CVE-2025-40081 perf: arm_spe: Prevent overflow in PERF_IDX2OFF()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40081

CVE-2025-40048 uio_hv_generic: Let userspace take care of interrupt mask

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40048

CVE-2025-40036 misc: fastrpc: fix possible map leak in fastrpc_put_args

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40036

CVE-2025-40039 ksmbd: Fix race condition in RPC handle list access

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40039

CVE-2025-40043 net: nfc: nci: Add parameter validation for packet data

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40043

CVE-2025-40074 ipv4: start using dst_dev_rcu()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40074

CVE-2025-40033 remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40033

CVE-2025-40032 PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40032

CVE-2025-40080 nbd: restrict sockets to TCP and UDP

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40080

CVE-2025-40060 coresight: trbe: Return NULL pointer for allocation failures

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40060

CVE-2025-40026 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40026

CVE-2025-40040 mm/ksm: fix flag-dropping behavior in ksm_madvise

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40040

CVE-2025-40056 vhost: vringh: Fix copy_to_iter return value check

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40056

CVE-2025-40055 ocfs2: fix double free in user_cluster_connect()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40055

CVE-2025-40053 net: dlink: handle copy_thresh allocation failure

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40053

CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40035

CVE-2025-40030 pinctrl: check the return value of pinmux_ops::get_function_name()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40030

CVE-2025-40052 smb: client: fix crypto buffers in non-linear memory

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40052

Chromium: CVE-2023-4863 Heap buffer overflow in WebP

Updated product information in the Software Update table. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863

CVE-2025-53783 Microsoft Teams Remote Code Execution Vulnerability

Updated product information in the Software Update table. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783

CVE-2025-60711 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60711