CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-39732 – wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
https://notcve.org/view.php?id=CVE-2025-39732
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to ieee80211_iterate_stations_atomic(). Note in this case the iterator is required to be atomic, however ath11k_mac_disable_peer_fixed_rate() does not follow it as it might sleep. Consequently below warning is seen: BUG: sleeping function called from invalid context at wmi.c:304 Call Trace:
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-39730 – NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
https://notcve.org/view.php?id=CVE-2025-39730
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle. • https://git.kernel.org/stable/c/20fa19027286983ab2734b5910c4a687436e0c31 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39726 – s390/ism: fix concurrency management in ism_cmd()
https://notcve.org/view.php?id=CVE-2025-39726
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ism_cmd() The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in time. Unfortunately as of today the s390/ism driver in Linux does not honor that requirement. This patch aims to rectify that. This problem was discovered based on Aliaksei's bug report which states that for certain workloads the ISM functions end up entering e... • https://git.kernel.org/stable/c/684b89bc39ce4f204b1a2b180f39f2eb36a6b695 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-39724 – serial: 8250: fix panic due to PSLVERR
https://notcve.org/view.php?id=CVE-2025-39724
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled. In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function enables the FI... • https://git.kernel.org/stable/c/c49436b657d0a56a6ad90d14a7c3041add7cf64d •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39720 – ksmbd: fix refcount leak causing resource not released
https://notcve.org/view.php?id=CVE-2025-39720
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix refcount leak causing resource not released When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount was not decremented properly, causing a refcount leak that prevents the count from reaching zero and the memory from being released. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix refcount leak causing resource not released When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount w... • https://git.kernel.org/stable/c/a1d2bab4d53368a526c97aba92671dd71814f95a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39716 – parisc: Revise __get_user() to probe user read access
https://notcve.org/view.php?id=CVE-2025-39716
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Revise __get_user() to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so __get_user() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call. Fix this by probing read access rights at privilege... • https://git.kernel.org/stable/c/28a9b71671fb4a2993ef85b8ef6f117ea63894fe •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39715 – parisc: Revise gateway LWS calls to probe user read access
https://notcve.org/view.php?id=CVE-2025-39715
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel and gateway page execute at privilege level 0, so this code never triggers a read access interruption. Thus, it is currently possible for u... • https://git.kernel.org/stable/c/e8b496c52aa0c6572d88db7cab85aeea6f9c194d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39714 – media: usbtv: Lock resolution while streaming
https://notcve.org/view.php?id=CVE-2025-39714
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Lock resolution while streaming When an program is streaming (ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes due to trying to copy to unmapped memory. Changing from NTSC to PAL increases the resolution in the usbtv struct, but the video plane buffer isn't adjusted, so it overflows. [hverkuil: call vb2_is_busy instead of vb2_is_streaming] In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/0e0fe3958fdd13dbf55c3a787acafde6efd04272 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39713 – media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
https://notcve.org/view.php?id=CVE-2025-39713
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interrupt handler rain_interrupt(), the buffer full check on rain->buf_len is performed before acquiring rain->buf_lock. This creates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as rain->buf_len is concurrently accessed and modified in the work handler rain_irq_work_handler() under the same lock. Multiple interrupt invocations can race, with each reading... • https://git.kernel.org/stable/c/0f314f6c2e77beb1a232be21dd6be4e1849ba5ac •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39710 – media: venus: Add a check for packet size after reading from shared memory
https://notcve.org/view.php?id=CVE-2025-39710
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures that the size provided by the firmware is safe to process and prevent potential out-of-bounds memory access. In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet s... • https://git.kernel.org/stable/c/d96d3f30c0f2f564f6922bf4ccdf4464992e31fb •