CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40165 – media: nxp: imx8-isi: m2m: Fix streaming cleanup on release
https://notcve.org/view.php?id=CVE-2025-40165
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usage_count will never reach zero and the ISI channel won't be freed. Besides from that, if the input line width is more than 2K, it will trigger a WARN_ON(): [ 59.222120] ------------[ cut here ]------------ [ 59.226758] WARNING: drivers/media/platform/nxp/imx8-isi/i... • https://git.kernel.org/stable/c/cf21f328fcafacf4f96e7a30ef9dceede1076378 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40164 – usbnet: Fix using smp_processor_id() in preemptible code warnings
https://notcve.org/view.php?id=CVE-2025-40164
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879 caller is usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331 CPU: 1 UID: 0 PID: 2879 Comm: dhcpcd Not tainted 6.15.0-rc4-syzkaller-00098-g615dca38c2ea #0 PREEMPT(voluntary) Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40162 – ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails
https://notcve.org/view.php?id=CVE-2025-40162
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails devm_kasprintf() may return NULL on memory allocation failure, but the debug message prints cpus->dai_name before checking it. Move the dev_dbg() call after the NULL check to prevent potential NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails devm_kasprintf() may retu... • https://git.kernel.org/stable/c/cb8ea62e6402067ba092d4c1d66a9440513a572b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40161 – mailbox: zynqmp-ipi: Fix SGI cleanup on unbind
https://notcve.org/view.php?id=CVE-2025-40161
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fix SGI cleanup on unbind The driver incorrectly determines SGI vs SPI interrupts by checking IRQ number < 16, which fails with dynamic IRQ allocation. During unbind, this causes improper SGI cleanup leading to kernel crash. Add explicit irq_type field to pdata for reliable identification of SGI interrupts (type-2) and only clean up SGI resources when appropriate. In the Linux kernel, the following vulnerability has bee... • https://git.kernel.org/stable/c/6ffb1635341bec50fa9540ae7827d1e5d75ae0b0 •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40160 – xen/events: Return -EEXIST for bound VIRQs
https://notcve.org/view.php?id=CVE-2025-40160
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially ... • https://git.kernel.org/stable/c/612ef6056855c0aacb9b25d1d853c435754483f7 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40159 – xsk: Harden userspace-supplied xdp_desc validation
https://notcve.org/view.php?id=CVE-2025-40159
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdp_desc validation Turned out certain clearly invalid values passed in xdp_desc from userspace can pass xp_{,un}aligned_validate_desc() and then lead to UBs or just invalid frames to be queued for xmit. desc->len close to ``U32_MAX`` with a non-zero pool->tx_metadata_len can cause positive integer overflow and wraparound, the same way low enough desc->addr with a non-zero pool->tx_metadata_len can cause negat... • https://git.kernel.org/stable/c/341ac980eab90ac1f6c22ee9f9da83ed9604d899 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40158 – ipv6: use RCU in ip6_output()
https://notcve.org/view.php?id=CVE-2025-40158
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2(). In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2... • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40157 – EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
https://notcve.org/view.php?id=CVE-2025-40157
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nm_edac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:16 shift exponent -66 is negative ... __ubsan_handle_shift_out_of_bounds+0x1e3/0x390 skx_get_dimm_info.cold+0x47/0xd40 [skx_edac_common] i10nm_get_dimm_config+0x23e/0x390 [i10nm_edac] skx_register_mci+0x159/0x... • https://git.kernel.org/stable/c/ba987eaaabf99b462cdfed86274e3455d5126349 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40156 – PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe()
https://notcve.org/view.php?id=CVE-2025-40156
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE_DEFER) which would lead to a error pointer dereference. Use IS_ERR_OR_NULL() to check that the pointer is valid. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE... • https://git.kernel.org/stable/c/e09bd5757b5227d6804b30c58d4587f7f87d1afa •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40155 – iommu/vt-d: debugfs: Fix legacy mode page table dump logic
https://notcve.org/view.php?id=CVE-2025-40155
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oops like: Oops: general protection fault, probably for non-canonical address 0xf00087d3f000f000: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 786 Comm: cat Not tainted 6.16.0 #191 PREEMPT(voluntary) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc... • https://git.kernel.org/stable/c/2b437e80456654df3980706384065d444f4bb54d •