CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68174 – amd/amdkfd: enhance kfd process check in switch partition
https://notcve.org/view.php?id=CVE-2025-68174
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfd_processes_table is empty. kfd_prcesses_table entry is deleted in kfd_process_notifier_release, but kfd_process tear down is in kfd_process_wq_release. consider two processes: Process A (workqueue) -> kfd_process_wq_release -> Access kfd_node member Process B switch partition -> amdgpu_xcp_pre_partition_switch -> amdgpu_amdkfd_device_fini_sw ... • https://git.kernel.org/stable/c/536d80f660ec12058e461f4db387ea42bee9250d •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68173 – ftrace: Fix softlockup in ftrace_module_enable
https://notcve.org/view.php?id=CVE-2025-68173
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftrace_module_enable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsyms_lookup can spend too much time in RCU critical section and with disabled preemption, causing kernel panic. This is the same issue that was fixed in commit d0b24b4e91fc ("ftrace: Prevent RCU stall on PREEMPT_VOLUNTARY kernels") and commit 42ea22e754ba ("ftrace: Add cond_... • https://git.kernel.org/stable/c/a1dd0abd741a8111260676da729825d6c1461a71 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68168 – jfs: fix uninitialized waitqueue in transaction manager
https://notcve.org/view.php?id=CVE-2025-68168
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit() was not properly initializing TxBlock[0].waitor waitqueue, causing a crash when txEnd(0) is called on read-only filesystems. When a filesystem is mounted read-only, txBegin() returns tid=0 to indicate no transaction. However, txEnd(0) still gets called and tries to access TxBlock[0].waitor via tid_to_tblock(0), but this waitqueue was n... • https://git.kernel.org/stable/c/d6af7fce2e162ac68e85d3a11eb6ac8c35b24b64 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40363 – net: ipv6: fix field-spanning memcpy warning in AH output
https://notcve.org/view.php?id=CVE-2025-40363
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6_output() and ah6_output_done() where extension headers are copied to/from IPv6 address fields, triggering fortify-string warnings about writes beyond the 16-byte address fields. memcpy: detected field-spanning write (size 40) of single field "&top_iph->saddr" at net/ipv6/ah6.c:439 (size 16) WARNING: CPU: 0 PID: 8838 at net/ipv6/ah6.c:439 ah6_... • https://git.kernel.org/stable/c/2da805a61ef5272a2773775ce14c3650adb84248 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40362 – ceph: fix multifs mds auth caps issue
https://notcve.org/view.php?id=CVE-2025-40362
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph cluster. The bug causes multiple issues w.r.t user authentication, following is one such example. Steps to Reproduce (on vstart cluster): 1. Create two file systems in a cluster, say 'fsname1' and 'fsname2' 2. Autho... • https://git.kernel.org/stable/c/07640d34a781bb2e39020a39137073c03c4aa932 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40361 – fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
https://notcve.org/view.php?id=CVE-2025-40361
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock The parent function ext4_xattr_inode_lookup_create already uses GFP_NOFS for memory alloction, so the function ext4_xattr_inode_cache_find should use same gfp_flag. • https://git.kernel.org/stable/c/5e6b27f4e68682aa3db9f83ca04adef89903159b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40354 – drm/amd/display: increase max link count and fix link->enc NULL pointer access
https://notcve.org/view.php?id=CVE-2025-40354
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 12 to 14. 2.) hw_init() access null LINK_ENC for dpia non display_endpoint. (cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45) • https://git.kernel.org/stable/c/f28092be4e12b7df9e4f415d25bf0d767bc2d9ed •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40353 – arm64: mte: Do not warn if the page is already tagged in copy_highpage()
https://notcve.org/view.php?id=CVE-2025-40353
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copy_highpage() The arm64 copy_highpage() assumes that the destination page is newly allocated and not MTE-tagged (PG_mte_tagged unset) and warns accordingly. However, following commit 060913999d7a ("mm: migrate: support poisoned recover from migrate folio"), folio_mc_copy() is called before __folio_migrate_mapping(). If the latter fails (-EAGAIN), the copy will be done again to the s... • https://git.kernel.org/stable/c/5ff5765a1fc526f07d3bbaedb061d970eb13bcf4 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40351 – hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
https://notcve.org/view.php?id=CVE-2025-40351
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() The syzbot reported issue in hfsplus_delete_cat(): [ 70.682285][ T9333] ===================================================== [ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220 [ 70.683640][ T9333] hfsplus_subfolders_dec+0x1d7/0x220 [ 70.684141][ T9333] hfsplus_delete_cat+0x105d/0x12b0 [ 70.684621][ T9333] hfsplus_rmdir+0x13d/0x310 [ 70.685048][ T... • https://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40349 – hfs: validate record offset in hfsplus_bmap_alloc
https://notcve.org/view.php?id=CVE-2025-40349
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: validate record offset in hfsplus_bmap_alloc hfsplus_bmap_alloc can trigger a crash if a record offset or length is larger than node_size [ 15.264282] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_alloc+0x887/0x8b0 [ 15.265192] Read of size 8 at addr ffff8881085ca188 by task test/183 [ 15.265949] [ 15.266163] CPU: 0 UID: 0 PID: 183 Comm: test Not tainted 6.17.0-rc2-gc17b750b3ad9 #14 PREEMPT(voluntary) [ 15.266165] Hardware name: QEMU ... • https://git.kernel.org/stable/c/f7d9f600c7c3ff5dab36181a388af55f2c95604c •