SB2025061354 - SUSE update for the Linux Kernel
Published: June 13, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 321 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2023-52927)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_ct_set_zone_eval() and nft_ct_tmpl_alloc_pcpu() functions in net/netfilter/nft_ct.c, within the EXPORT_SYMBOL_GPL() and nf_ct_find_expectation() functions in net/netfilter/nf_conntrack_expect.c, within the init_conntrack() function in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
2) Out-of-bounds read (CVE-ID: CVE-2023-53034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the switchtec_ntb_mw_set_trans() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can perform a denial of service (DoS) attack.
3) Resource management error (CVE-ID: CVE-2024-27018)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to resource management error within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the br_nf_local_in() function in net/bridge/br_netfilter_hooks.c, within the br_netif_receive_skb(), br_pass_frame_up(), br_handle_frame_finish() and br_handle_frame() functions in net/bridge/br_input.c. A local user can execute arbitrary code.
4) Improper locking (CVE-ID: CVE-2024-27415)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_conntrack_init_end() function in net/netfilter/nf_conntrack_core.c, within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the IS_ENABLED() and br_nf_pre_routing() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2024-28956)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to an error in the hardware support for prediction-domain isolation dubbed "Indirect Target Selection". A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests.
6) Resource management error (CVE-ID: CVE-2024-35840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the subflow_finish_connect() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2024-35910)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.
8) Out-of-bounds read (CVE-ID: CVE-2024-38606)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_tl_data() and adf_tl_run() functions in drivers/crypto/intel/qat/qat_common/adf_telemetry.c, within the adf_gen4_init_tl_data() function in drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2024-41005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
10) Resource management error (CVE-ID: CVE-2024-43820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the raid_resume() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2024-46713)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2024-46763)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
13) Use-after-free (CVE-ID: CVE-2024-46782)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.
14) Use of uninitialized resource (CVE-ID: CVE-2024-46865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gue_gro_receive() function in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
15) Input validation error (CVE-ID: CVE-2024-47408)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_find_ism_v2_device_serv() function in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
16) Infinite loop (CVE-ID: CVE-2024-47794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the bpf_attach_type_to_tramp(), __bpf_trampoline_link_prog(), __bpf_trampoline_unlink_prog(), bpf_shim_tramp_link_release() and bpf_trampoline_link_cgroup_shim() functions in kernel/bpf/trampoline.c, within the bpf_tracing_link_release() and bpf_tracing_prog_attach() functions in kernel/bpf/syscall.c, within the bpf_prog_alloc_no_stats() function in kernel/bpf/core.c, within the prog_fd_array_get_ptr() function in kernel/bpf/arraymap.c. A local user can perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2024-49570)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/gpu/drm/xe/xe_trace_bo.h. A local user can escalate privileges on the system.
18) Input validation error (CVE-ID: CVE-2024-49571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_msg_prop_valid() function in net/smc/smc_clc.c, within the smc_listen_prfx_check() and smc_find_ism_v1_device_serv() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
19) Use-after-free (CVE-ID: CVE-2024-49924)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.
20) Integer overflow (CVE-ID: CVE-2024-49994)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the blk_ioctl_discard() and blk_ioctl_secure_erase() functions in block/ioctl.c. A local user can execute arbitrary code.
21) Resource management error (CVE-ID: CVE-2024-50038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.
22) Input validation error (CVE-ID: CVE-2024-50056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the find_format_by_pix(), uvc_v4l2_try_format() and uvc_v4l2_enum_format() functions in drivers/usb/gadget/function/uvc_v4l2.c. A local user can perform a denial of service (DoS) attack.
23) Resource management error (CVE-ID: CVE-2024-50083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.
24) Use-after-free (CVE-ID: CVE-2024-50106)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the destroy_delegation(), nfsd4_revoke_states(), nfs4_laundromat(), nfsd4_free_stateid() and nfsd4_delegreturn() functions in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
25) Use-after-free (CVE-ID: CVE-2024-50126)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_dump() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
26) Improper locking (CVE-ID: CVE-2024-50140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the task_work_add() function in kernel/task_work.c, within the task_tick_mm_cid() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
27) NULL pointer dereference (CVE-ID: CVE-2024-50223)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vma_next() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
28) Integer underflow (CVE-ID: CVE-2024-50290)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.
