CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40096 – drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies
https://notcve.org/view.php?id=CVE-2025-40096
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure, so in the latter case the dma_fence_put() on the error path (xarray failed to expand) is a double free. In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sche... • https://git.kernel.org/stable/c/963d0b3569354230f6e2c36a286ef270a8901878 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40095 – usb: gadget: f_rndis: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40095
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. ... • https://git.kernel.org/stable/c/45fe3b8e5342cd1ce307099459c74011d8e01986 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40094 – usb: gadget: f_acm: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40094
30 Oct 2025 — Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec gs_free_req+0x30/0x44 acm_bind+0x1b8/0x1f4 usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_a... • https://git.kernel.org/stable/c/1f1ba11b64947051fc32aa15fcccef6463b433f7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40093 – usb: gadget: f_ecm: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40093
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. ... • https://git.kernel.org/stable/c/da741b8c56d612b5dd26ffa31341911a5fea23ee •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40092 – usb: gadget: f_ncm: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40092
30 Oct 2025 — Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec ncm_bind+0x39c/0x3dc usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_add+0x268/0x48c usb_add... • https://git.kernel.org/stable/c/9f6ce4240a2bf456402c15c06768059e5973f28c •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40091 – ixgbe: fix too early devlink_free() in ixgbe_remove()
https://notcve.org/view.php?id=CVE-2025-40091
30 Oct 2025 — Call trace: show_stack+0x30/0x90 (C) dump_stack_lvl+0x9c/0xd0 print_address_description.constprop.0+0x90/0x310 print_report+0x104/0x1f0 kasan_report+0x88/0x180 __asan_report_load8_noabort+0x20/0x30 ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe] ixgbe_clear_interrupt_scheme+0xf8/0x130 [ixgbe] ixgbe_remove+0x2d0/0x8c0 [ixgbe] pci_device_remove+0xa0/0x220 device_remove+0xb8/0x170 device_release_driver_internal+0x318/0x490 device_driver_detach+0x40/0x68 unbind_store+0xec/0x118 drv_attr_store+0x64/0xb8 sys... • https://git.kernel.org/stable/c/a0285236ab93fdfdd1008afaa04561d142d6c276 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40090 – ksmbd: fix recursive locking in RPC handle list access
https://notcve.org/view.php?id=CVE-2025-40090
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 ("ksmbd: Fix race condition in RPC handle list access"), ksmbd_session_rpc_method() attempts to lock sess->rpc_lock. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 ("ksmbd: Fix race condition in RPC handle list access"), ksmbd_session_rpc_method... • https://git.kernel.org/stable/c/5cc679ba0f4505936124cd4179ba66bb0a4bd9f3 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40089 – cxl/features: Add check for no entries in cxl_feature_info
https://notcve.org/view.php?id=CVE-2025-40089
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be passed in as NULL. In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features s... • https://git.kernel.org/stable/c/eb5dfcb9e36d0e46089fec777d911313c1876fa3 •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40088 – hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
https://notcve.org/view.php?id=CVE-2025-40088
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() The hfsplus_strcasecmp() logic can trigger the issue: [ 117.317703][ T9855] ================================================================== [ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490 [ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855 [ 117.319577][ T9855] [ 117.319773][ T9855] CPU: 0 UID: 0 PID: 98... • https://git.kernel.org/stable/c/603158d4efa98a13a746bd586c20f194f4a31ec8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40087 – NFSD: Define a proc_layoutcommit for the FlexFiles layout type
https://notcve.org/view.php?id=CVE-2025-40087
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. • https://git.kernel.org/stable/c/9b9960a0ca4773e21c4b153ed355583946346b25 •