CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40084 – ksmbd: transport_ipc: validate payload size before reading handle
https://notcve.org/view.php?id=CVE-2025-40084
29 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40083 – net/sched: sch_qfq: Fix null-deref in agg_dequeue
https://notcve.org/view.php?id=CVE-2025-40083
29 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c. To avoid code duplication, the following changes are made: 1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static inline function. 2. Moved qdisc_peek_len from net/sched/sch_... • https://git.kernel.org/stable/c/462dbc9101acd38e92eda93c0726857517a24bbd •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40082 – hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
https://notcve.org/view.php?id=CVE-2025-40082
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace:
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40081 – perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
https://notcve.org/view.php?id=CVE-2025-40081
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB). In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB). Several vulnerabilities have been discovered in the Linux kernel that may lead t... • https://git.kernel.org/stable/c/d5d9696b03808bc6be723cc85288c912c3a05606 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40080 – nbd: restrict sockets to TCP and UDP
https://notcve.org/view.php?id=CVE-2025-40080
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 ("nbd: verify socket is supported during setup") made sure the socket supported a shutdown() method. Explicitely accept TCP and UNIX stream sockets. In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Com... • https://git.kernel.org/stable/c/cf1b2326b734896734c6e167e41766f9cee7686a •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40079 – riscv, bpf: Sign extend struct ops return values properly
https://notcve.org/view.php?id=CVE-2025-40079
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct ops return values properly The ns_bpf_qdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58 Current test_progs pgtable: 4K pagesize, 57-bit VAs, pgdp=0x00000001109cc000 [ffffffffa38dbf58] pgd=000000011fffd801, p4d=000000011fffd401, pud=000000011fffd001, pmd=0000000000000000 Oops [#1] Modules linked in: bpf_testmod(OE) xt_conntrack nls_iso8859_1 [...]... • https://git.kernel.org/stable/c/25ad10658dc1068a671553ff10e19a812c2a3783 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40078 – bpf: Explicitly check accesses to bpf_sock_addr
https://notcve.org/view.php?id=CVE-2025-40078
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which triggers: verifier bug: error during ctx access conversion (0) This is happening because offset 60 in bpf_sock_addr corresponds to an implicit padding of 4 bytes, right after msg_src_ip4. Access to this padding isn't rejected in sock_addr_is_valid_access and it thus later fails... • https://git.kernel.org/stable/c/1cedee13d25ab118d325f95588c1a084e9317229 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40077 – f2fs: fix to avoid overflow while left shift operation
https://notcve.org/view.php?id=CVE-2025-40077
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation. Several security issues were discovered in the Linux kernel. A... • https://git.kernel.org/stable/c/3265d3db1f16395cfc6b8ea9b31b4001d98d05ef •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40075 – tcp_metrics: use dst_dev_net_rcu()
https://notcve.org/view.php?id=CVE-2025-40075
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: use dst_dev_net_rcu() Replace three dst_dev() with a lockdep enabled helper. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40074 – ipv4: start using dst_dev_rcu()
https://notcve.org/view.php?id=CVE-2025-40074
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu(). In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_m... • https://git.kernel.org/stable/c/4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 •