29) Use-after-free (CVE-ID: CVE-2024-53057)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
30) Resource management error (CVE-ID: CVE-2024-53063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
31) Race condition within a thread (CVE-ID: CVE-2024-53124)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_v6_do_rcv() function in net/ipv6/tcp_ipv6.c, within the dccp_v6_do_rcv() function in net/dccp/ipv6.c. A local user can corrupt data.
32) Use-after-free (CVE-ID: CVE-2024-53139)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_v6_available() function in net/sctp/ipv6.c. A local user can escalate privileges on the system.
33) Double free (CVE-ID: CVE-2024-53140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the netlink_skb_set_owner_r(), netlink_sock_destruct(), deferred_put_nlk_sk() and netlink_release() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
34) Off-by-one (CVE-ID: CVE-2024-53163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the uof_get_name() function in drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c. A local user can perform a denial of service (DoS) attack.
35) NULL pointer dereference (CVE-ID: CVE-2024-53680)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_vs_protocol_net_cleanup() and ip_vs_protocol_init() functions in net/netfilter/ipvs/ip_vs_proto.c. A local user can perform a denial of service (DoS) attack.
36) Use-after-free (CVE-ID: CVE-2024-54458)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ufs_bsg_remove() function in drivers/ufs/core/ufs_bsg.c. A local user can escalate privileges on the system.
37) Improper locking (CVE-ID: CVE-2024-54683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the idletimer_tg_destroy() and idletimer_tg_destroy_v1() functions in net/netfilter/xt_IDLETIMER.c. A local user can perform a denial of service (DoS) attack.
38) Input validation error (CVE-ID: CVE-2024-56638)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_inner_parse() and nft_inner_parse_needed() functions in net/netfilter/nft_inner.c. A local user can perform a denial of service (DoS) attack.
39) Use-after-free (CVE-ID: CVE-2024-56640)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_listen_out() and smc_listen_work() functions in net/smc/af_smc.c. A local user can escalate privileges on the system.
40) Resource management error (CVE-ID: CVE-2024-56641)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smc_sk_init(), smc_connect_rdma(), smc_connect_ism() and smc_listen_work() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
41) NULL pointer dereference (CVE-ID: CVE-2024-56702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SEC() function in tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c, within the reg_btf_record(), check_ptr_to_btf_access(), check_mem_access(), check_func_arg(), btf_check_func_arg_match(), check_kfunc_args(), sanitize_check_bounds(), adjust_ptr_min_max_vals() and convert_ctx_accesses() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
42) Improper locking (CVE-ID: CVE-2024-56703)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the |() function in tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh, within the fib6_select_path(), ip6_route_mpath_notify(), rt6_nlmsg_size(), rt6_fill_node() and inet6_rt_notify() functions in net/ipv6/route.c, within the fib6_del_route() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
43) Double free (CVE-ID: CVE-2024-56718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the smcr_link_down_cond_sched() and smc_link_down_work() functions in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
44) Use-after-free (CVE-ID: CVE-2024-56719)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can escalate privileges on the system.
45) Improper locking (CVE-ID: CVE-2024-56751)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6_dst_ifdown(), DEFINE_SPINLOCK() and rt6_remove_exception() functions in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
46) NULL pointer dereference (CVE-ID: CVE-2024-56758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the relocate_one_folio() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
47) Resource management error (CVE-ID: CVE-2024-56770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tfifo_reset(), tfifo_enqueue(), netem_enqueue() and netem_dequeue() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
48) Use-after-free (CVE-ID: CVE-2024-57900)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX() and ila_add_mapping() functions in net/ipv6/ila/ila_xlat.c. A local user can escalate privileges on the system.
