CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39707 – drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
https://notcve.org/view.php?id=CVE-2025-39707
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities HUBBUB structure is not initialized on DCE hardware, so check if it is NULL to avoid null dereference while accessing amdgpu_dm_capabilities file in debugfs. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities HUBBUB structure is not initialized on DCE hardware, so check if it is NULL to... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39706 – drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
https://notcve.org/view.php?id=CVE-2025-39706
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior to kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but kfd_process_destroy_wq calls kfd_debugfs_remove_process. This line debugfs_remove_recursive(entry->proc... • https://git.kernel.org/stable/c/fc35c955da799ba62f6f977d58e0866d0251e3f8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39705 – drm/amd/display: fix a Null pointer dereference vulnerability
https://notcve.org/view.php?id=CVE-2025-39705
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability [Why] A null pointer dereference vulnerability exists in the AMD display driver's (DC module) cleanup function dc_destruct(). When display control context (dc->ctx) construction fails (due to memory allocation failure), this pointer remains NULL. During subsequent error handling when dc_destruct() is called, there's no NULL check before dereferencing the perf_trace member (dc->ct... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39703 – net, hsr: reject HSR frame if skb can't hold tag
https://notcve.org/view.php?id=CVE-2025-39703
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash (kernel BUG): [ 45.390915] skbuff: skb_under_panic: text:ffffffff86f32cac len:26 put:14 head:ffff888042418000 data:ffff888042417ff4 tail:0xe end:0x180 dev:bridge_slave_1 [ 45.392559] ------------[ cut here ]------------ [ 45.392912] kernel BUG at net/core/skbuff.c:211! [ 45.393276] Oops: invalid opcod... • https://git.kernel.org/stable/c/f6442ee08fe66c8e45c4f246531a2aaf4f17a7a7 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39702 – ipv6: sr: Fix MAC comparison to be constant-time
https://notcve.org/view.php?id=CVE-2025-39702
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. • https://git.kernel.org/stable/c/bf355b8d2c30a289232042cacc1cfaea4923936c •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39701 – ACPI: pfr_update: Fix the driver update version check
https://notcve.org/view.php?id=CVE-2025-39701
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-version-number check should be used rather than the runtime version check for driver updates. Otherwise, the firmware update would fail when the update binary had a lower runtime version number than the current one. [ rjw: Changelog edits ] In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-v... • https://git.kernel.org/stable/c/0db89fa243e5edc5de38c88b369e4c3755c5fb74 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39697 – NFS: Fix a race when updating an existing write
https://notcve.org/view.php?id=CVE-2025-39697
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head. So in order to avoid races, let's take the page group lock earlier in n... • https://git.kernel.org/stable/c/bd37d6fce184836bd5e7cd90ce40116a4fadaf2a •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39694 – s390/sclp: Fix SCCB present check
https://notcve.org/view.php?id=CVE-2025-39694
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtual address translation. If the kernel identity mapping does not start at address zero, the resulting virtual address is never zero, so that the NULL checks won't work. Subsequently this may result in incorrect accesses to the first pa... • https://git.kernel.org/stable/c/ada1da31ce34248bc97ca8f801f2cf6efa378a81 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39693 – drm/amd/display: Avoid a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2025-39693
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid a NULL pointer dereference [WHY] Although unlikely drm_atomic_get_new_connector_state() or drm_atomic_get_old_connector_state() can return NULL. [HOW] Check returns before dereference. (cherry picked from commit 1e5e8d672fec9f2ab352be121be971877bff2af9) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid a NULL pointer dereference [WHY] Although unlikely drm_atomic_get_new_connec... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39692 – smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
https://notcve.org/view.php?id=CVE-2025-39692
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() We can't call destroy_workqueue(smb_direct_wq); before stop_sessions()! Otherwise already existing connections try to use smb_direct_wq as a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() We can't call destroy_workqueue(smb_direct_wq); before stop_sessions()!... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •