CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40079 – riscv, bpf: Sign extend struct ops return values properly
https://notcve.org/view.php?id=CVE-2025-40079
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct ops return values properly The ns_bpf_qdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58 Current test_progs pgtable: 4K pagesize, 57-bit VAs, pgdp=0x00000001109cc000 [ffffffffa38dbf58] pgd=000000011fffd801, p4d=000000011fffd401, pud=000000011fffd001, pmd=0000000000000000 Oops [#1] Modules linked in: bpf_testmod(OE) xt_conntrack nls_iso8859_1 [...]... • https://git.kernel.org/stable/c/25ad10658dc1068a671553ff10e19a812c2a3783 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40078 – bpf: Explicitly check accesses to bpf_sock_addr
https://notcve.org/view.php?id=CVE-2025-40078
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which triggers: verifier bug: error during ctx access conversion (0) This is happening because offset 60 in bpf_sock_addr corresponds to an implicit padding of 4 bytes, right after msg_src_ip4. Access to this padding isn't rejected in sock_addr_is_valid_access and it thus later fails... • https://git.kernel.org/stable/c/1cedee13d25ab118d325f95588c1a084e9317229 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40077 – f2fs: fix to avoid overflow while left shift operation
https://notcve.org/view.php?id=CVE-2025-40077
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation. These are all security issues fixed in the kernel-devel-6.17.7... • https://git.kernel.org/stable/c/3265d3db1f16395cfc6b8ea9b31b4001d98d05ef •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40075 – tcp_metrics: use dst_dev_net_rcu()
https://notcve.org/view.php?id=CVE-2025-40075
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: use dst_dev_net_rcu() Replace three dst_dev() with a lockdep enabled helper. These are all security issues fixed in the kernel-devel-6.17.7-1.1 package on the GA media of openSUSE Tumbleweed. • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40074 – ipv4: start using dst_dev_rcu()
https://notcve.org/view.php?id=CVE-2025-40074
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu(). In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_m... • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40071 – tty: n_gsm: Don't block input queue by waiting MSC
https://notcve.org/view.php?id=CVE-2025-40071
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Don't block input queue by waiting MSC Currently gsm_queue() processes incoming frames and when opening a DLC channel it calls gsm_dlci_open() which calls gsm_modem_update(). If basic mode is used it calls gsm_modem_upd_via_msc() and it cannot block the input queue by waiting the response to come into the same input queue. Instead allow sending Modem Status Command without waiting for remote end to respond. Define a new function... • https://git.kernel.org/stable/c/48473802506d2d6151f59e0e764932b33b53cb3b •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-40070 – pps: fix warning in pps_register_cdev when register device fail
https://notcve.org/view.php?id=CVE-2025-40070
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in pps_register_cdev when register device fail Similar to previous commit 2a934fdb01db ("media: v4l2-dev: fix error handling in __video_register_device()"), the release hook should be set before device_register(). Otherwise, when device_register() return error and put_device() try to callback the release function, the below warning may happen. ------------[ cut here ]------------ WARNING: CPU: 1 PID: 4760 at drivers/base/co... • https://git.kernel.org/stable/c/785c78ed0d39d1717cca3ef931d3e51337b5e90e •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40068 – fs: ntfs3: Fix integer overflow in run_unpack()
https://notcve.org/view.php?id=CVE-2025-40068
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in run_unpack() The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths showed that the values of the runlist array, from which LCNs are calculated, are not validated before run_unpack function. The run_unpack function decodes the compressed runlist data format from MFT attributes (f... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40067 – fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist
https://notcve.org/view.php?id=CVE-2025-40067
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. During a rename() operation involving a long filename (which spans multiple index entries), the empty bitmap allo... • https://git.kernel.org/stable/c/b35a50d639ca5259466ef5fea85529bb4fb17d5b •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40065 – RISC-V: KVM: Write hgatp register with valid mode bits
https://notcve.org/view.php?id=CVE-2025-40065
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Write hgatp register with valid mode bits According to the RISC-V Privileged Architecture Spec, when MODE=Bare is selected,software must write zero to the remaining fields of hgatp. We have detected the valid mode supported by the HW before, So using a valid mode to detect how many vmid bits are supported. In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Write hgatp register with valid mode bits ... • https://git.kernel.org/stable/c/fd7bb4a251dfc1da3496bf59a4793937c13e8c1f •