SB2025042544 - openEuler 24.03 LTS SP1 update for kernel
Published: April 25, 2025 Updated: September 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 133 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2023-53034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the switchtec_ntb_mw_set_trans() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can perform a denial of service (DoS) attack.
2) Integer overflow (CVE-ID: CVE-2024-52559)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the msm_ioctl_gem_submit() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can execute arbitrary code.
3) Input validation error (CVE-ID: CVE-2024-52560)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the compare_attr(), mi_new_attt_id(), mi_enum_attr(), mi_format_new() and mi_insert_attr() functions in fs/ntfs3/record.c, within the ni_std(), ni_std5(), ni_find_attr(), ni_enum_attr_ex(), ni_load_attr(), ni_remove_attr(), al_remove_le(), ni_ins_new_attr(), ni_try_remove_attr_list(), ni_create_attr_list(), ni_ins_attr_ext(), ni_insert_attr(), ni_expand_mft_list(), ni_expand_list() and ni_write_inode() functions in fs/ntfs3/frecord.c, within the mi_find_attr() and attr_collapse_range() functions in fs/ntfs3/attrib.c. A local user can perform a denial of service (DoS) attack.
4) Out-of-bounds read (CVE-ID: CVE-2024-53162)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the uof_get_name() function in drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2024-53179)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_get_sign_key(), smb2_find_smb_ses_unlocked(), smb2_calc_signature() and smb3_calc_signature() functions in fs/smb/client/smb2transport.c. A local user can escalate privileges on the system.
6) Use-after-free (CVE-ID: CVE-2024-54458)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ufs_bsg_remove() function in drivers/ufs/core/ufs_bsg.c. A local user can escalate privileges on the system.
7) Resource management error (CVE-ID: CVE-2024-55881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the complete_hypercall_exit() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
8) Out-of-bounds read (CVE-ID: CVE-2024-56616)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drm_dp_decode_sideband_msg_hdr() function in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2024-56664)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_map_lookup_sys() function in net/core/sock_map.c. A local user can escalate privileges on the system.
10) Memory leak (CVE-ID: CVE-2024-56710)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __ceph_sync_read() and ceph_direct_read_write() functions in fs/ceph/file.c. A local user can perform a denial of service (DoS) attack.
11) Use-after-free (CVE-ID: CVE-2024-57795)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_query_port(), rxe_enable_driver(), INIT_RDMA_OBJ_SIZE() and rxe_register_device() functions in drivers/infiniband/sw/rxe/rxe_verbs.c, within the rxe_parent_name(), rxe_net_add() and rxe_port_down() functions in drivers/infiniband/sw/rxe/rxe_net.c, within the rxe_mcast_add() function in drivers/infiniband/sw/rxe/rxe_mcast.c, within the rxe_dealloc(), rxe_init_device_param(), rxe_init_port_param() and rxe_set_mtu() functions in drivers/infiniband/sw/rxe/rxe.c. A local user can escalate privileges on the system.
12) Use-after-free (CVE-ID: CVE-2024-57857)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the siw_query_device(), siw_query_port() and siw_query_qp() functions in drivers/infiniband/sw/siw/siw_verbs.c, within the siw_device_create(), siw_netdev_event() and siw_newlink() functions in drivers/infiniband/sw/siw/siw_main.c, within the siw_create_listen() and siw_cep_set_free_and_put() functions in drivers/infiniband/sw/siw/siw_cm.c. A local user can escalate privileges on the system.
13) Memory leak (CVE-ID: CVE-2024-57908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmx61_trigger_handler() function in drivers/iio/imu/kmx61.c. A local user can perform a denial of service (DoS) attack.
14) Memory leak (CVE-ID: CVE-2024-57911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_simple_dummy_trigger_h() function in drivers/iio/dummy/iio_simple_dummy_buffer.c. A local user can perform a denial of service (DoS) attack.
15) Memory leak (CVE-ID: CVE-2024-57912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zpa2326_fill_sample_buffer() function in drivers/iio/pressure/zpa2326.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2024-57929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_ablock() function in drivers/md/persistent-data/dm-array.c. A local user can perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2024-57952)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the simple_offset_destroy(), offset_dir_open(), offset_dir_llseek(), offset_dir_emit() and offset_iterate_dir() functions in fs/libfs.c. A local user can perform a denial of service (DoS) attack.
18) Out-of-bounds read (CVE-ID: CVE-2024-57996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sfq_change() function in net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
19) Improper locking (CVE-ID: CVE-2024-57999)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enable_ddw() and spapr_tce_create_table() functions in arch/powerpc/platforms/pseries/iommu.c, within the iommu_table_clear() function in arch/powerpc/kernel/iommu.c. A local user can perform a denial of service (DoS) attack.
