CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39789 – crypto: x86/aegis - Add missing error checks
https://notcve.org/view.php?id=CVE-2025-39789
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. • https://git.kernel.org/stable/c/1d373d4e8e15b358f08de52956b32e0e38a11f84 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39788 – scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
https://notcve.org/view.php?id=CVE-2025-39788
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32, and in this case the driver ends up programming the UTRL_NEXUS_TYPE incorrectly as 0. This is because the left hand side of the shift is 1, which is of type int, i.e. 31 bits wide. Shifting by more than that width results in undefined behaviour. Fix this by switching to the BIT() macro, which applies correct typ... • https://git.kernel.org/stable/c/55f4b1f73631a0817717fe6e98517de51b4c3527 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39787 – soc: qcom: mdt_loader: Ensure we don't read past the ELF header
https://notcve.org/view.php?id=CVE-2025-39787
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid. In t... • https://git.kernel.org/stable/c/2aad40d911eeb7dcac91c669f2762a28134f0eb1 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39786 – iio: adc: ad7173: fix channels index for syscalib_mode
https://notcve.org/view.php?id=CVE-2025-39786
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7173: fix channels index for syscalib_mode Fix the index used to look up the channel when accessing the syscalib_mode attribute. The address field is a 0-based index (same as scan_index) that it used to access the channel in the ad7173_channels array throughout the driver. The channels field, on the other hand, may not match the address field depending on the channel configuration specified in the device tree and could result in... • https://git.kernel.org/stable/c/031bdc8aee01b7b298159eee541844d8bff4467d •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39785 – drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local
https://notcve.org/view.php?id=CVE-2025-39785
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local The local variable is passed in request_irq (), and there will be use after free problem, which will make request_irq failed. Using the global irq name instead of it to fix. In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local The local variable is passed in request_irq (), and there will be ... • https://git.kernel.org/stable/c/b11bc1ae46587f3563c47078e605184f18e7fa57 •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39784 – PCI: Fix link speed calculation on retrain failure
https://notcve.org/view.php?id=CVE-2025-39784
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Fix link speed calculation on retrain failure When pcie_failed_link_retrain() fails to retrain, it tries to revert to the previous link speed. However it calculates that speed from the Link Control 2 register without masking out non-speed bits first. PCIE_LNKCTL2_TLS2SPEED() converts such incorrect values to PCI_SPEED_UNKNOWN (0xff), which in turn causes a WARN splat in pcie_set_target_speed(): pci 0000:00:01.1: [1022:14ed] type 01 cla... • https://git.kernel.org/stable/c/de9a6c8d5dbfedb5eb3722c822da0490f6a59a45 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39783 – PCI: endpoint: Fix configfs group list head handling
https://notcve.org/view.php?id=CVE-2025-39783
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field of struct pci_epf_driver in pci_epf_remove_cfs() is not correct as this field is a list head, not a list entry. This list_del() call triggers a KASAN warning when an endpoint function driver which has a configfs attribute group is torn down: ================================================================== BUG: KASAN: slab-use-after-free in pci_e... • https://git.kernel.org/stable/c/ef1433f717a2c63747a519d86965d73ff9bd08b3 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39782 – jbd2: prevent softlockup in jbd2_log_do_checkpoint()
https://notcve.org/view.php?id=CVE-2025-39782
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2_log_do_checkpoint() Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() periodically release j_list_lock after processing a batch of buffers to avoid long hold times on the j_list_lock. However, since both functions contend for j_list_lock, the combined time spent waiting and processing can be significant. jbd2_journal_shrink_checkpoint_list() explicitly calls cond_resched() when need_res... • https://git.kernel.org/stable/c/f683d611518d30334813eecf9a8c687453e2800e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39781 – parisc: Drop WARN_ON_ONCE() from flush_cache_vmap
https://notcve.org/view.php?id=CVE-2025-39781
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Drop WARN_ON_ONCE() from flush_cache_vmap I have observed warning to occassionally trigger. • https://git.kernel.org/stable/c/69cf90e5aa50fe3cb0c1a63cabc4761db44b0035 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39780 – sched/ext: Fix invalid task state transitions on class switch
https://notcve.org/view.php?id=CVE-2025-39780
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fix invalid task state transitions on class switch When enabling a sched_ext scheduler, we may trigger invalid task state transitions, resulting in warnings like the following (which can be easily reproduced by running the hotplug selftest in a loop): sched_ext: Invalid task state transition 0 -> 3 for fish[770] WARNING: CPU: 18 PID: 787 at kernel/sched/ext.c:3862 scx_set_task_state+0x7c/0xc0 ... RIP: 0010:scx_set_task_state+0x7c... • https://git.kernel.org/stable/c/a8532fac7b5d27b8d62008a89593dccb6f9786ef •