Linux Kernel CVE Statistics
654 Linux Kernel CVEs in October 2025
Full month · Source: NIST NVD
In October 2025, 654 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 117 were rated High severity and 334 Medium. No CVEs from this month have been confirmed as actively exploited via the CISA KEV catalog. October's 654 CVEs represent 11% of all 2025 Linux kernel CVEs , down from September's 737 (a 11% month-over-month decrease) .
654
Total CVEs
0
Critical
117
High
334
Medium
2
Low
0
KEV Exploited
All CVEs — October 2025
654 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2025-40106 | linux | Awaiting NVD | — | 2025-10-31 | In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() Th… | |
| CVE-2025-40087 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles … | |
| CVE-2025-40088 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_str… | |
| CVE-2025-40093 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __fre… | |
| CVE-2025-40100 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when… | |
| CVE-2025-40097 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hda_compone… | |
| CVE-2025-40089 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_featu… | |
| CVE-2025-40095 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __f… | |
| CVE-2025-40091 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlink_free() in ixgbe_remove… | |
| CVE-2025-40098 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in… | |
| CVE-2025-40092 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Refactor bind path to use __fre… | |
| CVE-2025-40102 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before in… | |
| CVE-2025-40105 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount Whe… | |
| CVE-2025-40086 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in a… | |
| CVE-2025-40094 | linux | Awaiting NVD | — | 2025-10-30 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_acm: Refactor bind path to use __fre… |