CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39980 – nexthop: Forbid FDB status change while nexthop is in a group
https://notcve.org/view.php?id=CVE-2025-39980
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: # ip nexthop add id 1 via 192.0.2.1 fdb # ip nexthop add id 2 group 1 Error: Non FDB nexthop group cannot have fdb nexthops. And vice versa: # ip nexthop add id 3 via 192.0.2.2 dev dummy1 # ip nexthop add id 4 group 3 fdb Error: FDB nexthop group can only have fdb nexthops. However, as long as no routes ... • https://git.kernel.org/stable/c/38428d68719c454d269cb03b776d8a4b0ad66111 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39973 – i40e: add validation for ring_len param
https://notcve.org/view.php?id=CVE-2025-39973
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to the hardware memory context (HMC) without any validation. To address this, introduce an upper boundary check for both Tx and Rx queue lengths. The maximum number of descriptors supported by the hardware is 8k-32. Additionally, enforce alignment constraints: Tx rings must be a multiple of 8, and Rx rings must be a mu... • https://git.kernel.org/stable/c/5c3c48ac6bf56367c4e89f6453cd2d61e50375bd •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39972 – i40e: fix idx validation in i40e_validate_queue_map
https://notcve.org/view.php?id=CVE-2025-39972
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_validate_queue_map(). In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_validate_queue_map(). • https://git.kernel.org/stable/c/c27eac48160de72dee33d42b5a33cc7b8a2eb1f5 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39971 – i40e: fix idx validation in config queues msg
https://notcve.org/view.php?id=CVE-2025-39971
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg(). In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg(). • https://git.kernel.org/stable/c/c27eac48160de72dee33d42b5a33cc7b8a2eb1f5 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39970 – i40e: fix input validation logic for action_meta
https://notcve.org/view.php?id=CVE-2025-39970
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference. • https://git.kernel.org/stable/c/e284fc280473bed23f2e1ed324e102a48f7d17e1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39969 – i40e: fix validation of VF state in get resources
https://notcve.org/view.php?id=CVE-2025-39969
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use I40E_VF_STATE_RESOURCES_LOADED that is set only in i40e_vc_get_vf_resources_msg() and cleared during reset. In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF ... • https://git.kernel.org/stable/c/171527da84149c2c7aa6a60a64b09d24f3546298 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39968 – i40e: add max boundary check for VF filters
https://notcve.org/view.php?id=CVE-2025-39968
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it. • https://git.kernel.org/stable/c/e284fc280473bed23f2e1ed324e102a48f7d17e1 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-39967 – fbcon: fix integer overflow in fbcon_do_set_font
https://notcve.org/view.php?id=CVE-2025-39967
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount multiplication with user-controlled values that can overflow. 2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow 3. This results ... • https://git.kernel.org/stable/c/96e41fc29e8af5c5085fb8a79cab8d0d00bab86c •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39964 – crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
https://notcve.org/view.php?id=CVE-2025-39964
13 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing. In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg ... • https://git.kernel.org/stable/c/8ff590903d5fc7f5a0a988c38267a3d08e6393a2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39961 – iommu/amd/pgtbl: Fix possible race while increase page table level
https://notcve.org/view.php?id=CVE-2025-39961
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels (up to 6 levels), starting with a 3-level configuration that expands based on IOVA address. The kernel maintains a root pointer and current page table level to enable proper page table walks in alloc_pte()/fetch_pte() operations. The IOMMU IOVA allocator initially starts with 32-bit address and o... • https://git.kernel.org/stable/c/754265bcab78a9014f0f99cd35e0d610fcd7dfa7 •