CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39747 – drm/msm: Add error handling for krealloc in metadata setup
https://notcve.org/view.php?id=CVE-2025-39747
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krealloc in metadata setup Function msm_ioctl_gem_info_set_metadata() now checks for krealloc failure and returns -ENOMEM, avoiding potential NULL pointer dereference. Explicitly avoids __GFP_NOFAIL due to deadlock risks and allocation constraints. Patchwork: https://patchwork.freedesktop.org/patch/661235/ In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krea... • https://git.kernel.org/stable/c/0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39746 – wifi: ath10k: shutdown driver when hardware is unreliable
https://notcve.org/view.php?id=CVE-2025-39746
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: shutdown driver when hardware is unreliable In rare cases, ath10k may lose connection with the PCIe bus due to some unknown reasons, which could further lead to system crashes during resuming due to watchdog timeout: ath10k_pci 0000:01:00.0: wmi command 20486 timeout, restarting hardware ath10k_pci 0000:01:00.0: already restarting ath10k_pci 0000:01:00.0: failed to stop WMI vdev 0: -11 ath10k_pci 0000:01:00.0: failed to stop v... • https://git.kernel.org/stable/c/5e3dd157d7e70f0e3cea3f2573ed69fb156a19d5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39745 – rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels
https://notcve.org/view.php?id=CVE-2025-39745
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels For built with CONFIG_PREEMPT_RT=y kernels, running rcutorture tests resulted in the following splat: [ 68.797425] rcutorture_one_extend_check during change: Current 0x1 To add 0x1 To remove 0x0 preempt_count() 0x0 [ 68.797533] WARNING: CPU: 2 PID: 512 at kernel/rcu/rcutorture.c:1993 rcutorture_one_extend_check+0x419/0x560 [rcutorture] [ 68.797601] Call Trace: [ 68.797602]
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39744 – rcu: Fix rcu_read_unlock() deadloop due to IRQ work
https://notcve.org/view.php?id=CVE-2025-39744
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcu_read_unlock() deadloop due to IRQ work During rcu_read_unlock_special(), if this happens during irq_exit(), we can lockup if an IPI is issued. This is because the IPI itself triggers the irq_exit() path causing a recursive lock up. This is precisely what Xiongfeng found when invoking a BPF program on the trace_tick_stop() tracepoint As shown in the trace below. Fix by managing the irq_work state correctly. irq_exit() __irq_exit... • https://git.kernel.org/stable/c/e7a375453cca2b8a0d2fa1b82b913f3fed7c0507 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39743 – jfs: truncate good inode pages when hard link is 0
https://notcve.org/view.php?id=CVE-2025-39743
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGR_RESERVED_I. When executing evict, its hard link number is 0, so its inode pages are not truncated. This causes the bugon to be triggered when executing clear_inode() because nrpages is greater than 0. In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is... • https://git.kernel.org/stable/c/89fff8e3d6710fc32507b8e19eb5afa9fb79b896 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39742 – RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
https://notcve.org/view.php?id=CVE-2025-39742
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error. Fix it by moving the check prior to division. This also helps to save one indentation level. In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find... • https://git.kernel.org/stable/c/9bba1a9994c523b44db64f63b564b4719ea2b7ef •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39738 – btrfs: do not allow relocation of partially dropped subvolumes
https://notcve.org/view.php?id=CVE-2025-39738
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not allow relocation of partially dropped subvolumes [BUG] There is an internal report that balance triggered transaction abort, with the following call trace: item 85 key (594509824 169 0) itemoff 12599 itemsize 33 extent refs 1 gen 197740 flags 2 ref#0: tree block backref root 7 item 86 key (594558976 169 0) itemoff 12566 itemsize 33 extent refs 1 gen 197522 flags 2 ref#0: tree block backref root 7 ... BTRFS error (device loop0)... • https://git.kernel.org/stable/c/fa086b1398cf7e5f7dee7241bd5f2855cb5df8dc •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39737 – mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
https://notcve.org/view.php?id=CVE-2025-39737
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() A soft lockup warning was observed on a relative small system x86-64 system with 16 GB of memory when running a debug kernel with kmemleak enabled. watchdog: BUG: soft lockup - CPU#8 stuck for 33s! [kworker/8:1:134] The test system was running a workload with hot unplug happening in parallel. Then kemleak decided to disable itself due to its inability to allocate more kmemleak object... • https://git.kernel.org/stable/c/9f1f4e95031f84867c5821540466d62f88dab8ca •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39736 – mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
https://notcve.org/view.php?id=CVE-2025-39736
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. This occurs because pr_warn_once() may trigger netpoll, which eventually leads to __alloc_skb() and back into kmemleak code, attempting to reacquire kmemleak_lock. This is the path for the deadlock. mem_p... • https://git.kernel.org/stable/c/c5665868183fec689dbab9fb8505188b2c4f0757 •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2025-40300 – x86/vmscape: Add conditional IBPB mitigation
https://notcve.org/view.php?id=CVE-2025-40300
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB ... • https://git.kernel.org/stable/c/ac60717f9a8d21c58617d0b34274babf24135835 •