CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40168 – smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
https://notcve.org/view.php?id=CVE-2025-40168
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the returned value of smc_clc_prfx_match() is not used in the caller. In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_... • https://git.kernel.org/stable/c/a046d57da19f812216f393e7c535f5858f793ac3 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40167 – ext4: detect invalid INLINE_DATA + EXTENTS flag combination
https://notcve.org/view.php?id=CVE-2025-40167
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an inode with both the INLINE_DATA and EXTENTS flags set: EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15: comm syz.0.17: corrupted extent tree: lblk 0 < prev 66 Investigation revealed that the i... • https://git.kernel.org/stable/c/4954d297c91d292630ab43ba4d195dc371ce65d3 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40165 – media: nxp: imx8-isi: m2m: Fix streaming cleanup on release
https://notcve.org/view.php?id=CVE-2025-40165
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usage_count will never reach zero and the ISI channel won't be freed. Besides from that, if the input line width is more than 2K, it will trigger a WARN_ON(): [ 59.222120] ------------[ cut here ]------------ [ 59.226758] WARNING: drivers/media/platform/nxp/imx8-isi/i... • https://git.kernel.org/stable/c/cf21f328fcafacf4f96e7a30ef9dceede1076378 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40164 – usbnet: Fix using smp_processor_id() in preemptible code warnings
https://notcve.org/view.php?id=CVE-2025-40164
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879 caller is usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331 CPU: 1 UID: 0 PID: 2879 Comm: dhcpcd Not tainted 6.15.0-rc4-syzkaller-00098-g615dca38c2ea #0 PREEMPT(voluntary) Call Trace:
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40160 – xen/events: Return -EEXIST for bound VIRQs
https://notcve.org/view.php?id=CVE-2025-40160
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially ... • https://git.kernel.org/stable/c/612ef6056855c0aacb9b25d1d853c435754483f7 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40158 – ipv6: use RCU in ip6_output()
https://notcve.org/view.php?id=CVE-2025-40158
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2(). In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2... • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40157 – EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
https://notcve.org/view.php?id=CVE-2025-40157
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nm_edac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:16 shift exponent -66 is negative ... __ubsan_handle_shift_out_of_bounds+0x1e3/0x390 skx_get_dimm_info.cold+0x47/0xd40 [skx_edac_common] i10nm_get_dimm_config+0x23e/0x390 [i10nm_edac] skx_register_mci+0x159/0x... • https://git.kernel.org/stable/c/ba987eaaabf99b462cdfed86274e3455d5126349 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40156 – PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe()
https://notcve.org/view.php?id=CVE-2025-40156
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE_DEFER) which would lead to a error pointer dereference. Use IS_ERR_OR_NULL() to check that the pointer is valid. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE... • https://git.kernel.org/stable/c/e09bd5757b5227d6804b30c58d4587f7f87d1afa •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40154 – ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
https://notcve.org/view.php?id=CVE-2025-40154
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB access. This patch corrects the input mapping to the certain default value if an invalid value is passed. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid q... • https://git.kernel.org/stable/c/063422ca2a9de238401c3848c1b3641c07b6316c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40153 – mm: hugetlb: avoid soft lockup when mprotect to large memory area
https://notcve.org/view.php?id=CVE-2025-40153
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect() to a large hugetlb memory area in our customer's workload (~300GB hugetlb memory), soft lockup was observed: watchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916] CPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7 Hardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025 pstate: 20400009 (... • https://git.kernel.org/stable/c/8f860591ffb29738cf5539b6fbf27f50dcdeb380 •