20) Resource management error (CVE-ID: CVE-2024-58002)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the uvc_v4l2_release() function in drivers/media/usb/uvc/uvc_v4l2.c, within the uvc_ctrl_send_slave_event(), uvc_ctrl_status_event(), uvc_ctrl_commit_entity() and uvc_ctrl_init_device() functions in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.
21) Buffer overflow (CVE-ID: CVE-2024-58003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ub953_subdev_uninit() function in drivers/media/i2c/ds90ub953.c, within the ub913_subdev_uninit() function in drivers/media/i2c/ds90ub913.c. A local user can perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2024-58007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qcom_socinfo_probe() function in drivers/soc/qcom/socinfo.c. A local user can perform a denial of service (DoS) attack.
23) NULL pointer dereference (CVE-ID: CVE-2024-58009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
24) NULL pointer dereference (CVE-ID: CVE-2024-58011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the skl_int3472_tps68470_probe() function in drivers/platform/x86/intel/int3472/tps68470.c, within the skl_int3472_discrete_probe() function in drivers/platform/x86/intel/int3472/discrete.c. A local user can perform a denial of service (DoS) attack.
25) Use-after-free (CVE-ID: CVE-2024-58013)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_remove_adv_monitor_complete() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.
26) Out-of-bounds read (CVE-ID: CVE-2024-58014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the wlc_phy_iqcal_gainparams_nphy() function in drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c. A local user can perform a denial of service (DoS) attack.
27) Resource management error (CVE-ID: CVE-2024-58016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the handle_policy_update() function in security/safesetid/securityfs.c. A local user can perform a denial of service (DoS) attack.
28) Integer overflow (CVE-ID: CVE-2024-58017)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __alignof__() function in kernel/printk/printk.c. A local user can execute arbitrary code.
29) NULL pointer dereference (CVE-ID: CVE-2024-58076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/gcc-sm6350.c. A local user can perform a denial of service (DoS) attack.
30) Use-after-free (CVE-ID: CVE-2024-58079)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_gpio_parse() and uvc_unregister_video() functions in drivers/media/usb/uvc/uvc_driver.c. A local user can escalate privileges on the system.
31) Use-after-free (CVE-ID: CVE-2024-58083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/kvm_host.h. A local user can escalate privileges on the system.
32) Input validation error (CVE-ID: CVE-2024-58086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the v3d_perfmon_destroy_ioctl() function in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.
33) NULL pointer dereference (CVE-ID: CVE-2024-58088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cgroup_storage_map_alloc() function in kernel/bpf/bpf_cgrp_storage.c. A local user can perform a denial of service (DoS) attack.
34) Infinite loop (CVE-ID: CVE-2024-58090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the !defined() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
35) NULL pointer dereference (CVE-ID: CVE-2025-21636)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_udp_port() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
36) NULL pointer dereference (CVE-ID: CVE-2025-21637)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
37) NULL pointer dereference (CVE-ID: CVE-2025-21638)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_alpha_beta() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
38) NULL pointer dereference (CVE-ID: CVE-2025-21640)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
39) Infinite loop (CVE-ID: CVE-2025-21665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the folio_seek_hole_data() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
40) NULL pointer dereference (CVE-ID: CVE-2025-21666)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and vsock_connectible_has_data() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
41) NULL pointer dereference (CVE-ID: CVE-2025-21669)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the virtio_transport_recv_pkt() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
42) NULL pointer dereference (CVE-ID: CVE-2025-21675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_lag_port_sel_create() and mlx5_destroy_ttc_table() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c. A local user can perform a denial of service (DoS) attack.
43) Resource management error (CVE-ID: CVE-2025-21690)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dev_warn() and storvsc_on_io_completion() functions in drivers/scsi/storvsc_drv.c. A local user can perform a denial of service (DoS) attack.
44) Out-of-bounds read (CVE-ID: CVE-2025-21692)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
45) NULL pointer dereference (CVE-ID: CVE-2025-21697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.
46) Use-after-free (CVE-ID: CVE-2025-21700)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
47) Improper locking (CVE-ID: CVE-2025-21701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ethnl_ops_begin() function in net/ethtool/netlink.c. A local user can perform a denial of service (DoS) attack.
