CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40127 – hwrng: ks-sa - fix division by zero in ks_sa_rng_init
https://notcve.org/view.php?id=CVE-2025-40127
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in ks_sa_rng_init Fix division by zero in ks_sa_rng_init caused by missing clock pointer initialization. The clk_get_rate() call is performed on an uninitialized clk pointer, resulting in division by zero when calculating delay values. Add clock initialization code before using the clock. drivers/char/hw_random/ks-sa-rng.c | 7 +++++++ 1 file changed, 7 insertions(+) In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/6d01d8511dceb9cd40f72eb102b7d24f0b2e997b •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40126 – sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC
https://notcve.org/view.php?id=CVE-2025-40126
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a couple of bad calculations. This will fix the return value of copy_from_user and copy_to_us... • https://git.kernel.org/stable/c/cb736fdbb208eb3420f1a2eb2bfc024a6e9dcada •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40125 – blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx
https://notcve.org/view.php?id=CVE-2025-40125
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx In __blk_mq_update_nr_hw_queues() the return value of blk_mq_sysfs_register_hctxs() is not checked. If sysfs creation for hctx fails, later changing the number of hw_queues or removing disk will trigger the following warning: kernfs: can not remove 'nr_tags', no directory WARNING: CPU: 2 PID: 637 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0x13f/0x160 Call T... • https://git.kernel.org/stable/c/477e19dedc9d3e1f4443a1d4ae00572a988120ea •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40124 – sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III
https://notcve.org/view.php?id=CVE-2025-40124
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Anthony Yznaga tracked down that a BUG_ON in ext4 code with large folios enabled resulted from copy_from_user() returning impossibly large values greater than the size to be copied. This lead to __copy_from_iter() returning impossible values instead of the actual number of bytes it was able to copy. The BUG_ON has been reported in https://lore.kernel.org/r/b14... • https://git.kernel.org/stable/c/ee841d0aff649164080e445e84885015958d8ff4 •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40123 – bpf: Enforce expected_attach_type for tailcall compatibility
https://notcve.org/view.php?id=CVE-2025-40123
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expected_attach_type for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpf_prog_test_run_xdp() function within the Linux kernel's BPF subsystem. This leads to a NULL pointer dereference when a BPF program attempts to deference the txq member of struct xdp_buff object. The test initializes two programs of BPF_PROG_TYPE_XDP: progA acts as the entry point f... • https://git.kernel.org/stable/c/5e43f899b03a3492ce5fc44e8900becb04dae9c0 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40121 – ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
https://notcve.org/view.php?id=CVE-2025-40121
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver just ignores and leaves as is, which may lead to unepxected results like OOB access. This patch adds the sanity check and corrects the input mapping to the certain default value if an invalid value is passed. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: F... • https://git.kernel.org/stable/c/64484ccee7af53f08cca2ee3853cb8e18914d8b2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40120 – net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock
https://notcve.org/view.php?id=CVE-2025-40120
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM (autosuspend) for AX88772* in bind. usbnet enables runtime PM (autosuspend) by default, so disabling it via the usb_driver flag is ineffective. On AX88772B, autosuspend shows no measurable power saving with current driver (no link partner, admin up/down). The ~0.453 W -> ~0.248 W drop on v6.1 comes from phylib powering the PHY off on admin-down, not fr... • https://git.kernel.org/stable/c/4a2c7217cd5a87e85ceb761e307b030fe6db4805 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-40118 – scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
https://notcve.org/view.php?id=CVE-2025-40118
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 ("scsi: pm80xx: Set phy_attached to zero when device is gone") UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001_sas.c:786:17 index 28 is out of range for type 'pm8001_phy [16]' on rmmod when using an expander. For a direct attached device, attached_phy contains the local phy id. For a device behind an expander, attached_phy contain... • https://git.kernel.org/stable/c/05b512879eab41faa515b67fa3896d0005e97909 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40116 – usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup
https://notcve.org/view.php?id=CVE-2025-40116
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthread_run() function returns error pointers so the max3421_hcd->spi_thread pointer can be either error pointers or NULL. Check for both before dereferencing it. In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthread_run() function returns error pointers so the max3421_hc... • https://git.kernel.org/stable/c/05dfa5c9bc37933181b619e42ec0eeb41ef31362 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40115 – scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()
https://notcve.org/view.php?id=CVE-2025-40115
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() During mpt3sas_transport_port_remove(), messages were logged with dev_printk() against &mpt3sas_port->port->dev. At this point the SAS transport device may already be partially unregistered or freed, leading to a crash when accessing its struct device. Using ioc_info(), which logs via the PCI device (ioc->pdev->dev), guaranteed to remain valid until driver removal. [83428... • https://git.kernel.org/stable/c/f92363d12359498f9a9960511de1a550f0ec41c2 •