Debian update for linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 108 |
| CVE-ID | CVE-2023-52857 CVE-2023-52927 CVE-2024-24855 CVE-2024-26656 CVE-2024-26767 CVE-2024-26982 CVE-2024-27056 CVE-2024-35866 CVE-2024-38611 CVE-2024-40973 CVE-2024-42129 CVE-2024-43831 CVE-2024-46772 CVE-2024-47753 CVE-2024-47754 CVE-2024-50056 CVE-2024-50246 CVE-2024-53166 CVE-2024-57977 CVE-2024-58002 CVE-2024-58005 CVE-2024-58079 CVE-2024-58090 CVE-2025-21702 CVE-2025-21712 CVE-2025-21721 CVE-2025-21756 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21848 CVE-2025-21855 CVE-2025-21858 CVE-2025-21859 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21867 CVE-2025-21871 CVE-2025-21875 CVE-2025-21877 CVE-2025-21878 CVE-2025-21881 CVE-2025-21887 CVE-2025-21891 CVE-2025-21898 CVE-2025-21899 CVE-2025-21904 CVE-2025-21905 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21919 CVE-2025-21920 CVE-2025-21922 CVE-2025-21924 CVE-2025-21925 CVE-2025-21926 CVE-2025-21928 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21938 CVE-2025-21941 CVE-2025-21943 CVE-2025-21944 CVE-2025-21945 CVE-2025-21947 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21956 CVE-2025-21957 CVE-2025-21959 CVE-2025-21960 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21968 CVE-2025-21970 CVE-2025-21971 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21980 CVE-2025-21981 CVE-2025-21986 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21994 CVE-2025-21996 CVE-2025-21997 CVE-2025-21999 CVE-2025-22004 CVE-2025-22005 CVE-2025-22007 CVE-2025-22008 CVE-2025-22010 CVE-2025-22014 CVE-2025-22015 |
| CWE-ID | CWE-190 CWE-20 CWE-362 CWE-416 CWE-835 CWE-399 CWE-401 CWE-476 CWE-119 CWE-667 CWE-665 CWE-388 CWE-125 CWE-908 CWE-369 CWE-617 CWE-682 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #27 is available. |
| Vulnerable software |
Debian Linux Operating systems & Components / Operating system linux (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 108 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU91178
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52857
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the mtk_plane_update_new_state() function in drivers/gpu/drm/mediatek/mtk_drm_plane.c, within the mtk_drm_gem_dumb_create() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can execute arbitrary code.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU105746
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52927
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_ct_set_zone_eval() and nft_ct_tmpl_alloc_pcpu() functions in net/netfilter/nft_ct.c, within the EXPORT_SYMBOL_GPL() and nf_ct_find_expectation() functions in net/netfilter/nf_conntrack_expect.c, within the init_conntrack() function in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU87602
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24855
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU88145
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26656
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl
to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.
Update linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU91415
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26767
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the link_validate_dpia_bandwidth() function in drivers/gpu/drm/amd/display/dc/link/link_validation.c, within the get_firmware_info_v3_2(), get_integrated_info_v11(), get_integrated_info_v2_1() and get_integrated_info_v2_2() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU90857
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26982
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU92983
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27056
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_sta_ensure_queue() function in drivers/net/wireless/intel/iwlwifi/mvm/sta.c, within the __iwl_mvm_suspend() function in drivers/net/wireless/intel/iwlwifi/mvm/d3.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90153
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35866
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_dump_full_key() function in fs/smb/client/ioctl.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU92298
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38611
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU94241
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40973
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU95059
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42129
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlxreg_led_probe() function in drivers/leds/leds-mlxreg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU96196
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43831
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU97567
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46772
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dcn315_populate_dml_pipes_from_context() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU99046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47753
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vdec_vp8_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU99047
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vdec_h264_slice_single_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU99204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50056
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the find_format_by_pix(), uvc_v4l2_try_format() and uvc_v4l2_enum_format() functions in drivers/usb/gadget/function/uvc_v4l2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU100203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50246
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU102048
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53166
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_choose_req(), bfqq_request_over_limit() and bfq_limit_depth() functions in block/bfq-iosched.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU105026
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57977
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dump_tasks() function in mm/oom_kill.c, within the mem_cgroup_scan_tasks() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU105071
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58002
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the uvc_v4l2_release() function in drivers/media/usb/uvc/uvc_v4l2.c, within the uvc_ctrl_send_slave_event(), uvc_ctrl_status_event(), uvc_ctrl_commit_entity() and uvc_ctrl_init_device() functions in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource management error
EUVDB-ID: #VU105072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58005
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tpm_is_tpm2_log() and tpm_read_log_acpi() functions in drivers/char/tpm/eventlog/acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU105390
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58079
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_gpio_parse() and uvc_unregister_video() functions in drivers/media/usb/uvc/uvc_driver.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Infinite loop
EUVDB-ID: #VU106127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58090
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the !defined() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Resource management error
EUVDB-ID: #VU104074
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21702
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper Initialization
EUVDB-ID: #VU105061
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21712
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the md_seq_show() function in drivers/md/md.c, within the bitmap_get_stats() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU105036
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21721
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_rename() function in fs/nilfs2/namei.c, within the nilfs_inode_by_name(), nilfs_set_link() and nilfs_delete_entry() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU104945
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2025-21756
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and __vsock_release() functions in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
28) Input validation error
EUVDB-ID: #VU105473
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21838
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_del_gadget() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU105659
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21844
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU105660
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21846
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_acct_process(), acct_pin_kill(), close_work(), encode_float() and fill_ac() functions in kernel/acct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU105662
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21848
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_bpf_cmsg_alloc() function in drivers/net/ethernet/netronome/nfp/bpf/cmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU105652
