to avoid migrating empty section
https://notcve.org/view.php?id=CVE-2025-40150
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs (dm-64): Inconsistent segment (173822) type [1, 0] in SSA and SIT F2FS-fs (dm-64): Stopped filesystem due to reason: 4 Thread A Thread B - f2fs_expand_inode_data - f2fs_allocate_pinning_section - f2fs_gc_range - do_garbage_collect w/ segno #x - writepage - f2fs_allocate_data_block - new_curseg - allocate segno #x The root cause is: fallocate on pinning ... • https://git.kernel.org/stable/c/9703d69d9d153bb230711d0d577454552aeb13d4 •