CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39829 – trace/fgraph: Fix the warning caused by missing unregister notifier
https://notcve.org/view.php?id=CVE-2025-39829
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftrace_suspend_notifier_call already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:23 notifier_chain_register+0x44/0xb0 ... Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39828 – atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
https://notcve.org/view.php?id=CVE-2025-39828
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). syzbot reported the splat below. [0] When atmtcp_v_open() or atmtcp_v_close() is called via connect() or close(), atmtcp_send_control() is called to send an in-kernel special message. The message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length. Also, a pointer of struct atm_vcc is set to atmtcp_control.vcc. The notable thing is struct atmtcp_control is uAPI but has a space for... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39827 – net: rose: include node references in rose_neigh refcount
https://notcve.org/view.php?id=CVE-2025-39827
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechanisms: the 'count' field in struct rose_neigh tracks references from rose_node structures, while the 'use' field (now refcount_t) tracks references from rose_sock. This patch merges these two reference counting systems using 'use' field for proper reference management. Specifically, this patch adds incrementing and... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39826 – net: rose: convert 'use' field to refcount_t
https://notcve.org/view.php?id=CVE-2025-39826
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: convert 'use' field to refcount_t The 'use' field in struct rose_neigh is used as a reference counter but lacks atomicity. This can lead to race conditions where a rose_neigh structure is freed while still being referenced by other code paths. For example, when rose_neigh->use becomes zero during an ioctl operation via rose_rt_ioctl(), the structure may be removed while its timer is still active, potentially causing use-after-fre... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39817 – efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
https://notcve.org/view.php?id=CVE-2025-39817
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190 __asan_loadN+0x1c/0x28 memcmp+0x98/0xd0 efivarfs_d_compare+0x68/0xd8 __d_lookup_rcu_op_compare+0x178/0x218 __d_lookup_rcu+0x1f8/0x228 d_alloc_parallel+0x150/0x648 lookup_open.isra.0+0x5f0/0x8d0 open_last_lookups+0x264/0x828 path_openat+0x130/0x3... • https://git.kernel.org/stable/c/da27a24383b2b10bf6ebd0db29b325548aafecb4 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39813 – ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
https://notcve.org/view.php?id=CVE-2025-39813
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition. The issue occurs because: CPU0 (ftrace_dump) CPU1 (reader) echo z > /proc/sysrq-trigger !trace_empty(&iter) trace_iterator_reset(&iter) <- len = size = 0 cat /sys/kernel/tracing/trace_pipe trace_find_next_entry_inc(&iter) __f... • https://git.kernel.org/stable/c/d769041f865330034131525ee6a7f72eb4af2a24 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39812 – sctp: initialize more fields in sctp_v6_from_sk()
https://notcve.org/view.php?id=CVE-2025-39812
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctp_v6_from_sk() syzbot found that sin6_scope_id was not properly initialized, leading to undefined behavior. Clear sin6_scope_id and sin6_flowinfo. BUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983 sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390 sctp_get_port_local... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39808 – HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
https://notcve.org/view.php?id=CVE-2025-39808
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() in ntrig_report_version(), hdev parameter passed from hid_probe(). sending descriptor to /dev/uhid can make hdev->dev.parent->parent to null if hdev->dev.parent->parent is null, usb_dev has invalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned when usb_rcvctrlpipe() use usb_dev,it trigger page fault error for address(0xffffffffffffff58) add null check... • https://git.kernel.org/stable/c/0277873c05158c5efc97c23d52e6aec6250bde0f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53302 – wifi: iwl4965: Add missing check for create_singlethread_workqueue()
https://notcve.org/view.php?id=CVE-2023-53302
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwl4965: Add missing check for create_singlethread_workqueue() Add the check for the return value of the create_singlethread_workqueue() in order to avoid NULL pointer dereference. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/b481de9ca074528fe8c429604e2777db8b89806a • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53299 – md/raid10: fix leak of 'r10bio->remaining' for recovery
https://notcve.org/view.php?id=CVE-2023-53299
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix leak of 'r10bio->remaining' for recovery raid10_sync_request() will add 'r10bio->remaining' for both rdev and replacement rdev. However, if the read io fails, recovery_request_write() returns without issuing the write io, in this case, end_sync_request() is only called once and 'remaining' is leaked, cause an io hang. Fix the problem by decreasing 'remaining' according to if 'bio' and 'repl_bio' is valid. This update provides... • https://git.kernel.org/stable/c/24afd80d99f80a79d8824d2805114b8b067e9823 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •