CVSS: 8.5EPSS: %CPEs: 6EXPL: 0CVE-2025-71144 – mptcp: ensure context reset on disconnect()
https://notcve.org/view.php?id=CVE-2025-71144
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect() After the blamed commit below, if the MPC subflow is already in TCP_CLOSE status or has fallback to TCP at mptcp_disconnect() time, mptcp_do_fastclose() skips setting the `send_fastclose flag` and the later __mptcp_close_ssk() does not reset anymore the related subflow context. Any later connection will be created with both the `request_mptcp` flag and the msk-level fallback status off (it is unco... • https://git.kernel.org/stable/c/3a13454fd098ed51e733958488f8ec62859a9ed8 •
CVSS: 7.2EPSS: %CPEs: 4EXPL: 0CVE-2025-71143 – clk: samsung: exynos-clkout: Assign .num before accessing .hws
https://notcve.org/view.php?id=CVE-2025-71143
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with... • https://git.kernel.org/stable/c/f316cdff8d677db9ad9c90acb44c4cd535b0ee27 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-71141 – drm/tilcdc: Fix removal actions in case of failed probe
https://notcve.org/view.php?id=CVE-2025-71141
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered. Currently, these functions are called unconditionally in tilcdc_fini(), which causes warnings during probe deferral scenarios. [ 7.972317] WARNING: CPU: 0 PID: 23 at drivers/gpu/drm/drm_atomic_state_helper.c:175 drm_atomic_helper_crtc_duplicate... • https://git.kernel.org/stable/c/69f03be1fa08a66735d53d92d3429c052540e3bf •
CVSS: 5.6EPSS: %CPEs: 4EXPL: 0CVE-2025-71138 – drm/msm/dpu: Add missing NULL pointer check for pingpong interface
https://notcve.org/view.php?id=CVE-2025-71138
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpu_encoder_phys_wb_setup_ctl(), but in a single place the check is missing. Also use convenient locals instead of phys_enc->* where available. Patchwork: https://patchwork.freedesktop.org/patch/693860/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is ch... • https://git.kernel.org/stable/c/d7d0e73f7de33a2b9998b607707a3e944ef3b86d •
CVSS: 6.6EPSS: %CPEs: 5EXPL: 0CVE-2025-71137 – octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"
https://notcve.org/view.php?id=CVE-2025-71137
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring sizes via ethtool -G. In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below th... • https://git.kernel.org/stable/c/d45d8979840d9c9ac93d3fe8cfc8e794b7228445 •
CVSS: 5.6EPSS: %CPEs: 5EXPL: 0CVE-2025-71136 – media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()
https://notcve.org/view.php?id=CVE-2025-71136
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() It's possible for cp_read() and hdmi_read() to return -EIO. Those values are further used as indexes for accessing arrays. Fix that by checking return values where it's needed. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds a... • https://git.kernel.org/stable/c/a89bcd4c6c2023615a89001b5a11b0bb77eb9491 •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-71133 – RDMA/irdma: avoid invalid read in irdma_net_event
https://notcve.org/view.php?id=CVE-2025-71133
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdma_net_event irdma_net_event() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE. Other events come with different structures pointed to by "ptr" and they may be smaller than struct neighbour. Move the read of neigh->dev under the NETEVENT_NEIGH_UPDATE case. The bug is mostly harmless, but it triggers KASAN on debug kernels: BUG: KASAN... • https://git.kernel.org/stable/c/915cc7ac0f8e2a23675ee896e87f17c7d3c47089 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-71132 – smc91x: fix broken irq-context in PREEMPT_RT
https://notcve.org/view.php?id=CVE-2025-71132
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPT_RT When smc91x.c is built with PREEMPT_RT, the following splat occurs in FVP_RevC: [ 13.055000] smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 [ 13.062137] BUG: workqueue leaked atomic, lock or RCU: kworker/2:1[106] [ 13.062137] preempt=0x00000000 lock=0->0 RCU=0->1 workfn=mld_ifc_work [ 13.062266] C ** replaying previous printk message ** [ 13.062266] CPU: 2 UID: 0 PID: 106 Comm:... • https://git.kernel.org/stable/c/342a93247e0837101f27bbcca26f402902df98dc •
CVSS: 6.6EPSS: %CPEs: 5EXPL: 0CVE-2025-71131 – crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
https://notcve.org/view.php?id=CVE-2025-71131
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv after crypto_aead_encrypt As soon as crypto_aead_encrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req->iv after it returns is invalid. Instead of checking req->iv against info, create a new variable unaligned_info and use it for that purpose instead. In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv... • https://git.kernel.org/stable/c/0a270321dbf948963aeb0e8382fe17d2c2eb3771 •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2025-71130 – drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer
https://notcve.org/view.php?id=CVE-2025-71130
14 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb->vma[i].vma pointers to NULL, simplifying cleanup and getting rid of the bug described below. During the execution of eb_lookup_vmas(), the eb->vma array is successively filled up with struct eb_vma objects. This process includes calling eb_add_vma(), whi... • https://git.kernel.org/stable/c/544460c33821b44c2f0c643121303c3dc3f66ef1 •