CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-39734 – Revert "fs/ntfs3: Replace inode_trylock with inode_lock"
https://notcve.org/view.php?id=CVE-2025-39734
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "fs/ntfs3: Replace inode_trylock with inode_lock" This reverts commit 69505fe98f198ee813898cbcaf6770949636430b. Initially, conditional lock acquisition was removed to fix an xfstest bug that was observed during internal testing. The deadlock reported by syzbot is resolved by reintroducing conditional acquisition. The xfstest bug no longer occurs on kernel version 6.16-rc1 during internal testing. I assume that changes in other module... • https://git.kernel.org/stable/c/e3e3b3eb54feaf6400800812c8d0f95a7213923d •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-39732 – wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
https://notcve.org/view.php?id=CVE-2025-39732
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to ieee80211_iterate_stations_atomic(). Note in this case the iterator is required to be atomic, however ath11k_mac_disable_peer_fixed_rate() does not follow it as it might sleep. Consequently below warning is seen: BUG: sleeping function called from invalid context at wmi.c:304 Call Trace:
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-39730 – NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
https://notcve.org/view.php?id=CVE-2025-39730
07 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle. • https://git.kernel.org/stable/c/20fa19027286983ab2734b5910c4a687436e0c31 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39726 – s390/ism: fix concurrency management in ism_cmd()
https://notcve.org/view.php?id=CVE-2025-39726
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ism_cmd() The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in time. Unfortunately as of today the s390/ism driver in Linux does not honor that requirement. This patch aims to rectify that. This problem was discovered based on Aliaksei's bug report which states that for certain workloads the ISM functions end up entering e... • https://git.kernel.org/stable/c/684b89bc39ce4f204b1a2b180f39f2eb36a6b695 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-39724 – serial: 8250: fix panic due to PSLVERR
https://notcve.org/view.php?id=CVE-2025-39724
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled. In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function enables the FI... • https://git.kernel.org/stable/c/c49436b657d0a56a6ad90d14a7c3041add7cf64d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39721 – crypto: qat - flush misc workqueue during device shutdown
https://notcve.org/view.php?id=CVE-2025-39721
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - flush misc workqueue during device shutdown Repeated loading and unloading of a device specific QAT driver, for example qat_4xxx, in a tight loop can lead to a crash due to a use-after-free scenario. This occurs when a power management (PM) interrupt triggers just before the device-specific driver (e.g., qat_4xxx.ko) is unloaded, while the core driver (intel_qat.ko) remains loaded. Since the driver uses a shared workqueue (`qa... • https://git.kernel.org/stable/c/e5745f34113b758b45d134dec04a7df94dc67131 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39720 – ksmbd: fix refcount leak causing resource not released
https://notcve.org/view.php?id=CVE-2025-39720
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix refcount leak causing resource not released When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount was not decremented properly, causing a refcount leak that prevents the count from reaching zero and the memory from being released. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix refcount leak causing resource not released When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount w... • https://git.kernel.org/stable/c/a1d2bab4d53368a526c97aba92671dd71814f95a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39716 – parisc: Revise __get_user() to probe user read access
https://notcve.org/view.php?id=CVE-2025-39716
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Revise __get_user() to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so __get_user() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call. Fix this by probing read access rights at privilege... • https://git.kernel.org/stable/c/28a9b71671fb4a2993ef85b8ef6f117ea63894fe •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39715 – parisc: Revise gateway LWS calls to probe user read access
https://notcve.org/view.php?id=CVE-2025-39715
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel and gateway page execute at privilege level 0, so this code never triggers a read access interruption. Thus, it is currently possible for u... • https://git.kernel.org/stable/c/e8b496c52aa0c6572d88db7cab85aeea6f9c194d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39714 – media: usbtv: Lock resolution while streaming
https://notcve.org/view.php?id=CVE-2025-39714
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Lock resolution while streaming When an program is streaming (ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes due to trying to copy to unmapped memory. Changing from NTSC to PAL increases the resolution in the usbtv struct, but the video plane buffer isn't adjusted, so it overflows. [hverkuil: call vb2_is_busy instead of vb2_is_streaming] In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/0e0fe3958fdd13dbf55c3a787acafde6efd04272 •