CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40156 – PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe()
https://notcve.org/view.php?id=CVE-2025-40156
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE_DEFER) which would lead to a error pointer dereference. Use IS_ERR_OR_NULL() to check that the pointer is valid. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to ERR_PTR(-EPROBE... • https://git.kernel.org/stable/c/e09bd5757b5227d6804b30c58d4587f7f87d1afa •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40155 – iommu/vt-d: debugfs: Fix legacy mode page table dump logic
https://notcve.org/view.php?id=CVE-2025-40155
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oops like: Oops: general protection fault, probably for non-canonical address 0xf00087d3f000f000: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 786 Comm: cat Not tainted 6.16.0 #191 PREEMPT(voluntary) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc... • https://git.kernel.org/stable/c/2b437e80456654df3980706384065d444f4bb54d •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40154 – ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
https://notcve.org/view.php?id=CVE-2025-40154
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB access. This patch corrects the input mapping to the certain default value if an invalid value is passed. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid q... • https://git.kernel.org/stable/c/063422ca2a9de238401c3848c1b3641c07b6316c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40153 – mm: hugetlb: avoid soft lockup when mprotect to large memory area
https://notcve.org/view.php?id=CVE-2025-40153
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect() to a large hugetlb memory area in our customer's workload (~300GB hugetlb memory), soft lockup was observed: watchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916] CPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7 Hardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025 pstate: 20400009 (... • https://git.kernel.org/stable/c/8f860591ffb29738cf5539b6fbf27f50dcdeb380 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40150 – f2fs: fix to avoid migrating empty section
https://notcve.org/view.php?id=CVE-2025-40150
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs (dm-64): Inconsistent segment (173822) type [1, 0] in SSA and SIT F2FS-fs (dm-64): Stopped filesystem due to reason: 4 Thread A Thread B - f2fs_expand_inode_data - f2fs_allocate_pinning_section - f2fs_gc_range - do_garbage_collect w/ segno #x - writepage - f2fs_allocate_data_block - new_curseg - allocate segno #x The root cause is: fallocate on pinning ... • https://git.kernel.org/stable/c/9703d69d9d153bb230711d0d577454552aeb13d4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40149 – tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
https://notcve.org/view.php?id=CVE-2025-40149
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). get_netdev_for_sock() is called during setsockopt(), so not under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the only ->ndo_sk_get_lower_dev() user is bond_sk_get_lower_dev(), which uses RCU. In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev... • https://git.kernel.org/stable/c/e8f69799810c32dd40c6724d829eccc70baad07f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40147 – blk-throttle: fix access race during throttle policy activation
https://notcve.org/view.php?id=CVE-2025-40147
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blk_should_throtl() when throttling is consulted before the throttle policy is fully enabled for the queue. Checking only q->td != NULL is insufficient during early initialization, so blkg_to_pd() for the throttle policy can still return NULL and blkg_to_tg() becomes NULL, which later gets dereferenced. Unable t... • https://git.kernel.org/stable/c/a3166c51702bb00b8f8b84022090cbab8f37be1a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40146 – blk-mq: fix potential deadlock while nr_requests grown
https://notcve.org/view.php?id=CVE-2025-40146
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix potential deadlock while nr_requests grown Allocate and free sched_tags while queue is freezed can deadlock[1], this is a long term problem, hence allocate memory before freezing queue and free memory after queue is unfreezed. [1] https://lore.kernel.org/all/0659ea8d-a463-47c8-9180-43c719e106eb@linux.ibm.com/ In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix potential deadlock while nr_requests grow... • https://git.kernel.org/stable/c/e3a2b3f931f59d5284abd13faf8bded726884ffd •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40144 – nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe()
https://notcve.org/view.php?id=CVE-2025-40144
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() devm_kcalloc() may fail. ndtest_probe() allocates three DMA address arrays (dcr_dma, label_dma, dimm_dma) and later unconditionally uses them in ndtest_nvdimm_init(), which can lead to a NULL pointer dereference under low-memory conditions. Check all three allocations and return -ENOMEM if any allocation fails, jumping to the common error path. Do not emit an extra err... • https://git.kernel.org/stable/c/9399ab61ad82154911563dd8635c585e3f24b16a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40141 – Bluetooth: ISO: Fix possible UAF on iso_conn_free
https://notcve.org/view.php?id=CVE-2025-40141
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not set to NULL may lead to UAF on iso_conn_free. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not set to NULL may lead to UAF on iso_conn_free. • https://git.kernel.org/stable/c/ccf74f2390d60a2f9a75ef496d2564abb478f46a •