48) Use of uninitialized resource (CVE-ID: CVE-2025-21709)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mt_set_in_rcu() function in kernel/fork.c, within the register_for_each_vma() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
49) Improper Initialization (CVE-ID: CVE-2025-21712)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the md_seq_show() function in drivers/md/md.c, within the bitmap_get_stats() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
50) Input validation error (CVE-ID: CVE-2025-21721)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_rename() function in fs/nilfs2/namei.c, within the nilfs_inode_by_name(), nilfs_set_link() and nilfs_delete_entry() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
51) Buffer overflow (CVE-ID: CVE-2025-21735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nci_hci_create_pipe() function in net/nfc/nci/hci.c. A local user can escalate privileges on the system.
52) Memory leak (CVE-ID: CVE-2025-21739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ufshcd_pltfrm_init() and ufshcd_pltfrm_remove() functions in drivers/ufs/host/ufshcd-pltfrm.c, within the ufshcd_pci_remove() and ufshcd_pci_probe() functions in drivers/ufs/host/ufshcd-pci.c, within the EXPORT_SYMBOL_GPL(), ufshcd_set_dma_mask() and ufshcd_alloc_host() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
53) Out-of-bounds read (CVE-ID: CVE-2025-21741)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
54) Out-of-bounds read (CVE-ID: CVE-2025-21742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
55) NULL pointer dereference (CVE-ID: CVE-2025-21744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_txfinalize() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can perform a denial of service (DoS) attack.
56) Input validation error (CVE-ID: CVE-2025-21746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the synaptics_pt_stop(), synaptics_pt_create() and synaptics_process_byte() functions in drivers/input/mouse/synaptics.c. A local user can perform a denial of service (DoS) attack.
57) Integer overflow (CVE-ID: CVE-2025-21748)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ksmbd_ipc_spnego_authen_request(), ksmbd_rpc_write() and ksmbd_rpc_ioctl() functions in fs/smb/server/transport_ipc.c. A local user can execute arbitrary code.
58) Improper locking (CVE-ID: CVE-2025-21749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rose_bind() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.
59) Use-after-free (CVE-ID: CVE-2025-21753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/btrfs/transaction.c. A local user can escalate privileges on the system.
60) Buffer overflow (CVE-ID: CVE-2025-21758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
61) Use-after-free (CVE-ID: CVE-2025-21759)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mld_send_cr() and igmp6_send() functions in net/ipv6/mcast.c. A local user can escalate privileges on the system.
62) Use-after-free (CVE-ID: CVE-2025-21760)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_nd_hdr() and ndisc_send_skb() functions in net/ipv6/ndisc.c. A local user can escalate privileges on the system.
63) Use-after-free (CVE-ID: CVE-2025-21761)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovs_vport_cmd_fill_info() function in net/openvswitch/datapath.c. A local user can escalate privileges on the system.
64) Use-after-free (CVE-ID: CVE-2025-21762)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arp_xmit_finish() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
65) Use-after-free (CVE-ID: CVE-2025-21763)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __neigh_notify() function in net/core/neighbour.c. A local user can escalate privileges on the system.
66) Use-after-free (CVE-ID: CVE-2025-21764)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.
67) Input validation error (CVE-ID: CVE-2025-21765)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip6_default_advmss() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
68) Input validation error (CVE-ID: CVE-2025-21766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the out: kfree_skb_reason() and __ip_rt_update_pmtu() functions in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
69) Out-of-bounds read (CVE-ID: CVE-2025-21772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mac_partition() function in block/partitions/mac.c. A local user can perform a denial of service (DoS) attack.
70) NULL pointer dereference (CVE-ID: CVE-2025-21773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the es58x_devlink_info_get() function in drivers/net/can/usb/etas_es58x/es58x_devlink.c. A local user can perform a denial of service (DoS) attack.
71) NULL pointer dereference (CVE-ID: CVE-2025-21775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ctucan_err_interrupt() function in drivers/net/can/ctucanfd/ctucanfd_base.c. A local user can perform a denial of service (DoS) attack.
72) NULL pointer dereference (CVE-ID: CVE-2025-21779)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_hv_send_ipi() and kvm_get_hv_cpuid() functions in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.
73) Buffer overflow (CVE-ID: CVE-2025-21780)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the smu_sys_set_pp_table() function in drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c. A local user can escalate privileges on the system.
74) Resource management error (CVE-ID: CVE-2025-21781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the batadv_v_elp_start_timer() and batadv_v_elp_get_throughput() functions in net/batman-adv/bat_v_elp.c. A local user can perform a denial of service (DoS) attack.
75) Input validation error (CVE-ID: CVE-2025-21784)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the psp_init_cap_microcode() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.
76) NULL pointer dereference (CVE-ID: CVE-2025-21790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vxlan_init() function in drivers/net/vxlan/vxlan_core.c. A local user can perform a denial of service (DoS) attack.
