linux kernel

A small but important Linux kernel fix was published upstream to correct a missing error check in the Freescale Management Complex bus driver (fsl-mc): maintainers added a check for the return value of platform_get_resource() to prevent a NULL pointer dereference, and the issue has been logged...

A small, surgical change to the Linux kernel’s ARM SPE perf driver closed CVE-2025-40081 — a numeric overflow in the PERF_IDX2OFF() macro that could miscompute buffer offsets for large AUX buffers (>= 2 GiB) and lead to kernel instability. The fix casts the buffer pages count to an unsigned long...

The Linux kernel received a targeted fix for CVE-2025-40057 — a resource‑allocation/validation bug in the PTP (Precision Time Protocol) subsystem that adds an upper bound to the user‑controlled max_vclocks parameter so that kernel allocations performed with kcalloc cannot be overflowed or...

The Linux kernel received a surgical but important correctness fix for the vhost/vringh dataplane: a check that treated the return from copy_toiter (and related copy_iter helpers) as an error code was replaced with an equality test that verifies the exact number of bytes* were copied, closing a...

A narrowly scoped but practically important fix landed in the Linux kernel this October to prevent the n_gsm tty driver from hanging the input processing path while it waits for a Modem Status Command (MSC) response — tracked as CVE-2025-40071 — and it exemplifies how small timing and...

The Linux kernel received a focused upstream fix for CVE-2025-40079 — a RISC‑V specific BPF correctness bug where struct ops return values were not being sign‑extended according to the RISC‑V ABI, a mismatch that could trigger kernel panics in the ns_bpf_qdisc selftest and destabilize hosts...

The Linux kernel recently received a small but important patch labelled under CVE‑2025‑40051 that tightens how the vhost/vringh code checks return values from copy_from_iter() and copy_to_iter(); the fix changes the test from “is the result negative” to “did we copy exactly the number of bytes...

A targeted kernel fix for F2FS that guards against malformed node footers has been landed upstream and assigned CVE‑2025‑40025, closing a small but potentially disruptive path to kernel panics when specially crafted F2FS images are processed. The change introduces a new node type and tightens...

The Linux kernel has been updated to fix CVE-2025-40068, a newly assigned vulnerability in the ntfs3 driver where an integer overflow in run_unpack() could allow malformed Master File Table (MFT) runlist data to cause incorrect cluster calculations and lead to unauthorized disk access or...

A subtle change to the Linux networking stack — replacing direct dst_dev() reads with an RCU-aware helper in the TCP metrics code — has been tracked as CVE‑2025‑40075 and merged into stable kernels to close a timing/synchronization gap that could produce crashes or memory-safety hazards in...

A recent Linux kernel fix closes CVE-2025-40027, a race-condition bug in the net/9p client that could cause a double removal of a request from its tracking list — a logic race that KASAN and syzkaller surfaced as a general-protection fault and list corruption during heavy fuzzing of 9p client...

The Linux kernel team has landed a defensive patch for CVE-2025-40043 — a subtle but consequential input‑validation bug in the NFC NCI stack that allowed uninitialized buffer data to be processed under certain malformed packet conditions, and the change tightens parameter checks to prevent...

The Linux kernel received a targeted fix for a resource‑management bug in the FastRPC driver after maintainers discovered a path in fastrpc_put_args that could return early on copy_to_user() failure without releasing mapped buffers, potentially leaking mapping references and exhausting kernel...

A recently disclosed Linux kernel vulnerability in the ksmbd subsystem — tracked as CVE-2025-40039 — fixes a subtle but consequential race condition in the kernel SMB server’s RPC handle list that could lead to inconsistent state, data corruption, or use‑after‑free when RPC handles are accessed...

A terse but important Linux kernel correction landed this month to close a Syzkaller/KMSAN‑reported memory-safety gap in SquashFS: a previously uninitialized parent inode value could be read by squashfs_get_parent(), and the upstream patch initializes that field to 0 so bad file handles return...

A small but consequential race-condition fix landed in the Linux kernel in late October 2025: uio_hv_generic has been changed to stop touching the interrupt mask and instead let userspace control it, closing a hang‑causing race that could leave guest UIO consumers permanently waiting for...

The Linux kernel's Network Block Device (NBD) subsystem received a targeted hardening this week to restrict accepted socket types to TCP and UNIX stream sockets, closing a locally‑triggered vector that syzbot and fuzzers were beginning to abuse and preventing a range of unexpected socket types...

The Linux kernel received a small but important defensive patch addressing CVE-2025-40033: a potential NULL-pointer dereference in the remoteproc PRU driver’s pru_rproc_set_ctable() that, if triggered on an affected system, can cause a kernel oops and an availability outage. The fix is a...

The Linux kernel received a small but important defensive patch that fixes a NULL-pointer dereference in the PCI endpoint test driver (pci-epf-test) — tracked as CVE-2025-40032 — by adding explicit checks for DMA channel pointers before they are released, closing a path that could cause kernel...

Linux kernel maintainers closed a subtle but potentially dangerous IPv4 race by switching several networking paths to use dst_dev_rcu(), a change tracked as CVE‑2025‑40074 that prevents possible use‑after‑free (UAF) conditions in icmpv4_xrlim_allow(), ip_defrag() and in a set of...