CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40113 – remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E
https://notcve.org/view.php?id=CVE-2025-40113
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E The ADSP firmware on X1E has separate firmware binaries for the main firmware and the DTB. The same applies for the "lite" firmware loaded by the boot firmware. When preparing to load the new ADSP firmware we shutdown the lite_pas_id for the main firmware, but we don't shutdown the corresponding lite pas_id for the DTB. The fact that we're leaving it "running" forever becomes obvious if y... • https://git.kernel.org/stable/c/62210f7509e13a2caa7b080722a45229b8f17a0a •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-40112 – sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara
https://notcve.org/view.php?id=CVE-2025-40112
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a couple of bad calculations and a broken epilogue in the exception handlers. This will prevent ... • https://git.kernel.org/stable/c/7ae3aaf53f1695877ccd5ebbc49ea65991e41f1e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40111 – drm/vmwgfx: Fix Use-after-free in validation
https://notcve.org/view.php?id=CVE-2025-40111
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmw_execbuf_process. All nodes are expected to be cleared in vmw_validation_drop_ht but this node escaped because its resource was destroyed prematurely. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the v... • https://git.kernel.org/stable/c/64ad2abfe9a628ce79859d072704bd1ef7682044 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40110 – drm/vmwgfx: Fix a null-ptr access in the cursor snooper
https://notcve.org/view.php?id=CVE-2025-40110
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmw_cmd_res_check allows explicit invalid (SVGA3D_INVALID_ID) identifiers because some svga commands accept SVGA3D_INVALID_ID to mean "no surface", unfortunately functions that accept the actual surfaces as objects might (and in case of the cursor snooper, do not) be able to ha... • https://git.kernel.org/stable/c/c0951b797e7d0f2c6b0df2c0e18185c72d0cf1a1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40109 – crypto: rng - Ensure set_ent is always present
https://notcve.org/view.php?id=CVE-2025-40109
09 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure set_ent is always present Ensure that set_ent is always set since only drbg provides it. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.158-1. • https://git.kernel.org/stable/c/77ebdabe8de7c02f43c6de3357f79ff96f9f0579 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40107 – can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
https://notcve.org/view.php?id=CVE-2025-40107
03 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up"). In the `hi311x` driver, when the device resumes from sleep, the driver schedules `priv->restart_work`. However, if the network interface was not previously enabled, the... • https://git.kernel.org/stable/c/d1fc4c041459e2d4856c1b2501486ba4f0cbf96b •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40106 – comedi: fix divide-by-zero in comedi_buf_munge()
https://notcve.org/view.php?id=CVE-2025-40106
31 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if chanlist_len is zero. If a user program submits a command with chanlist_len set to zero, this causes a divide-by-zero error when the device processes data in the interrupt handler path. Add a check for zero chanlist_len at the beginning of the function, similar ... • https://git.kernel.org/stable/c/4ffea48c69cb2b96a281cb7e5e42d706996631db •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40105 – vfs: Don't leak disconnected dentries on umount
https://notcve.org/view.php?id=CVE-2025-40105
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail ... • https://git.kernel.org/stable/c/f1ee616214cb22410e939d963bbb2349c2570f02 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40104 – ixgbevf: fix mailbox API compatibility by negotiating supported features
https://notcve.org/view.php?id=CVE-2025-40104
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily negotiate mailbox API. This convention has been broken since introducing API 1.4. Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support for IPSec which is specific only for the kernel ixgbe driver. ... • https://git.kernel.org/stable/c/0062e7cc955e0827a88570ed36ea511a7dcb391e •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40103 – smb: client: Fix refcount leak for cifs_sb_tlink
https://notcve.org/view.php?id=CVE-2025-40103
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks. In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fi... • https://git.kernel.org/stable/c/8ceb984379462f94bdebef3288d569c6e1f912ea •