CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-40105 – vfs: Don't leak disconnected dentries on umount
https://notcve.org/view.php?id=CVE-2025-40105
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail ... • https://git.kernel.org/stable/c/f1ee616214cb22410e939d963bbb2349c2570f02 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-40104 – ixgbevf: fix mailbox API compatibility by negotiating supported features
https://notcve.org/view.php?id=CVE-2025-40104
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily negotiate mailbox API. This convention has been broken since introducing API 1.4. Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support for IPSec which is specific only for the kernel ixgbe driver. ... • https://git.kernel.org/stable/c/0062e7cc955e0827a88570ed36ea511a7dcb391e •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-40103 – smb: client: Fix refcount leak for cifs_sb_tlink
https://notcve.org/view.php?id=CVE-2025-40103
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks. • https://git.kernel.org/stable/c/8ceb984379462f94bdebef3288d569c6e1f912ea •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-40102 – KVM: arm64: Prevent access to vCPU events before init
https://notcve.org/view.php?id=CVE-2025-40102
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of uninitialized garbage for routing / injecting the exception. In one case the injection code and the hyp disagree on whether the vCPU has a 32bit EL1 and put the vCPU into an illegal mode for AArch64, tripping the BUG(... • https://git.kernel.org/stable/c/b7b27facc7b50a5fce0afaa3df56157136ce181a •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-40100 – btrfs: do not assert we found block group item when creating free space tree
https://notcve.org/view.php?id=CVE-2025-40100
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populate_free_space_tree(), if we are not using the block group tree feature, we always expect to find block group items (either extent items or a block group item with key type BTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with btrfs_search_slot_for_read(), so we assert that we found an item. However this ... • https://git.kernel.org/stable/c/a5ed91828518ab076209266c2bc510adabd078df •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-40099 – cifs: parse_dfs_referrals: prevent oob on malformed input
https://notcve.org/view.php?id=CVE-2025-40099
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS - reply smaller than sizeof(struct get_dfs_referral_rsp) - reply with number of referrals smaller than NumberOfReferrals in the header Processing of such replies will cause oob. Return -EINVAL error on such replies to prevent oob-s. • https://git.kernel.org/stable/c/cfacc7441f760e4a73cc71b6ff1635261d534657 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-40095 – usb: gadget: f_rndis: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40095
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. • https://git.kernel.org/stable/c/45fe3b8e5342cd1ce307099459c74011d8e01986 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-40094 – usb: gadget: f_acm: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40094
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address... • https://git.kernel.org/stable/c/1f1ba11b64947051fc32aa15fcccef6463b433f7 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-40093 – usb: gadget: f_ecm: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40093
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. • https://git.kernel.org/stable/c/da741b8c56d612b5dd26ffa31341911a5fea23ee •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-40092 – usb: gadget: f_ncm: Refactor bind path to use __free()
https://notcve.org/view.php?id=CVE-2025-40092
30 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address... • https://git.kernel.org/stable/c/9f6ce4240a2bf456402c15c06768059e5973f28c •