7.0
CVE-2025-40133 - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable().
In the Linux kernel, the following vulnerability has been resolved: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). mptcp_active_enable() is called from subflow_finish_connect(), which is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always under RCU. Using sk_dst_get(sk)β¦
6.5
CVE-2025-60645 -
A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.
7.0
CVE-2025-40186 - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().
In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a listener is close()d while a TFO socket is being processed in tcp_conn_request(), inet_csk_reqsk_queuβ¦
5.5
CVE-2025-40200 - Squashfs: reject negative file sizes in squashfs_read_inode()
In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs. This warning is ultimately caused because the underlying Squashfs file system returns a file with a neβ¦
7.0
CVE-2025-40194 - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly acβ¦
7.0
CVE-2025-40176 - tls: wait for pending async decryptions if tls_strp_msg_hold fails
In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceedinβ¦
5.5
CVE-2025-40171 - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmet_fc_ls_req_op Itβs possible for more than one async command to be in flight from __nvmet_fc_send_ls_req. For each command, a tgtport reference is taken. In the current code, only one put workβ¦
5.5
CVE-2025-40144 - kernel: nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe()
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2025-40148 - drm/amd/display: Add NULL pointer checks in dc_stream cursor attribute functions
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dc_stream cursor attribute functions The function dc_stream_set_cursor_attributes() currently dereferences the `stream` pointer and nested members `stream->ctx->dc->current_state` withoβ¦
5.5
CVE-2025-40138 - f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency() syzbot reported a f2fs bug as below: Oops: gen[ 107.736417][ T5848] Oops: general protection fault, probably for non-canonical address 0xdffffc000000β¦