CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40342 – nvme-fc: use lock accessing port_state and rport state
https://notcve.org/view.php?id=CVE-2025-40342
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reconnect logic, because nvme_fc_create_association is not taking a lock to check the port_state and atomically increase the active count on the rport. In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock ... • https://git.kernel.org/stable/c/e399441de9115cd472b8ace6c517708273ca7997 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40341 – futex: Don't leak robust_list pointer on exec race
https://notcve.org/view.php?id=CVE-2025-40341
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_list() use ptrace_may_access() to check if the calling task is allowed to access another task's robust_list pointer. This check is racy against a concurrent exec() in the target process. During exec(), a task may transition from a non-privileged binary to a privileged one (e.g., setuid binary) and its credentials/memory mappings may change. If get... • https://git.kernel.org/stable/c/0771dfefc9e538f077d0b43b6dec19a5a67d0e70 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40339 – drm/amdgpu: fix nullptr err of vm_handle_moved
https://notcve.org/view.php?id=CVE-2025-40339
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL. So, such kind of amdgpu_bo_va should be updated separately before amdgpu_vm_handle_moved. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL. So, such kind of amdgpu_bo_va should be updated se... • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40337 – net: stmmac: Correctly handle Rx checksum offload errors
https://notcve.org/view.php?id=CVE-2025-40337
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously set skb->ip_summed to CHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled and the packet was of a known IP ethertype. However, this logic failed to check if the hardware had actually reported a checksum error. The hardware status, indicating a header or payload checksum failure, was being ignored at this stage. This could cause c... • https://git.kernel.org/stable/c/3c20f72f9108b2fcf30ec63d8a4203736c01ccd0 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40333 – f2fs: fix infinite loop in __insert_extent_tree()
https://notcve.org/view.php?id=CVE-2025-40333
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by return NULL and print some kernel messages in that case. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it w... • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40331 – sctp: Prevent TOCTOU out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-40331
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump() make sure not to exceed bounds in case the address list has grown between buffer allocation (time-of-check) and write (time-of-use). In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock... • https://git.kernel.org/stable/c/8f840e47f190cbe61a96945c13e9551048d42cef •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53865 – btrfs: fix warning when putting transaction with qgroups enabled after abort
https://notcve.org/view.php?id=CVE-2023-53865
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix warning when putting transaction with qgroups enabled after abort If we have a transaction abort with qgroups enabled we get a warning triggered when doing the final put on the transaction, like this: [552.6789] ------------[ cut here ]------------ [552.6815] WARNING: CPU: 4 PID: 81745 at fs/btrfs/transaction.c:144 btrfs_put_transaction+0x123/0x130 [btrfs] [552.6817] Modules linked in: btrfs blake2b_generic xor (...) [552.6819] C... • https://git.kernel.org/stable/c/40ea30638d20c92b44107247415842b72c460459 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53863 – netlink: do not hard code device address lenth in fdb dumps
https://notcve.org/view.php?id=CVE-2023-53863
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address [1] Replace ETH_ALEN by dev->addr_len. [1] (Case of a device where dev->addr_len = 4) BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copyout+0xb8/0x100 lib/iov_iter.c:169 instrument_copy_to_user include/linux/instrumented.h:114 [in... • https://git.kernel.org/stable/c/d83b060360485454fcd6870340ec01d6f96f2295 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53862 – hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
https://notcve.org/view.php?id=CVE-2023-53862
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix missing hfs_bnode_get() in __hfs_bnode_create Syzbot found a kernel BUG in hfs_bnode_put(): kernel BUG at fs/hfs/bnode.c:466! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 3634 Comm: kworker/u4:5 Not tainted 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: writeback wb_workfn (flush-7:0) RIP: 0010:hfs_bnode_put+0x46f/0x480 fs/hf... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53861 – ext4: correct grp validation in ext4_mb_good_group
https://notcve.org/view.php?id=CVE-2023-53861
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: correct grp validation in ext4_mb_good_group Group corruption check will access memory of grp and will trigger kernel crash if grp is NULL. So do NULL check before corruption check. In the Linux kernel, the following vulnerability has been resolved: ext4: correct grp validation in ext4_mb_good_group Group corruption check will access memory of grp and will trigger kernel crash if grp is NULL. So do NULL check before corruption check. ... • https://git.kernel.org/stable/c/100c0ad6c04597fefeaaba2bb1827cc015d95067 •