CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39920 – pcmcia: Add error handling for add_interval() in do_validate_mem()
https://notcve.org/view.php?id=CVE-2025-39920
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for add_interval() in do_validate_mem() In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next. This patch adds an error handling for the add_interval(). If add_interval() returns an error, the function will return ear... • https://git.kernel.org/stable/c/7b4884ca8853a638df0eb5d251d80d67777b8b1a •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39916 – mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()
https://notcve.org/view.php?id=CVE-2025-39916
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() When creating a new scheme of DAMON_RECLAIM, the calculation of 'min_age_region' uses 'aggr_interval' as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() Whe... • https://git.kernel.org/stable/c/f5a79d7c0c87c8d88bb5e3f3c898258fdf1b3b05 •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39914 – tracing: Silence warning when chunk allocation fails in trace_pid_write
https://notcve.org/view.php?id=CVE-2025-39914
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Silence warning when chunk allocation fails in trace_pid_write Syzkaller trigger a fault injection warning: WARNING: CPU: 1 PID: 12326 at tracepoint_add_func+0xbfc/0xeb0 Modules linked in: CPU: 1 UID: 0 PID: 12326 Comm: syz.6.10325 Tainted: G U 6.14.0-rc5-syzkaller #0 Tainted: [U]=USER Hardware name: Google Compute Engine/Google Compute Engine RIP: 0010:tracepoint_add_func+0xbfc/0xeb0 kernel/tracepoint.c:294 Code: 09 fe ff 90 0f 0b... • https://git.kernel.org/stable/c/8d6e90983ade25ec7925211ac31d9ccaf64b7edf •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 1CVE-2025-39913 – tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.
https://notcve.org/view.php?id=CVE-2025-39913
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. syzbot reported the splat below. [0] The repro does the following: 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes) 2. Attach the prog to a SOCKMAP 3. Add a socket to the SOCKMAP 4. Activate fault injection 5. • https://packetstorm.news/files/id/210539 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39911 – i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
https://notcve.org/view.php?id=CVE-2025-39911
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration later than the first, the error path wants to free the IRQs requested so far. However, it uses the wrong dev_id argument for free_irq(), so it does not free the IRQs correctly and instead triggers the warning: Trying to free already-free IRQ 173 WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+... • https://git.kernel.org/stable/c/493fb30011b3ab5173cef96f1d1ce126da051792 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39910 – mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()
https://notcve.org/view.php?id=CVE-2025-39910
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc() kasan_populate_vmalloc() and its helpers ignore the caller's gfp_mask and always allocate memory using the hardcoded GFP_KERNEL flag. This makes them inconsistent with vmalloc(), which was recently extended to support GFP_NOFS and GFP_NOIO allocations. Page table allocations performed during shadow population also ignore the external gfp_mask. To preserve the intended semant... • https://git.kernel.org/stable/c/451769ebb7e792c3404db53b3c2a422990de654e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39909 – mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()
https://notcve.org/view.php?id=CVE-2025-39909
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRU_SORT modules perform no validation on user-configured parameters during application, which may lead to division-by-zero errors. Avoid the divide-by-zero by adding validation checks when DAMON modules attempt to apply the parameters. This patch (of 2): Dur... • https://git.kernel.org/stable/c/40e983cca9274e177bd5b9379299b44d9536ac68 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39907 – mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
https://notcve.org/view.php?id=CVE-2025-39907
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Avoid below overlapping mappings by using a contiguous non-cacheable buffer. [ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST, overlapping mappings aren't supported [ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300 [ 4.097071] Modules linked in: [ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tain... • https://git.kernel.org/stable/c/2cd457f328c100bc98e36d55fe210e9ab067c704 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39905 – net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
https://notcve.org/view.php?id=CVE-2025-39905
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which modify pl->phydev by relying on pl->state_mutex. The problem is that in phylink_resolve(), pl->state_mutex is in a lock inversion state with pl->phydev->lock. So pl->phydev->lock needs to be acquired prior to pl->state_mutex. But that re... • https://git.kernel.org/stable/c/56fe63b05ec84ae6674269d78397cec43a7a295a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39902 – mm/slub: avoid accessing metadata when pointer is invalid in object_err()
https://notcve.org/view.php?id=CVE-2025-39902
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since it does not point to a valid object. One known path to the crash is when alloc_consistency_checks() determines the pointer to the allocated object is invalid beca... • https://git.kernel.org/stable/c/81819f0fc8285a2a5a921c019e3e3d7b6169d225 •