CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39798 – NFS: Fix the setting of capabilities when automounting a new filesystem
https://notcve.org/view.php?id=CVE-2025-39798
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaults, and then probed for again. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be re... • https://git.kernel.org/stable/c/54ceac4515986030c2502960be620198dd8fe25b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39797 – xfrm: Duplicate SPI Handling
https://notcve.org/view.php?id=CVE-2025-39797
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers the kernel function xfrm_alloc_spi(). This function is expected to ensure uniqueness of the Security Parameter Index (SPI) for inbound Security Associations (SAs). However, it can return success even when the requested SPI is already in use, leading to duplicate SPIs assigned to multiple inbound SAs, differentiate... • https://git.kernel.org/stable/c/3d8090bb53424432fa788fe9a49e8ceca74f0544 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39796 – net: lapbether: ignore ops-locked netdevs
https://notcve.org/view.php?id=CVE-2025-39796
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: lapbether: ignore ops-locked netdevs Syzkaller managed to trigger lock dependency in xsk_notify via register_netdevice. As discussed in [0], using register_netdevice in the notifiers is problematic so skip adding lapbeth for ops-locked devices. xsk_notifier+0xa4/0x280 net/xdp/xsk.c:1645 notifier_call_chain+0xbc/0x410 kernel/notifier.c:85 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230 call_netdevice_notifiers_extack net/co... • https://git.kernel.org/stable/c/4c975fd700022c90e61a46326e3444e08317876e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39795 – block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
https://notcve.org/view.php?id=CVE-2025-39795
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size value. However, by finding the chunk_sectors value in bytes, we may overflow the unsigned int which holds chunk_sectors, so change the check to be based on sectors. In the Linux kernel, the following vulnerability has been resolved: block: avoid possible over... • https://git.kernel.org/stable/c/418751910044649baa2b424ea31cce3fc4dcc253 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39794 – ARM: tegra: Use I/O memcpy to write to IRAM
https://notcve.org/view.php?id=CVE-2025-39794
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. • https://git.kernel.org/stable/c/b28c1a14accc79ead1e87bbdae53309da60be1e7 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39793 – io_uring/memmap: cast nr_pages to size_t before shifting
https://notcve.org/view.php?id=CVE-2025-39793
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's necessary to cast the mr->nr_pages value to size_t to prevent it from overflowing. In practice this isn't much of a concern as the required memory size will have been validated upfront, and accounted to the user. And > 4GB sizes will be necessary to make the lack of a cast a problem, which greatly exceeds normal user locked_vm settings... • https://git.kernel.org/stable/c/087f997870a948820ec366701d178f402c6a23a3 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39792 – dm: Always split write BIOs to zoned device limits
https://notcve.org/view.php?id=CVE-2025-39792
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: Always split write BIOs to zoned device limits Any zoned DM target that requires zone append emulation will use the block layer zone write plugging. In such case, DM target drivers must not split BIOs using dm_accept_partial_bio() as doing so can potentially lead to deadlocks with queue freeze operations. Regular write operations used to emulate zone append operations also cannot be split by the target driver as that would result in an ... • https://git.kernel.org/stable/c/f211268ed1f9bdf48f06a3ead5f5d88437450579 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39791 – dm: dm-crypt: Do not partially accept write BIOs with zoned targets
https://notcve.org/view.php?id=CVE-2025-39791
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: dm-crypt: Do not partially accept write BIOs with zoned targets Read and write operations issued to a dm-crypt target may be split according to the dm-crypt internal limits defined by the max_read_size and max_write_size module parameters (default is 128 KB). The intent is to improve processing time of large BIOs by splitting them into smaller operations that can be parallelized on different CPUs. For zoned dm-crypt targets, this BIO sp... • https://git.kernel.org/stable/c/f211268ed1f9bdf48f06a3ead5f5d88437450579 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39790 – bus: mhi: host: Detect events pointing to unexpected TREs
https://notcve.org/view.php?id=CVE-2025-39790
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a pointer to the consumed TRE. The host uses this pointer to process all of the TREs between it and the host's local copy of the ring's read pointer. This works when processing completion for chained transactions, but can lead to nasty results if the device sends an event for a single-element transaction with a re... • https://git.kernel.org/stable/c/1d3173a3bae7039b765a0956e3e4bf846dbaacb8 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39789 – crypto: x86/aegis - Add missing error checks
https://notcve.org/view.php?id=CVE-2025-39789
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. • https://git.kernel.org/stable/c/1d373d4e8e15b358f08de52956b32e0e38a11f84 •