49) Reachable assertion (CVE-ID: CVE-2024-57924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
50) Memory leak (CVE-ID: CVE-2024-57947)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_pipapo_avx2_lookup_slow() function in net/netfilter/nft_set_pipapo_avx2.c, within the nft_pipapo_lookup() and pipapo_get() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
51) Improper locking (CVE-ID: CVE-2024-57974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the compute_score() and __udp6_lib_lookup() functions in net/ipv6/udp.c, within the udp_ehashfn() and __udp4_lib_lookup() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
52) Reachable assertion (CVE-ID: CVE-2024-57998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the _find_opp_table(), _opp_table_find_key(), _find_key(), _find_key_exact(), _opp_table_find_key_ceil(), _find_key_ceil(), dev_pm_opp_find_freq_exact_indexed(), dev_pm_opp_find_freq_ceil_indexed(), dev_pm_opp_find_freq_floor_indexed(), dev_pm_opp_remove(), _opp_add_v1(), _opp_set_availability() and dev_pm_opp_adjust_voltage() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
53) Resource management error (CVE-ID: CVE-2024-58001)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.
54) Improper locking (CVE-ID: CVE-2024-58018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the r535_gsp_cmdq_push() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c. A local user can perform a denial of service (DoS) attack.
55) NULL pointer dereference (CVE-ID: CVE-2024-58019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the r535_gsp_msgq_wait() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c. A local user can perform a denial of service (DoS) attack.
56) NULL pointer dereference (CVE-ID: CVE-2024-58020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt_input_configured() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.
57) NULL pointer dereference (CVE-ID: CVE-2024-58068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the assert_clk_index(), dev_pm_opp_find_bw_ceil() and dev_pm_opp_find_bw_floor() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
58) Improper locking (CVE-ID: CVE-2024-58070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_local_storage_map_alloc() function in kernel/bpf/bpf_local_storage.c. A local user can perform a denial of service (DoS) attack.
59) Improper locking (CVE-ID: CVE-2024-58071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the team_port_add() function in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.
60) Resource management error (CVE-ID: CVE-2024-58074)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hsw_disable_crt(), hsw_post_disable_crt(), hsw_pre_pll_enable_crt(), hsw_pre_enable_crt() and hsw_enable_crt() functions in drivers/gpu/drm/i915/display/intel_crt.c. A local user can perform a denial of service (DoS) attack.
61) Use-after-free (CVE-ID: CVE-2024-58083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/kvm_host.h. A local user can escalate privileges on the system.
62) NULL pointer dereference (CVE-ID: CVE-2024-58088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cgroup_storage_map_alloc() function in kernel/bpf/bpf_cgrp_storage.c. A local user can perform a denial of service (DoS) attack.
63) NULL pointer dereference (CVE-ID: CVE-2024-58091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drm_fbdev_dma_helper_fb_dirty(), drm_fbdev_dma_driver_fbdev_probe_tail() and drm_fbdev_dma_driver_fbdev_probe() functions in drivers/gpu/drm/drm_fbdev_dma.c. A local user can perform a denial of service (DoS) attack.
64) Use-after-free (CVE-ID: CVE-2024-58093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.
65) Input validation error (CVE-ID: CVE-2024-58094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_truncate_nolock() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
66) Input validation error (CVE-ID: CVE-2024-58095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the extAlloc() and extRecord() functions in fs/jfs/jfs_extent.c. A local user can perform a denial of service (DoS) attack.
67) Resource management error (CVE-ID: CVE-2024-58096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_dp_rx_mon_dest_process(), ath11k_dp_full_mon_process_rx() and ath11k_hal_srng_access_end() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
68) Infinite loop (CVE-ID: CVE-2024-58097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ath11k_dp_rx_mon_mpdu_pop() and ath11k_dp_rx_full_mon_mpdu_pop() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
69) NULL pointer dereference (CVE-ID: CVE-2025-21635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ATOMIC_INIT(), sizeof(), rds_tcp_sysctl_reset() and rds_tcp_skbuf_handler() functions in net/rds/tcp.c. A local user can perform a denial of service (DoS) attack.
