CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40162 – ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails
https://notcve.org/view.php?id=CVE-2025-40162
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails devm_kasprintf() may return NULL on memory allocation failure, but the debug message prints cpus->dai_name before checking it. Move the dev_dbg() call after the NULL check to prevent potential NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails devm_kasprintf() may retu... • https://git.kernel.org/stable/c/cb8ea62e6402067ba092d4c1d66a9440513a572b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40161 – mailbox: zynqmp-ipi: Fix SGI cleanup on unbind
https://notcve.org/view.php?id=CVE-2025-40161
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fix SGI cleanup on unbind The driver incorrectly determines SGI vs SPI interrupts by checking IRQ number < 16, which fails with dynamic IRQ allocation. During unbind, this causes improper SGI cleanup leading to kernel crash. Add explicit irq_type field to pdata for reliable identification of SGI interrupts (type-2) and only clean up SGI resources when appropriate. In the Linux kernel, the following vulnerability has bee... • https://git.kernel.org/stable/c/6ffb1635341bec50fa9540ae7827d1e5d75ae0b0 •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40160 – xen/events: Return -EEXIST for bound VIRQs
https://notcve.org/view.php?id=CVE-2025-40160
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially ... • https://git.kernel.org/stable/c/612ef6056855c0aacb9b25d1d853c435754483f7 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40159 – xsk: Harden userspace-supplied xdp_desc validation
https://notcve.org/view.php?id=CVE-2025-40159
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdp_desc validation Turned out certain clearly invalid values passed in xdp_desc from userspace can pass xp_{,un}aligned_validate_desc() and then lead to UBs or just invalid frames to be queued for xmit. desc->len close to ``U32_MAX`` with a non-zero pool->tx_metadata_len can cause positive integer overflow and wraparound, the same way low enough desc->addr with a non-zero pool->tx_metadata_len can cause negat... • https://git.kernel.org/stable/c/341ac980eab90ac1f6c22ee9f9da83ed9604d899 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40158 – ipv6: use RCU in ip6_output()
https://notcve.org/view.php?id=CVE-2025-40158
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2(). In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2... • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40157 – EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
https://notcve.org/view.php?id=CVE-2025-40157
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nm_edac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:16 shift exponent -66 is negative ... __ubsan_handle_shift_out_of_bounds+0x1e3/0x390 skx_get_dimm_info.cold+0x47/0xd40 [skx_edac_common] i10nm_get_dimm_config+0x23e/0x390 [i10nm_edac] skx_register_mci+0x159/0x... • https://git.kernel.org/stable/c/ba987eaaabf99b462cdfed86274e3455d5126349 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40156 – PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe()
https://notcve.org/view.php?id=CVE-2025-40156
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE_DEFER) which would lead to a error pointer dereference. Use IS_ERR_OR_NULL() to check that the pointer is valid. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE... • https://git.kernel.org/stable/c/e09bd5757b5227d6804b30c58d4587f7f87d1afa •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40155 – iommu/vt-d: debugfs: Fix legacy mode page table dump logic
https://notcve.org/view.php?id=CVE-2025-40155
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oops like: Oops: general protection fault, probably for non-canonical address 0xf00087d3f000f000: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 786 Comm: cat Not tainted 6.16.0 #191 PREEMPT(voluntary) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc... • https://git.kernel.org/stable/c/2b437e80456654df3980706384065d444f4bb54d •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40154 – ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
https://notcve.org/view.php?id=CVE-2025-40154
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB access. This patch corrects the input mapping to the certain default value if an invalid value is passed. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid q... • https://git.kernel.org/stable/c/063422ca2a9de238401c3848c1b3641c07b6316c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40153 – mm: hugetlb: avoid soft lockup when mprotect to large memory area
https://notcve.org/view.php?id=CVE-2025-40153
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect() to a large hugetlb memory area in our customer's workload (~300GB hugetlb memory), soft lockup was observed: watchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916] CPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7 Hardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025 pstate: 20400009 (... • https://git.kernel.org/stable/c/8f860591ffb29738cf5539b6fbf27f50dcdeb380 •