CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-39734 – Revert "fs/ntfs3: Replace inode_trylock with inode_lock"
https://notcve.org/view.php?id=CVE-2025-39734
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "fs/ntfs3: Replace inode_trylock with inode_lock" This reverts commit 69505fe98f198ee813898cbcaf6770949636430b. Initially, conditional lock acquisition was removed to fix an xfstest bug that was observed during internal testing. The deadlock reported by syzbot is resolved by reintroducing conditional acquisition. The xfstest bug no longer occurs on kernel version 6.16-rc1 during internal testing. I assume that changes in other module... • https://git.kernel.org/stable/c/e3e3b3eb54feaf6400800812c8d0f95a7213923d •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-39732 – wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
https://notcve.org/view.php?id=CVE-2025-39732
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to ieee80211_iterate_stations_atomic(). Note in this case the iterator is required to be atomic, however ath11k_mac_disable_peer_fixed_rate() does not follow it as it might sleep. Consequently below warning is seen: BUG: sleeping function called from invalid context at wmi.c:304 Call Trace:
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-39731 – f2fs: vm_unmap_ram() may be called from an invalid context
https://notcve.org/view.php?id=CVE-2025-39731
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: vm_unmap_ram() may be called from an invalid context When testing F2FS with xfstests using UFS backed virtual disks the kernel complains sometimes that f2fs_release_decomp_mem() calls vm_unmap_ram() from an invalid context. Example trace from f2fs/007 test: f2fs/007 5s ... [12:59:38][ 8.902525] run fstests f2fs/007 [ 11.468026] BUG: sleeping function called from invalid context at mm/vmalloc.c:2978 [ 11.471849] in_atomic(): 1, irqs_di... • https://git.kernel.org/stable/c/bff139b49d9f70c1ac5384aac94554846aa834de •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-39730 – NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
https://notcve.org/view.php?id=CVE-2025-39730
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle. • https://git.kernel.org/stable/c/20fa19027286983ab2734b5910c4a687436e0c31 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-39727 – mm: swap: fix potential buffer overflow in setup_clusters()
https://notcve.org/view.php?id=CVE-2025-39727
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setup_clusters() In setup_swap_map(), we only ensure badpages are in range (0, last_page]. As maxpages might be < last_page, setup_clusters() will encounter a buffer overflow when a badpage is >= maxpages. Only call inc_cluster_info_page() for badpage which is < maxpages to fix the issue. • https://git.kernel.org/stable/c/b843786b0bd01ced7fcdbf3b033d68db2f7c61b2 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39726 – s390/ism: fix concurrency management in ism_cmd()
https://notcve.org/view.php?id=CVE-2025-39726
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ism_cmd() The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in time. Unfortunately as of today the s390/ism driver in Linux does not honor that requirement. This patch aims to rectify that. This problem was discovered based on Aliaksei's bug report which states that for certain workloads the ISM functions end up entering e... • https://git.kernel.org/stable/c/684b89bc39ce4f204b1a2b180f39f2eb36a6b695 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-39724 – serial: 8250: fix panic due to PSLVERR
https://notcve.org/view.php?id=CVE-2025-39724
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled. In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function enables the FI... • https://git.kernel.org/stable/c/c49436b657d0a56a6ad90d14a7c3041add7cf64d •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39723 – netfs: Fix unbuffered write error handling
https://notcve.org/view.php?id=CVE-2025-39723
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix unbuffered write error handling If all the subrequests in an unbuffered write stream fail, the subrequest collector doesn't update the stream->transferred value and it retains its initial LONG_MAX value. Unfortunately, if all active streams fail, then we take the smallest value of { LONG_MAX, LONG_MAX, ... } as the value to set in wreq->transferred - which is then returned from ->write_iter(). LONG_MAX was chosen as the initial v... • https://git.kernel.org/stable/c/288ace2f57c9d06dd2e42bd80d03747d879a4068 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39722 – crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP
https://notcve.org/view.php?id=CVE-2025-39722
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Since the CAAM on these SoCs is managed by another ARM core, called the SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which also reserves access to register page 0 suspend operations cannot touch this page. This is similar to when running OPTEE, where OPTEE will reserve page 0. Track this situation using a new state variable no_page0, reflecting if page 0 is... • https://git.kernel.org/stable/c/d2835701d93cae6d597672ef9dc3fa889867031a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39721 – crypto: qat - flush misc workqueue during device shutdown
https://notcve.org/view.php?id=CVE-2025-39721
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - flush misc workqueue during device shutdown Repeated loading and unloading of a device specific QAT driver, for example qat_4xxx, in a tight loop can lead to a crash due to a use-after-free scenario. This occurs when a power management (PM) interrupt triggers just before the device-specific driver (e.g., qat_4xxx.ko) is unloaded, while the core driver (intel_qat.ko) remains loaded. Since the driver uses a shared workqueue (`qa... • https://git.kernel.org/stable/c/e5745f34113b758b45d134dec04a7df94dc67131 •