70) Buffer overflow (CVE-ID: CVE-2025-21648)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_ct_alloc_hashtable() function in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
71) Input validation error (CVE-ID: CVE-2025-21659)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the netdev_nl_napi_fill_one() and netdev_nl_napi_get_doit() functions in net/core/netdev-genl.c, within the dev_fill_forward_path() and napi_complete_done() functions in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
72) Memory leak (CVE-ID: CVE-2025-21683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the BPF_CALL_4() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
73) Resource management error (CVE-ID: CVE-2025-21696)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the move_ptes(), move_normal_pmd() and move_normal_pud() functions in mm/mremap.c, within the move_huge_pte() function in mm/hugetlb.c, within the move_soft_dirty_pmd() and move_huge_pmd() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
74) Improper locking (CVE-ID: CVE-2025-21701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ethnl_ops_begin() function in net/ethtool/netlink.c. A local user can perform a denial of service (DoS) attack.
75) Resource management error (CVE-ID: CVE-2025-21702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
76) Use-after-free (CVE-ID: CVE-2025-21703)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/sched/sch_netem.c. A local user can escalate privileges on the system.
77) Resource management error (CVE-ID: CVE-2025-21706)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_set_flags() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
78) Use of uninitialized resource (CVE-ID: CVE-2025-21707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_parse_option() and mptcp_get_options() functions in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
79) Out-of-bounds read (CVE-ID: CVE-2025-21717)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlx5e_open_xdpredirect_sq() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
80) Use-after-free (CVE-ID: CVE-2025-21729)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtw89_ops_cancel_hw_scan() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can escalate privileges on the system.
81) Memory leak (CVE-ID: CVE-2025-21739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ufshcd_pltfrm_init() and ufshcd_pltfrm_remove() functions in drivers/ufs/host/ufshcd-pltfrm.c, within the ufshcd_pci_remove() and ufshcd_pci_probe() functions in drivers/ufs/host/ufshcd-pci.c, within the EXPORT_SYMBOL_GPL(), ufshcd_set_dma_mask() and ufshcd_alloc_host() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
82) Use-after-free (CVE-ID: CVE-2025-21753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/btrfs/transaction.c. A local user can escalate privileges on the system.
83) NULL pointer dereference (CVE-ID: CVE-2025-21755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __vsock_release() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
84) Buffer overflow (CVE-ID: CVE-2025-21758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
85) Use-after-free (CVE-ID: CVE-2025-21759)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mld_send_cr() and igmp6_send() functions in net/ipv6/mcast.c. A local user can escalate privileges on the system.
86) Use-after-free (CVE-ID: CVE-2025-21760)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_nd_hdr() and ndisc_send_skb() functions in net/ipv6/ndisc.c. A local user can escalate privileges on the system.
87) Use-after-free (CVE-ID: CVE-2025-21761)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovs_vport_cmd_fill_info() function in net/openvswitch/datapath.c. A local user can escalate privileges on the system.
88) Use-after-free (CVE-ID: CVE-2025-21762)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arp_xmit_finish() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
89) Use-after-free (CVE-ID: CVE-2025-21763)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __neigh_notify() function in net/core/neighbour.c. A local user can escalate privileges on the system.
90) Use-after-free (CVE-ID: CVE-2025-21764)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.
91) Input validation error (CVE-ID: CVE-2025-21765)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip6_default_advmss() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
92) Input validation error (CVE-ID: CVE-2025-21766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the out: kfree_skb_reason() and __ip_rt_update_pmtu() functions in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
93) Memory leak (CVE-ID: CVE-2025-21768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_output_core() function in net/ipv6/seg6_iptunnel.c, within the rpl_output() function in net/ipv6/rpl_iptunnel.c. A local user can perform a denial of service (DoS) attack.
94) Out-of-bounds read (CVE-ID: CVE-2025-21772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mac_partition() function in block/partitions/mac.c. A local user can perform a denial of service (DoS) attack.
95) Out-of-bounds read (CVE-ID: CVE-2025-21782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the orangefs_debug_write() function in fs/orangefs/orangefs-debugfs.c. A local user can perform a denial of service (DoS) attack.
