CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50234 – io_uring/af_unix: defer registered files gc to io_uring release
https://notcve.org/view.php?id=CVE-2022-50234
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: defer registered files gc to io_uring release Instead of putting io_uring's registered files in unix_gc() we want it to be done by io_uring itself. The trick here is to consider io_uring registered files for cycle detection but not actually putting them down. Because io_uring can't register other ring instances, this will remove all refs to the ring file triggering the ->release path and clean up with io_ring_ctx_free(). [... • https://git.kernel.org/stable/c/6b06314c47e141031be043539900d80d2c7ba10f •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39801 – usb: dwc3: Remove WARN_ON for device endpoint command timeouts
https://notcve.org/view.php?id=CVE-2025-39801
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'panic_on_warn' is enabled and unnecessary call trace prints when 'panic_on_warn' is disabled. It is seen during fast software-controlled connect/disconnect testcases. The following is one such endpoint command timeout that we observed: 1. Connect ======= ->dwc3_thread_int... • https://git.kernel.org/stable/c/dfe40159eec6ca63b40133bfa783eee2e3ed829f •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39800 – btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
https://notcve.org/view.php?id=CVE-2025-39800
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() If we find an unexpected generation for the extent buffer we are cloning at btrfs_copy_root(), we just WARN_ON() and don't error out and abort the transaction, meaning we allow to persist metadata with an unexpected generation. Instead of warning only, abort the transaction and return -EUCLEAN. In the Linux kernel, the following vulnerability has been resolved: btrfs:... • https://git.kernel.org/stable/c/4290e34fb87ae556b12c216efd0ae91583446b7a •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39798 – NFS: Fix the setting of capabilities when automounting a new filesystem
https://notcve.org/view.php?id=CVE-2025-39798
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaults, and then probed for again. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be re... • https://git.kernel.org/stable/c/54ceac4515986030c2502960be620198dd8fe25b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39797 – xfrm: Duplicate SPI Handling
https://notcve.org/view.php?id=CVE-2025-39797
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers the kernel function xfrm_alloc_spi(). This function is expected to ensure uniqueness of the Security Parameter Index (SPI) for inbound Security Associations (SAs). However, it can return success even when the requested SPI is already in use, leading to duplicate SPIs assigned to multiple inbound SAs, differentiate... • https://git.kernel.org/stable/c/3d8090bb53424432fa788fe9a49e8ceca74f0544 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39795 – block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
https://notcve.org/view.php?id=CVE-2025-39795
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size value. However, by finding the chunk_sectors value in bytes, we may overflow the unsigned int which holds chunk_sectors, so change the check to be based on sectors. In the Linux kernel, the following vulnerability has been resolved: block: avoid possible over... • https://git.kernel.org/stable/c/418751910044649baa2b424ea31cce3fc4dcc253 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39794 – ARM: tegra: Use I/O memcpy to write to IRAM
https://notcve.org/view.php?id=CVE-2025-39794
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service ... • https://git.kernel.org/stable/c/b28c1a14accc79ead1e87bbdae53309da60be1e7 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39790 – bus: mhi: host: Detect events pointing to unexpected TREs
https://notcve.org/view.php?id=CVE-2025-39790
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a pointer to the consumed TRE. The host uses this pointer to process all of the TREs between it and the host's local copy of the ring's read pointer. This works when processing completion for chained transactions, but can lead to nasty results if the device sends an event for a single-element transaction with a re... • https://git.kernel.org/stable/c/1d3173a3bae7039b765a0956e3e4bf846dbaacb8 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39789 – crypto: x86/aegis - Add missing error checks
https://notcve.org/view.php?id=CVE-2025-39789
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. • https://git.kernel.org/stable/c/1d373d4e8e15b358f08de52956b32e0e38a11f84 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39788 – scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
https://notcve.org/view.php?id=CVE-2025-39788
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32, and in this case the driver ends up programming the UTRL_NEXUS_TYPE incorrectly as 0. This is because the left hand side of the shift is 1, which is of type int, i.e. 31 bits wide. Shifting by more than that width results in undefined behaviour. Fix this by switching to the BIT() macro, which applies correct typ... • https://git.kernel.org/stable/c/55f4b1f73631a0817717fe6e98517de51b4c3527 •