77) Memory leak (CVE-ID: CVE-2025-21792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_setsockopt() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
78) Division by zero (CVE-ID: CVE-2025-21793)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the f_ospi_get_dummy_cycle() function in drivers/spi/spi-sn-f-ospi.c. A local user can perform a denial of service (DoS) attack.
79) Resource management error (CVE-ID: CVE-2025-21821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the omap_init_lcd_dma() function in drivers/video/fbdev/omap/lcd_dma.c. A local user can perform a denial of service (DoS) attack.
80) Buffer overflow (CVE-ID: CVE-2025-21826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nft_set_desc_concat_parse() and nft_set_desc_concat() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
81) Resource management error (CVE-ID: CVE-2025-21830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_mode_access() function in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.
82) Input validation error (CVE-ID: CVE-2025-21831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_PCI_FIXUP_SUSPEND() function in arch/x86/pci/fixup.c. A local user can perform a denial of service (DoS) attack.
83) Memory leak (CVE-ID: CVE-2025-21835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the f_midi_bind() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.
84) Buffer overflow (CVE-ID: CVE-2025-21836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_destroy_buffers() and io_register_pbuf_ring() functions in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.
85) Input validation error (CVE-ID: CVE-2025-21838)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_del_gadget() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
86) NULL pointer dereference (CVE-ID: CVE-2025-21847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc_msg_data() function in sound/soc/sof/stream-ipc.c. A local user can perform a denial of service (DoS) attack.
87) NULL pointer dereference (CVE-ID: CVE-2025-21848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_bpf_cmsg_alloc() function in drivers/net/ethernet/netronome/nfp/bpf/cmsg.c. A local user can perform a denial of service (DoS) attack.
88) Use-after-free (CVE-ID: CVE-2025-21855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmvnic_xmit() and netif_stop_subqueue() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can escalate privileges on the system.
89) NULL pointer dereference (CVE-ID: CVE-2025-21857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcf_exts_miss_cookie_base_alloc() function in net/sched/cls_api.c. A local user can perform a denial of service (DoS) attack.
90) Use-after-free (CVE-ID: CVE-2025-21858)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the geneve_destroy_tunnels() function in drivers/net/geneve.c. A local user can escalate privileges on the system.
91) Improper locking (CVE-ID: CVE-2025-21859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f_midi_complete() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.
92) Improper locking (CVE-ID: CVE-2025-21862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_net_drop_monitor() and exit_net_drop_monitor() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
93) Out-of-bounds read (CVE-ID: CVE-2025-21866)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the text_area_cpu_up() function in arch/powerpc/lib/code-patching.c. A local user can perform a denial of service (DoS) attack.
94) Use-after-free (CVE-ID: CVE-2025-21867)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_test_init() function in net/bpf/test_run.c. A local user can escalate privileges on the system.
95) NULL pointer dereference (CVE-ID: CVE-2025-21870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc4_widget_setup_comp_dai() and sof_ipc4_prepare_copier_module() functions in sound/soc/sof/ipc4-topology.c. A local user can perform a denial of service (DoS) attack.
96) Improper locking (CVE-ID: CVE-2025-21871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the optee_supp_thrd_req() function in drivers/tee/optee/supp.c. A local user can perform a denial of service (DoS) attack.
97) Input validation error (CVE-ID: CVE-2025-21873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ufshcd_rpm_put_sync() function in drivers/ufs/core/ufs_bsg.c. A local user can perform a denial of service (DoS) attack.
98) Resource management error (CVE-ID: CVE-2025-21877)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the genelink_bind() function in drivers/net/usb/gl620a.c. A local user can perform a denial of service (DoS) attack.
99) Improper locking (CVE-ID: CVE-2025-21878)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the npcm_i2c_probe_bus() function in drivers/i2c/busses/i2c-npcm7xx.c. A local user can perform a denial of service (DoS) attack.
100) Input validation error (CVE-ID: CVE-2025-21881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
101) Use-after-free (CVE-ID: CVE-2025-21883)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ice_initialize_vf_entry() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c, within the ice_free_vf_entries() and ice_free_vfs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can escalate privileges on the system.
102) Improper locking (CVE-ID: CVE-2025-21885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c. A local user can perform a denial of service (DoS) attack.
103) Use-after-free (CVE-ID: CVE-2025-21888)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_free_priv_descs() function in drivers/infiniband/hw/mlx5/mr.c. A local user can escalate privileges on the system.
104) Improper locking (CVE-ID: CVE-2025-21892)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5r_umr_cleanup(), mlx5r_umr_recover() and mlx5r_umr_post_send_wait() functions in drivers/infiniband/hw/mlx5/umr.c. A local user can perform a denial of service (DoS) attack.