96) Input validation error (CVE-ID: CVE-2025-21787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the team_nl_options_set_doit() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
97) Memory leak (CVE-ID: CVE-2025-21792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_setsockopt() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
98) Use-after-free (CVE-ID: CVE-2025-21796)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the posix_acl_release() function in fs/nfsd/nfs3acl.c, within the posix_acl_release() function in fs/nfsd/nfs2acl.c. A local user can escalate privileges on the system.
99) Out-of-bounds read (CVE-ID: CVE-2025-21800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c. A local user can perform a denial of service (DoS) attack.
100) Improper error handling (CVE-ID: CVE-2025-21806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.
101) Input validation error (CVE-ID: CVE-2025-21808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dev_xdp_attach() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
102) Use-after-free (CVE-ID: CVE-2025-21812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.
103) NULL pointer dereference (CVE-ID: CVE-2025-21814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ptp_getcycles64() and ptp_clock_register() functions in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.
104) Resource management error (CVE-ID: CVE-2025-21821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the omap_init_lcd_dma() function in drivers/video/fbdev/omap/lcd_dma.c. A local user can perform a denial of service (DoS) attack.
105) Incorrect calculation (CVE-ID: CVE-2025-21832)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the blkdev_read_iter() function in block/fops.c. A local user can perform a denial of service (DoS) attack.
106) NULL pointer dereference (CVE-ID: CVE-2025-21833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the domain_remove_dev_pasid() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
107) Buffer overflow (CVE-ID: CVE-2025-21836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_destroy_buffers() and io_register_pbuf_ring() functions in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.
108) Resource management error (CVE-ID: CVE-2025-21837)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the io_uring_cmd_done(), io_uring_cmd_prep_setup() and io_uring_cmd() functions in io_uring/uring_cmd.c. A local user can corrupt data.
109) NULL pointer dereference (CVE-ID: CVE-2025-21844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
110) NULL pointer dereference (CVE-ID: CVE-2025-21846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_acct_process(), acct_pin_kill(), close_work(), encode_float() and fill_ac() functions in kernel/acct.c. A local user can perform a denial of service (DoS) attack.
111) NULL pointer dereference (CVE-ID: CVE-2025-21847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc_msg_data() function in sound/soc/sof/stream-ipc.c. A local user can perform a denial of service (DoS) attack.
112) NULL pointer dereference (CVE-ID: CVE-2025-21848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_bpf_cmsg_alloc() function in drivers/net/ethernet/netronome/nfp/bpf/cmsg.c. A local user can perform a denial of service (DoS) attack.
113) NULL pointer dereference (CVE-ID: CVE-2025-21850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_ns_enable(), nvmet_ns_disable(), nvmet_ns_free() and nvmet_ns_alloc() functions in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
114) NULL pointer dereference (CVE-ID: CVE-2025-21852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
115) Use-after-free (CVE-ID: CVE-2025-21853)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_map_mmap() function in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
116) NULL pointer dereference (CVE-ID: CVE-2025-21854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_sk_state_allowed() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
117) Use-after-free (CVE-ID: CVE-2025-21855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmvnic_xmit() and netif_stop_subqueue() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can escalate privileges on the system.
118) Use-after-free (CVE-ID: CVE-2025-21856)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ism_dev_release(), ism_probe(), device_del() and ism_remove() functions in drivers/s390/net/ism_drv.c. A local user can escalate privileges on the system.
119) NULL pointer dereference (CVE-ID: CVE-2025-21857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcf_exts_miss_cookie_base_alloc() function in net/sched/cls_api.c. A local user can perform a denial of service (DoS) attack.
120) Use-after-free (CVE-ID: CVE-2025-21858)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the geneve_destroy_tunnels() function in drivers/net/geneve.c. A local user can escalate privileges on the system.
121) Improper locking (CVE-ID: CVE-2025-21859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f_midi_complete() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.
122) Resource management error (CVE-ID: CVE-2025-21861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the migrate_device_finalize() function in mm/migrate_device.c. A local user can perform a denial of service (DoS) attack.
