CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71127 – wifi: mac80211: Discard Beacon frames to non-broadcast address
https://notcve.org/view.php?id=CVE-2025-71127
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 ("The Address 1 field of the Beacon .. frame shall be set to the broadcast address"). A unicast Beacon frame might be used as a targeted attack to get one of the associated STAs to do something (e.g., using CSA to move it to another channel). As such, it is better have strict filte... • https://git.kernel.org/stable/c/af2d14b01c32d7cba65f73503586e5b621afb139 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-71126 – mptcp: avoid deadlock on fallback while reinjecting
https://notcve.org/view.php?id=CVE-2025-71126
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported an MPTCP deadlock at fallback time: WARNING: possible recursive locking detected 6.18.0-rc7-virtme #1 Not tainted -------------------------------------------- mptcp_connect/20858 is trying to acquire lock: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_try_fallback+0xd8/0x280 but task is already holding lock: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3... • https://git.kernel.org/stable/c/5586518bec27666c747cd52aabb62d485686d0bf •
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71125 – tracing: Do not register unsupported perf events
https://notcve.org/view.php?id=CVE-2025-71125
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer which triggers: ------------[ cut here ]------------ WARNING: kernel/tracepoint.c:175 at tracepoint_add_func+0x357/0x370, CPU#2: perf/2272 Modules linked in: kvm_intel kvm irqbypass CPU: 2 UID: 0 PID: 2272 Comm: perf Not tainted 6.18.0... • https://git.kernel.org/stable/c/4b147936fa509650beaf638b331573c23ba4d609 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-71123 – ext4: fix string copying in parse_apply_sb_mount_options()
https://notcve.org/view.php?id=CVE-2025-71123
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parse_apply_sb_mount_options() strscpy_pad() can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size. Commit 0efc5990bca5 ("string.h: Introduce memtostr() and memtostr_pad()") provides additional information in that regard. So if this happens, the following warning is observed: strnlen: detected buffer overflow: 65 byte read of buffer size 64 WARNING: CPU: 0 PID: 28655 at lib/st... • https://git.kernel.org/stable/c/b2bac84fde28fb6a88817b8b761abda17a1d300b •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71122 – iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED
https://notcve.org/view.php?id=CVE-2025-71122
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkaller found it could overflow math in the test infrastructure and cause a WARN_ON by corrupting the reserved interval tree. This only effects test kernels with CONFIG_IOMMUFD_TEST. Validate the user input length in the test ioctl. In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkall... • https://git.kernel.org/stable/c/f4b20bb34c83dceade5470288f48f94ce3598ada •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-71121 – parisc: Do not reprogram affinitiy on ASP chip
https://notcve.org/view.php?id=CVE-2025-71121
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will crash with a HPMC as the relevant registers don't seem to be at the usual location. Let's avoid the crash by checking the sversion. Also note, that reprogramming isn't necessary either, as the HP730 is a just a single-CPU machine. In the Linux kernel, the fol... • https://git.kernel.org/stable/c/f7c35220305f273bddc0bdaf1e453b4ca280f145 •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-71120 – SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf
https://notcve.org/view.php?id=CVE-2025-71120
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0. In the Linux kernel, the following vulnerability has been resolved: SUNRP... • https://git.kernel.org/stable/c/5866efa8cbfbadf3905072798e96652faf02dbe8 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-71119 – powerpc/kexec: Enable SMT before waking offline CPUs
https://notcve.org/view.php?id=CVE-2025-71119
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228. WARNING: CPU: 0 PID: 9062 at arch/powerpc/kexec/core_64.c:223 kexec_prepare_cpus+0x1b0/0x1bc [snip] NIP kexec_prepare_cpus+0x1b0/0x1bc LR kexec_prepare_cpus+0x1a0/0x1bc Call Trace: kexec_prepare_cpus+0x1a0/0x1bc (unr... • https://git.kernel.org/stable/c/482fa21635c8832db022cd2d649db26b8e6170ac •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71118 – ACPICA: Avoid walking the Namespace if start_node is NULL
https://notcve.org/view.php?id=CVE-2025-71118
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if start_node is NULL Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace if it is not there") fixed the situation when both start_node and acpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed on Honor Magicbook 14 Pro [1]. That happens due to the access to the member of parent_node in acpi_ns_get_next_node(). The NULL pointer dereference will always happen, no matt... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71116 – libceph: make decode_pool() more resilient against corrupted osdmaps
https://notcve.org/view.php?id=CVE-2025-71116
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value. This patch adds explicit bounds checks for each field that is decoded or skipped. In the Linux kernel, the fol... • https://git.kernel.org/stable/c/4f6a7e5ee1393ec4b243b39dac9f36992d161540 •