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmvnic_xmit() and netif_stop_subqueue() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU105654
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21858
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the geneve_destroy_tunnels() function in drivers/net/geneve.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper locking
EUVDB-ID: #VU105669
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21859
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f_midi_complete() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU105670
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21862
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_net_drop_monitor() and exit_net_drop_monitor() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory leak
EUVDB-ID: #VU105675
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21864
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_add_backlog() function in net/ipv4/tcp_ipv4.c, within the tcp_ofo_queue(), tcp_queue_rcv(), tcp_data_queue() and tcp_rcv_established() functions in net/ipv4/tcp_input.c, within the tcp_fastopen_add_skb() function in net/ipv4/tcp_fastopen.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper error handling
EUVDB-ID: #VU105672
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21865
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the gtp_net_exit_batch_rtnl() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU105656
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21866
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the text_area_cpu_up() function in arch/powerpc/lib/code-patching.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU106112
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_test_init() function in net/bpf/test_run.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU106122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21871
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the optee_supp_thrd_req() function in drivers/tee/optee/supp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU106115
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21875
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_nl_remove_subflow_and_signal_addr() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Resource management error
EUVDB-ID: #VU106132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21877
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the genelink_bind() function in drivers/net/usb/gl620a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper locking
EUVDB-ID: #VU106117
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21878
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the npcm_i2c_probe_bus() function in drivers/i2c/busses/i2c-npcm7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Input validation error
EUVDB-ID: #VU106124
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21881
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU106110
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21887
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovl_link_up() function in fs/overlayfs/copy_up.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use of uninitialized resource
EUVDB-ID: #VU106125
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21891
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ipvlan_addr_lookup() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Division by zero
EUVDB-ID: #VU106846
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21898
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the function_stat_show() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper error handling
EUVDB-ID: #VU106811
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21899
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the event_hist_trigger_parse() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU106736
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/caif/caif_virtio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Buffer overflow
EUVDB-ID: #VU106865
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21905
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_parse_tlv_firmware() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Input validation error
EUVDB-ID: #VU106869
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21909
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_monitor_flags() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper locking
EUVDB-ID: #VU106800
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21910
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_an_alpha2() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper locking
EUVDB-ID: #VU106792
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21912
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gpio_rcar_config_interrupt_input_mode(), gpio_rcar_config_general_input_output_mode(), gpio_rcar_get_multiple(), gpio_rcar_set(), gpio_rcar_set_multiple() and gpio_rcar_probe() functions in drivers/gpio/gpio-rcar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Resource management error
EUVDB-ID: #VU106857
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21913
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the early_is_amd_nb() and amd_get_mmconfig_range() functions in arch/x86/kernel/amd_nb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Use-after-free
EUVDB-ID: #VU106585
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21914
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the slim_do_transfer() function in drivers/slimbus/messaging.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Resource management error
EUVDB-ID: #VU106858
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21916
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) NULL pointer dereference
EUVDB-ID: #VU106731
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU106726
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_init() and ucsi_unregister() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Input validation error
EUVDB-ID: #VU106804
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21919
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the child_cfs_rq_on_list() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Memory leak
EUVDB-ID: #VU106554
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21920
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vlan_check_real_dev() function in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use of uninitialized resource
EUVDB-ID: #VU106839
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21922
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_send_frame() and ppp_receive_nonmp_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Resource management error
EUVDB-ID: #VU106852
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21924
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hclge_ptp_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper error handling
EUVDB-ID: #VU106812
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21925
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the llc_sap_action_unitdata_ind(), llc_sap_action_send_ui() and llc_sap_action_send_test_c() functions in net/llc/llc_s_ac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improper error handling
EUVDB-ID: #VU106815
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21926
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU106598
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21928
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ishtp_hid_remove() function in drivers/hid/intel-ish-hid/ishtp-hid.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU106606
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21934
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rio_mport_add_riodev() function in drivers/rapidio/devices/rio_mport_cdev.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU106611
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21935
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rio_scan_alloc_net() function in drivers/rapidio/rio-scan.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) NULL pointer dereference
EUVDB-ID: #VU106713
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21936
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_device_connected() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU106709
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21937
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_remote_name() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Resource management error
EUVDB-ID: #VU106851
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21938
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __mptcp_pm_release_addr_entry(), mptcp_pm_nl_append_new_local_addr(), mptcp_pm_nl_get_local_id() and mptcp_pm_nl_add_addr_doit() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) NULL pointer dereference
EUVDB-ID: #VU106704
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21941
