CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2025-39964 – crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
https://notcve.org/view.php?id=CVE-2025-39964
13 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing. In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg ... • https://git.kernel.org/stable/c/8ff590903d5fc7f5a0a988c38267a3d08e6393a2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39961 – iommu/amd/pgtbl: Fix possible race while increase page table level
https://notcve.org/view.php?id=CVE-2025-39961
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels (up to 6 levels), starting with a 3-level configuration that expands based on IOVA address. The kernel maintains a root pointer and current page table level to enable proper page table walks in alloc_pte()/fetch_pte() operations. The IOMMU IOVA allocator initially starts with 32-bit address and o... • https://git.kernel.org/stable/c/754265bcab78a9014f0f99cd35e0d610fcd7dfa7 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39958 – iommu/s390: Make attach succeed when the device was surprise removed
https://notcve.org/view.php?id=CVE-2025-39958
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via (__iommu_release_dma_ownership()), or because the removal happens during probe (__iommu_probe_device()). In both cases zpci_register_ioat() fails with a cc value indicating that the device handle is invalid. This is because the... • https://git.kernel.org/stable/c/359613f2fa009587154511e4842e8ab9532edd15 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39957 – wifi: mac80211: increase scan_ies_len for S1G
https://notcve.org/view.php?id=CVE-2025-39957
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: increase scan_ies_len for S1G Currently the S1G capability element is not taken into account for the scan_ies_len, which leads to a buffer length validation failure in ieee80211_prep_hw_scan() and subsequent WARN in __ieee80211_start_scan(). This prevents hw scanning from functioning. To fix ensure we accommodate for the S1G capability length. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211... • https://git.kernel.org/stable/c/16c9244a62116fe148f6961753b68e7160799f97 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39955 – tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
https://notcve.org/view.php?id=CVE-2025-39955
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Open socket as a new client before the TFO socket completes 3WHS: 1. accept() 2. connect(AF_UNSPEC) 3. connect() to another destination As of accept(), sk->sk_state is TCP_SYN_RECV, and tcp_disconnect() changes it to TCP_CLOSE and makes c... • https://git.kernel.org/stable/c/8336886f786fdacbc19b719c1f7ea91eb70706d4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53687 – tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
https://notcve.org/view.php?id=CVE-2023-53687
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, needs to be freed. If a better match has already been found, we still need to free the new one, otherwise it leaks. In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24... • https://git.kernel.org/stable/c/5f5a7a5578c5885201cf9c85856f023fe8b81765 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53685 – tun: Fix memory leak for detached NAPI queue.
https://notcve.org/view.php?id=CVE-2023-53685
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported [0] memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = {} int fd_tun, fd_tmp; char buf[4] = {}; fd_tun = openat(AT_FDCWD, "/dev/net/tun", O_WRONLY, 0); ifr.ifr_flags = IFF_TUN | IFF_NAPI | IFF_MULTI_QUEUE; ioctl(fd_tun, TUNSETIFF, &ifr); ifr.ifr_flags = IFF_DETACH_QUEUE; ioctl(fd_tun, TUNSETQUEUE, &ifr); ... • https://git.kernel.org/stable/c/cde8b15f1aabe327038ee4e0e11dd6b798572f69 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53683 – fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
https://notcve.org/view.php?id=CVE-2023-53683
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for crafted filesystem image can contain bogus length. There conditions are not kernel bugs that can justify kernel to panic. In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,... • https://git.kernel.org/stable/c/61af77acd039ffd221bf7adf0dc95d0a4d377505 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53681 – bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
https://notcve.org/view.php?id=CVE-2023-53681
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent In some specific situations, the return value of __bch_btree_node_alloc may be NULL. This may lead to a potential NULL pointer dereference in caller function like a calling chain : btree_split->bch_btree_node_alloc->__bch_btree_node_alloc. Fix it by initializing the return value in __bch_btree_node_alloc. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/cafe563591446cf80bfbc2fe3bc72a2e36cf1060 •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53677 – drm/i915: Fix memory leaks in i915 selftests
https://notcve.org/view.php?id=CVE-2023-53677
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix memory leaks in i915 selftests This patch fixes memory leaks on error escapes in function fake_get_pages (cherry picked from commit 8bfbdadce85c4c51689da10f39c805a7106d4567) • https://git.kernel.org/stable/c/c3bfba9a222550406082c92bbabc9c8b1355d8b8 •