CVE-2025-40039 ksmbd: Fix race condition in RPC handle list access
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40039
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40039
CVE-2025-40043 net: nfc: nci: Add parameter validation for packet data
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40043
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40043
CVE-2025-40074 ipv4: start using dst_dev_rcu()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40074
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40074
CVE-2025-40033 remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40033
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40033
CVE-2025-40032 PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40032
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40032
CVE-2025-40080 nbd: restrict sockets to TCP and UDP
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40080
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40080
CVE-2025-40060 coresight: trbe: Return NULL pointer for allocation failures
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40060
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40060
CVE-2025-40026 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40026
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40026
CVE-2025-40040 mm/ksm: fix flag-dropping behavior in ksm_madvise
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40040
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40040
CVE-2025-40056 vhost: vringh: Fix copy_to_iter return value check
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40056
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40056
CVE-2025-40055 ocfs2: fix double free in user_cluster_connect()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40055
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40055
CVE-2025-40053 net: dlink: handle copy_thresh allocation failure
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40053
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40053
CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40035
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40035
CVE-2025-40030 pinctrl: check the return value of pinmux_ops::get_function_name()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40030
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40030
CVE-2025-40052 smb: client: fix crypto buffers in non-linear memory
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40052
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40052
Chromium: CVE-2023-4863 Heap buffer overflow in WebP
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
CVE-2025-53783 Microsoft Teams Remote Code Execution Vulnerability
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783
CVE-2025-60711 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60711
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60711
Chromium: CVE-2025-12036 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12036
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12036
Chromium: CVE-2025-12428 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12428
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12428
Chromium: CVE-2025-12429 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12429
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12429