105) Resource management error (CVE-ID: CVE-2025-21895)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the find_get_pmu_context() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
106) Division by zero (CVE-ID: CVE-2025-21898)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the function_stat_show() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
107) Improper error handling (CVE-ID: CVE-2025-21899)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the event_hist_trigger_parse() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
108) Improper locking (CVE-ID: CVE-2025-21910)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_an_alpha2() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
109) Use-after-free (CVE-ID: CVE-2025-21914)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the slim_do_transfer() function in drivers/slimbus/messaging.c. A local user can escalate privileges on the system.
110) Use-after-free (CVE-ID: CVE-2025-21923)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the steam_remove() function in drivers/hid/hid-steam.c. A local user can escalate privileges on the system.
111) Buffer overflow (CVE-ID: CVE-2025-21927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvme_tcp_queue_id() and nvme_tcp_recv_pdu() functions in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
112) Use-after-free (CVE-ID: CVE-2025-21928)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ishtp_hid_remove() function in drivers/hid/intel-ish-hid/ishtp-hid.c. A local user can escalate privileges on the system.
113) Use-after-free (CVE-ID: CVE-2025-21935)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rio_scan_alloc_net() function in drivers/rapidio/rio-scan.c. A local user can escalate privileges on the system.
114) NULL pointer dereference (CVE-ID: CVE-2025-21941)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resource_build_scaling_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
115) Improper locking (CVE-ID: CVE-2025-21943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the new_device_store(), kfree() and delete_device_store() functions in drivers/gpio/gpio-aggregator.c. A local user can perform a denial of service (DoS) attack.
116) Out-of-bounds read (CVE-ID: CVE-2025-21946)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_sid() and parse_sec_desc() functions in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.
117) Improper error handling (CVE-ID: CVE-2025-21949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch_get_unmapped_area_common() function in arch/loongarch/mm/mmap.c. A local user can perform a denial of service (DoS) attack.
118) Integer overflow (CVE-ID: CVE-2025-21963)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
119) Integer overflow (CVE-ID: CVE-2025-21964)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
120) Resource management error (CVE-ID: CVE-2025-21976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hvfb_putmem(), hvfb_ops_damage_area(), hvfb_probe() and hvfb_remove() functions in drivers/video/fbdev/hyperv_fb.c. A local user can perform a denial of service (DoS) attack.
121) Memory leak (CVE-ID: CVE-2025-21978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hyperv_vmbus_probe() and hyperv_vmbus_remove() functions in drivers/gpu/drm/hyperv/hyperv_drm_drv.c. A local user can perform a denial of service (DoS) attack.
122) Out-of-bounds read (CVE-ID: CVE-2025-21993)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ibft_attr_show_nic() function in drivers/firmware/iscsi_ibft.c. A local user can perform a denial of service (DoS) attack.
123) Buffer overflow (CVE-ID: CVE-2025-21994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the parse_dacl() function in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.
124) Use-after-free (CVE-ID: CVE-2025-21999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
125) Input validation error (CVE-ID: CVE-2025-22008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the regulator_resolve_supply() and _regulator_get_common() functions in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
126) Resource management error (CVE-ID: CVE-2025-22013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_arch_vcpu_load_fp() function in arch/arm64/kvm/fpsimd.c, within the fpsimd_signal_preserve_current_state() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
127) Use-after-free (CVE-ID: CVE-2025-22035)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wakeup_trace_open() function in kernel/trace/trace_sched_wakeup.c, within the irqsoff_trace_open() function in kernel/trace/trace_irqsoff.c, within the graph_trace_close() function in kernel/trace/trace_functions_graph.c. A local user can escalate privileges on the system.
128) Out-of-bounds read (CVE-ID: CVE-2025-22038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sid_to_id() function in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.
129) Buffer overflow (CVE-ID: CVE-2025-22049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch/loongarch/include/asm/cache.h. A local user can perform a denial of service (DoS) attack.
130) NULL pointer dereference (CVE-ID: CVE-2025-22066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imx_card_probe() function in sound/soc/fsl/imx-card.c. A local user can perform a denial of service (DoS) attack.
131) Improper locking (CVE-ID: CVE-2025-22120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_setattr() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
132) NULL pointer dereference (CVE-ID: CVE-2025-23136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the int3402_thermal_probe() function in drivers/thermal/intel/int340x_thermal/int3402_thermal.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2025-38240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_dp_parse_capabilities() and mtk_dp_wait_hpd_asserted() functions in drivers/gpu/drm/mediatek/mtk_dp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.