CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40314 – usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget
https://notcve.org/view.php?id=CVE-2025-40314
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget In the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions, the gadget structure (pdev->gadget) was freed before its endpoints. The endpoints are linked via the ep_list in the gadget structure. Freeing the gadget first leaves dangling pointers in the endpoint list. When the endpoints are subsequently freed, this results in a use-after-free. Fix: By ... • https://git.kernel.org/stable/c/8bc1901ca7b07d864fca11461b3875b31f949765 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40312 – jfs: Verify inode mode when loading from disk
https://notcve.org/view.php?id=CVE-2025-40312
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 ("isofs: Verify inode mode when loading from disk") does. In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 ("isofs: Verify inode mode when loading from... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40311 – accel/habanalabs: support mapping cb with vmalloc-backed coherent memory
https://notcve.org/view.php?id=CVE-2025-40311
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: support mapping cb with vmalloc-backed coherent memory When IOMMU is enabled, dma_alloc_coherent() with GFP_USER may return addresses from the vmalloc range. If such an address is mapped without VM_MIXEDMAP, vm_insert_page() will trigger a BUG_ON due to the VM_PFNMAP restriction. Fix this by checking for vmalloc addresses and setting VM_MIXEDMAP in the VMA before mapping. This ensures safe mapping and avoids kernel crashes... • https://git.kernel.org/stable/c/ac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40308 – Bluetooth: bcsp: receive data only if registered
https://notcve.org/view.php?id=CVE-2025-40308
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsp_recv() can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590 Call Trace:
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40307 – exfat: validate cluster allocation bits of the allocation bitmap
https://notcve.org/view.php?id=CVE-2025-40307
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: validate cluster allocation bits of the allocation bitmap syzbot created an exfat image with cluster bits not set for the allocation bitmap. exfat-fs reads and uses the allocation bitmap without checking this. The problem is that if the start cluster of the allocation bitmap is 6, cluster 6 can be allocated when creating a directory with mkdir. exfat zeros out this cluster in exfat_mkdir, which can delete existing entries. This can r... • https://git.kernel.org/stable/c/1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40306 – orangefs: fix xattr related buffer overflow...
https://notcve.org/view.php?id=CVE-2025-40306
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40304 – fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
https://notcve.org/view.php?id=CVE-2025-40304
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip image height to screen boundary. Break from the rendering loop if the X position is off-screen. When clipping image width to fit the screen, update the character count to match the clipped width to prevent buffer siz... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40303 – btrfs: ensure no dirty metadata is written back for an fs with errors
https://notcve.org/view.php?id=CVE-2025-40303
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure no dirty metadata is written back for an fs with errors [BUG] During development of a minor feature (make sure all btrfs_bio::end_io() is called in task context), I noticed a crash in generic/388, where metadata writes triggered new works after btrfs_stop_all_workers(). It turns out that it can even happen without any code modification, just using RAID5 for metadata and the same workload from generic/388 is going to trigger th... • https://git.kernel.org/stable/c/13e6c37b989859e70b0d73d3f2cb0aa022159b17 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40289 – drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
https://notcve.org/view.php?id=CVE-2025-40289
06 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40288 – drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
https://notcve.org/view.php?id=CVE-2025-40288
06 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root cause is not that the `struct ttm_resource_manager *man` pointer itself is NULL, but that `man->bdev` (the backing device pointer within the manager) remains uninitialized (NULL) on APUs—since APUs lack dedicate... • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •