CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40032 – PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release
https://notcve.org/view.php?id=CVE-2025-40032
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release The fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be NULL even after EPF initialization. Then it is prudent to check that they have non-NULL values before releasing the channels. Add the checks in pci_epf_test_clean_dma_chan(). Without the checks, NULL pointer dereferences happen and they can lead to a kernel panic in some cases: Unable to handle... • https://git.kernel.org/stable/c/5ebf3fc59bd20d17df3ba26159787d13cf20d362 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40030 – pinctrl: check the return value of pinmux_ops::get_function_name()
https://notcve.org/view.php?id=CVE-2025-40030
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmux_ops::get_function_name() While the API contract in docs doesn't specify it explicitly, the generic implementation of the get_function_name() callback from struct pinmux_ops - pinmux_generic_get_function_name() - can fail and return NULL. This is already checked in pinmux_check_ops() so add a similar check in pinmux_func_name_to_selector() instead of passing the returned pointer right down to strcmp(... • https://git.kernel.org/stable/c/f913cfce4ee49a3382a9ff95696f49a46e56e974 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40029 – bus: fsl-mc: Check return value of platform_get_resource()
https://notcve.org/view.php?id=CVE-2025-40029
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check return value of platform_get_resource() platform_get_resource() returns NULL in case of failure, so check its return value and propagate the error in order to prevent NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check return value of platform_get_resource() platform_get_resource() returns NULL in case of failure, so check its return value and propagate the erro... • https://git.kernel.org/stable/c/6305166c8771c33a8d5992fb53f93cfecedc14fd •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-40027 – net/9p: fix double req put in p9_fd_cancelled
https://notcve.org/view.php?id=CVE-2025-40027
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/9p: fix double req put in p9_fd_cancelled Syzkaller reports a KASAN issue as below: general protection fault, probably for non-canonical address 0xfbd59c0000000021: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: maybe wild-memory-access in range [0xdead000000000108-0xdead00000000010f] CPU: 0 PID: 5083 Comm: syz-executor.2 Not tainted 6.1.134-syzkaller-00037-g855bd1d7d838 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 ... • https://git.kernel.org/stable/c/afd8d65411551839b7ab14a539d00075b2793451 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-40026 – KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
https://notcve.org/view.php?id=CVE-2025-40026
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instruction execution, i.e. has already committed to allowing L2 to perform I/O. If L1 (or host userspace) modifies the I/O permission bitmaps during the exit to userspace, KVM will treat the access as being intercepted de... • https://git.kernel.org/stable/c/8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9 •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40025 – f2fs: fix to do sanity check on node footer for non inode dnode
https://notcve.org/view.php?id=CVE-2025-40025
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer for non inode dnode As syzbot reported below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/file.c:1243! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(full) RIP: 0010:f2fs_truncate_hole+0x69e/0x6c0 fs/f2fs/file.c:1243 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40021 – tracing: dynevent: Add a missing lockdown check on dynevent
https://notcve.org/view.php?id=CVE-2025-40021
24 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdown status and reject if it is set. In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it... • https://git.kernel.org/stable/c/17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40020 – can: peak_usb: fix shift-out-of-bounds issue
https://notcve.org/view.php?id=CVE-2025-40020
24 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its shifting is 32 (which is the case for PC CAN FD interfaces supported by this driver). [mkl: update subject, apply manually] In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its shifting is 32 (whic... • https://git.kernel.org/stable/c/bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40019 – crypto: essiv - Check ssize for decryption and in-place encryption
https://notcve.org/view.php?id=CVE-2025-40019
24 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption. Se... • https://git.kernel.org/stable/c/be1eb7f78aa8fbe34779c56c266ccd0364604e71 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40018 – ipvs: Defer ip_vs_ftp unregister during netns cleanup
https://notcve.org/view.php?id=CVE-2025-40018
24 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_modul... • https://git.kernel.org/stable/c/61b1ab4583e275af216c8454b9256de680499b19 •