CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-40198 – ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
https://notcve.org/view.php?id=CVE-2025-40198
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount_options() by treating s_mount_opts as a potential __nonstring. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ex... • https://git.kernel.org/stable/c/8b67f04ab9de5d8f3a71aef72bf02c995a506db5 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40197 – media: mc: Clear minor number before put device
https://notcve.org/view.php?id=CVE-2025-40197
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released. • https://git.kernel.org/stable/c/dd156f44ea82cc249f46c519eed3b2f8983c8002 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40196 – fs: quota: create dedicated workqueue for quota_release_work
https://notcve.org/view.php?id=CVE-2025-40196
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set. This issue occurs when writeback is triggered due to sync call for an opened file(ie, writeback reason is WB_REASON_SYNC). When f2fs balance is needed at sync path, flush for quota_release_work is triggered. By default quota_release_work is queued to "events_unbound" queue which does not have WQ_MEM_RECLAIM flag. ... • https://git.kernel.org/stable/c/bcacb52a985f1b6d280f698a470b873dfe52728a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-40195 – mount: handle NULL values in mnt_ns_release()
https://notcve.org/view.php?id=CVE-2025-40195
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully. In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully. • https://git.kernel.org/stable/c/2d68f8a7379d9c61005e982600c61948d4d019bd •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40194 – cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
https://notcve.org/view.php?id=CVE-2025-40194
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_psta... • https://git.kernel.org/stable/c/da5c504c7aae96db68c4b38e2564a88e91842d89 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40193 – xtensa: simdisk: add input size check in proc_write_simdisk
https://notcve.org/view.php?id=CVE-2025-40193
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in proc_write_simdisk A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 ("netdevsim: prevent bad user input in nsim_dev_health_break_write()") In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in proc_write_simdisk A malicious user could ... • https://git.kernel.org/stable/c/b6c7e873daf765e41233b9752083b66442703b7a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40192 – Revert "ipmi: fix msg stack when IPMI is disconnected"
https://notcve.org/view.php?id=CVE-2025-40192
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack when IPMI is disconnected" This reverts commit c608966f3f9c2dca596967501d00753282b395fc. This patch has a subtle bug that can cause the IPMI driver to go into an infinite loop if the BMC misbehaves in a certain way. Apparently certain BMCs do misbehave this way because several reports have come in recently about this. In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack ... • https://git.kernel.org/stable/c/c608966f3f9c2dca596967501d00753282b395fc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40191 – drm/amdkfd: Fix kfd process ref leaking when userptr unmapping
https://notcve.org/view.php?id=CVE-2025-40191
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfd_lookup_process_by_pid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault event to user space. Calling kfd_lookup_process_by_pid as function parameter leaks the kfd process refcount and miss the NULL pointer check if app process is already destroyed. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix k... • https://git.kernel.org/stable/c/2d274bf7099bc5e95fabaa93f23d0eb2977187ad •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40190 – ext4: guard against EA inode refcount underflow in xattr update
https://notcve.org/view.php?id=CVE-2025-40190
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1). That lets the refcount underflow and we proceed with a bogus value, triggering errors like: EXT4-fs error: EA inode
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40189 – net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom
https://notcve.org/view.php?id=CVE-2025-40189
12 Nov 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout ===================================================== BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline] BUG: KMSAN: uninit-value in lan78xx_init_mac_ad... • https://git.kernel.org/stable/c/8b1b2ca83b200fa46fdfb81e80ad5fe34537e6d4 •