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resource_build_scaling_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper locking
EUVDB-ID: #VU106768
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the new_device_store(), kfree() and delete_device_store() functions in drivers/gpio/gpio-aggregator.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Improper locking
EUVDB-ID: #VU106762
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21944
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfs_lock_file() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use-after-free
EUVDB-ID: #VU106621
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21945
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_del() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Race condition
EUVDB-ID: #VU106847
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21947
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the handle_response() function in fs/smb/server/transport_ipc.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU106674
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21948
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the appleir_raw_event() function in drivers/hid/hid-appleir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Memory leak
EUVDB-ID: #VU106561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21950
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pmcmd_ioctl() function in drivers/virt/acrn/hsm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Improper locking
EUVDB-ID: #VU106753
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21951
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mhi_pci_recovery_work() function in drivers/bus/mhi/host/pci_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Resource management error
EUVDB-ID: #VU106860
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21956
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_norm_pix_clk() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) NULL pointer dereference
EUVDB-ID: #VU106695
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla1280_64bit_start_scsi() function in drivers/scsi/qla1280.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use of uninitialized resource
EUVDB-ID: #VU106840
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21959
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the raw_smp_processor_id() function in net/netfilter/nf_conncount.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Reachable assertion
EUVDB-ID: #VU106809
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21960
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the bnxt_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Integer overflow
EUVDB-ID: #VU106841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21962
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Integer overflow
EUVDB-ID: #VU106842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21963
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Integer overflow
EUVDB-ID: #VU106843
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21964
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU106629
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21968
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_destroy() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Input validation error
EUVDB-ID: #VU106806
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21970
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_esw_bridge_lag_rep_get(), mlx5_esw_bridge_is_local() and mlx5_esw_bridge_switchdev_event() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bridge.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Incorrect calculation
EUVDB-ID: #VU106863
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21971
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the tc_ctl_tclass() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) NULL pointer dereference
EUVDB-ID: #VU106686
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21975
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_chains_create_table() function in drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Memory leak
EUVDB-ID: #VU106573
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21978
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hyperv_vmbus_probe() and hyperv_vmbus_remove() functions in drivers/gpu/drm/hyperv/hyperv_drm_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU106640
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cfg80211_dev_free() function in net/wireless/core.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU106683
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21980
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gred_destroy() function in net/sched/sch_gred.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Memory leak
EUVDB-ID: #VU106578
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21981
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ice_init_arfs() function in drivers/net/ethernet/intel/ice/ice_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Improper locking
EUVDB-ID: #VU106741
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21986
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the switchdev_port_obj_act_is_deferred(), EXPORT_SYMBOL_GPL() and call_switchdev_blocking_notifiers() functions in net/switchdev/switchdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Out-of-bounds read
EUVDB-ID: #VU106647
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21991
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the load_microcode_amd() function in arch/x86/kernel/cpu/microcode/amd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Input validation error
EUVDB-ID: #VU106867
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21992
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Out-of-bounds read
EUVDB-ID: #VU106651
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21993
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ibft_attr_show_nic() function in drivers/firmware/iscsi_ibft.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Buffer overflow
EUVDB-ID: #VU106864
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21994
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the parse_dacl() function in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Use of uninitialized resource
EUVDB-ID: #VU106963
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21996
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the radeon_vce_cs_parse() function in drivers/gpu/drm/radeon/radeon_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Integer overflow
EUVDB-ID: #VU106964
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21997
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the xp_create_and_assign_umem() function in net/xdp/xsk_buff_pool.c. A local user can execute arbitrary code.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Use-after-free
EUVDB-ID: #VU106955
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21999
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Use-after-free
EUVDB-ID: #VU106956
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22004
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lec_send() function in net/atm/lec.c. A local user can escalate privileges on the system.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Memory leak
EUVDB-ID: #VU106954
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22005
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the in6_dev_put() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) NULL pointer dereference
EUVDB-ID: #VU106961
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22007
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the chan_alloc_skb_cb() function in net/bluetooth/6lowpan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Input validation error
EUVDB-ID: #VU107813
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22008
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the regulator_resolve_supply() and _regulator_get_common() functions in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Improper locking
EUVDB-ID: #VU107750
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22010
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hem_list_alloc_root_bt(), hns_roce_hem_list_request() and hns_roce_hem_list_find_mtt() functions in drivers/infiniband/hw/hns/hns_roce_hem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Improper locking
EUVDB-ID: #VU107751
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pdr_locator_new_server() function in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) NULL pointer dereference
EUVDB-ID: #VU107730
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22015
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the folio_migrate_mapping() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate linux package to version 6.1.133-1.
Vulnerable software versionsDebian Linux: All versions
linux (Debian package): before 6.1.133-1
CPE2.3- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*
https://lists.debian.org/debian-security-announce/2025/msg00062.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
