CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40060 – coresight: trbe: Return NULL pointer for allocation failures
https://notcve.org/view.php?id=CVE-2025-40060
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etm_setup_aux() only checks for a NULL pointer, so it misses the error. As a result, the driver continues and eventually causes a kernel panic. Fix this by returning a NULL pointer from arm_trbe_alloc_buffer() on allocation failures. This allows that the callers can ... • https://git.kernel.org/stable/c/3fbf7f011f2426dac8c982f1d2ef469a7959a524 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40059 – coresight: Fix incorrect handling for return value of devm_kzalloc
https://notcve.org/view.php?id=CVE-2025-40059
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: Fix incorrect handling for return value of devm_kzalloc The return value of devm_kzalloc could be an null pointer, use "!desc.pdata" to fix incorrect handling return value of devm_kzalloc. In the Linux kernel, the following vulnerability has been resolved: coresight: Fix incorrect handling for return value of devm_kzalloc The return value of devm_kzalloc could be an null pointer, use "!desc.pdata" to fix incorrect handling return... • https://git.kernel.org/stable/c/4277f035d227e829133df284be7e35b7236a5b0f •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40058 – iommu/vt-d: Disallow dirty tracking if incoherent page walk
https://notcve.org/view.php?id=CVE-2025-40058
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- structure memory must be coherent between the IOMMU and the CPU. In another word, if the iommu page walk is incoherent, dirty page tracking doesn't work. The Intel VT-d specification, Section 3.10 "Snoop Behavior" states: "Remapping har... • https://git.kernel.org/stable/c/f35f22cc760eb2c7034bf53251399685d611e03f •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40057 – ptp: Add a upper bound on max_vclocks
https://notcve.org/view.php?id=CVE-2025-40057
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ptp: Add a upper bound on max_vclocks syzbot reported WARNING in max_vclocks_store. This occurs when the argument max is too large for kcalloc to handle. Extend the guard to guard against values that are too large for kcalloc In the Linux kernel, the following vulnerability has been resolved: ptp: Add a upper bound on max_vclocks syzbot reported WARNING in max_vclocks_store. This occurs when the argument max is too large for kcalloc to hand... • https://git.kernel.org/stable/c/73f37068d540eba5f93ba3a0019bf479d35ebd76 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40056 – vhost: vringh: Fix copy_to_iter return value check
https://notcve.org/view.php?id=CVE-2025-40056
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copy_to_iter return value check The return value of copy_to_iter can't be negative, check whether the copied length is equal to the requested length instead of checking for negative values. In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copy_to_iter return value check The return value of copy_to_iter can't be negative, check whether the copied length is equal to the requested length... • https://git.kernel.org/stable/c/309bba39c945ac8ab8083ac05cd6cfe5822968e0 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40055 – ocfs2: fix double free in user_cluster_connect()
https://notcve.org/view.php?id=CVE-2025-40055
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in user_cluster_connect() user_cluster_disconnect() frees "conn->cc_private" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL on this path to avoid a double free. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in user_cluster_connect() user_cluster_disconnect() frees "conn->cc_private" which is "lc" but then the error handling frees "lc" a... • https://git.kernel.org/stable/c/c994c2ebdbbc391a42f177c8eb7882ebf3f142d8 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40054 – f2fs: fix UAF issue in f2fs_merge_page_bio()
https://notcve.org/view.php?id=CVE-2025-40054
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF issue in f2fs_merge_page_bio() As JY reported in bugzilla [1], Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98 lr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4 CPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5 Tainted: [P]=PROPRIETARY_... • https://git.kernel.org/stable/c/0b20fcec8651569935a10afe03fedc0b812d044e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40053 – net: dlink: handle copy_thresh allocation failure
https://notcve.org/view.php?id=CVE-2025-40053
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copy_thresh allocation failure The driver did not handle failure of `netdev_alloc_skb_ip_align()`. If the allocation failed, dereferencing `skb->protocol` could lead to a NULL pointer dereference. This patch tries to allocate `skb`. If the allocation fails, it falls back to the normal path. Tested-on: D-Link DGE-550T Rev-A3 In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copy_thresh ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40052 – smb: client: fix crypto buffers in non-linear memory
https://notcve.org/view.php?id=CVE-2025-40052
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifs_sg_set_buf() helper that converts vmalloc'd memory to their corresponding pages. However, when we allocate our aead_request buffer (@creq in smb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly puts aead_request->__ctx in vmalloc area. AEAD algorithm the... • https://git.kernel.org/stable/c/d08089f649a0cfb2099c8551ac47eef0cc23fdf2 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40051 – vhost: vringh: Modify the return value check
https://notcve.org/view.php?id=CVE-2025-40051
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modify the return value check The return value of copy_from_iter and copy_to_iter can't be negative, check whether the copied lengths are equal. In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modify the return value check The return value of copy_from_iter and copy_to_iter can't be negative, check whether the copied lengths are equal. These are all security issues fixed in the kernel-devel-... • https://git.kernel.org/stable/c/309bba39c945ac8ab8083ac05cd6cfe5822968e0 •