123) Improper locking (CVE-ID: CVE-2025-21862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_net_drop_monitor() and exit_net_drop_monitor() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
124) Input validation error (CVE-ID: CVE-2025-21863)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_init_req() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
125) Memory leak (CVE-ID: CVE-2025-21864)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_add_backlog() function in net/ipv4/tcp_ipv4.c, within the tcp_ofo_queue(), tcp_queue_rcv(), tcp_data_queue() and tcp_rcv_established() functions in net/ipv4/tcp_input.c, within the tcp_fastopen_add_skb() function in net/ipv4/tcp_fastopen.c. A local user can perform a denial of service (DoS) attack.
126) Improper error handling (CVE-ID: CVE-2025-21865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the gtp_net_exit_batch_rtnl() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
127) Out-of-bounds read (CVE-ID: CVE-2025-21866)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the text_area_cpu_up() function in arch/powerpc/lib/code-patching.c. A local user can perform a denial of service (DoS) attack.
128) Use-after-free (CVE-ID: CVE-2025-21867)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_test_init() function in net/bpf/test_run.c. A local user can escalate privileges on the system.
129) Resource management error (CVE-ID: CVE-2025-21869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __do_patch_instructions_mm() function in arch/powerpc/lib/code-patching.c. A local user can perform a denial of service (DoS) attack.
130) NULL pointer dereference (CVE-ID: CVE-2025-21870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc4_widget_setup_comp_dai() and sof_ipc4_prepare_copier_module() functions in sound/soc/sof/ipc4-topology.c. A local user can perform a denial of service (DoS) attack.
131) Improper locking (CVE-ID: CVE-2025-21871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the optee_supp_thrd_req() function in drivers/tee/optee/supp.c. A local user can perform a denial of service (DoS) attack.
132) Input validation error (CVE-ID: CVE-2025-21873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ufshcd_rpm_put_sync() function in drivers/ufs/core/ufs_bsg.c. A local user can perform a denial of service (DoS) attack.
133) Improper locking (CVE-ID: CVE-2025-21875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_nl_remove_subflow_and_signal_addr() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
134) Improper locking (CVE-ID: CVE-2025-21876)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_iommu_init() function in drivers/iommu/intel/iommu.c, within the enable_drhd_fault_handling() function in drivers/iommu/intel/dmar.c. A local user can perform a denial of service (DoS) attack.
135) Resource management error (CVE-ID: CVE-2025-21877)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the genelink_bind() function in drivers/net/usb/gl620a.c. A local user can perform a denial of service (DoS) attack.
136) Improper locking (CVE-ID: CVE-2025-21878)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the npcm_i2c_probe_bus() function in drivers/i2c/busses/i2c-npcm7xx.c. A local user can perform a denial of service (DoS) attack.
137) Input validation error (CVE-ID: CVE-2025-21881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
138) Memory leak (CVE-ID: CVE-2025-21882)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_esw_qos_vport_enable() function in drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c. A local user can perform a denial of service (DoS) attack.
139) Use-after-free (CVE-ID: CVE-2025-21883)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ice_initialize_vf_entry() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c, within the ice_free_vf_entries() and ice_free_vfs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can escalate privileges on the system.
140) Resource management error (CVE-ID: CVE-2025-21884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c, within the smc_create_clcsk() function in net/smc/af_smc.c, within the rds_tcp_tune() function in net/rds/tcp.c, within the netlink_release() function in net/netlink/af_netlink.c, within the mptcp_subflow_create_socket() function in net/mptcp/subflow.c, within the sk_alloc(), EXPORT_SYMBOL(), __sk_destruct() and sk_clone_lock() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
141) Improper locking (CVE-ID: CVE-2025-21885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c. A local user can perform a denial of service (DoS) attack.
142) Improper locking (CVE-ID: CVE-2025-21886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the destroy_unused_implicit_child_mr() function in drivers/infiniband/hw/mlx5/odp.c. A local user can perform a denial of service (DoS) attack.
143) Use-after-free (CVE-ID: CVE-2025-21887)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovl_link_up() function in fs/overlayfs/copy_up.c. A local user can escalate privileges on the system.
144) Use-after-free (CVE-ID: CVE-2025-21888)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_free_priv_descs() function in drivers/infiniband/hw/mlx5/mr.c. A local user can escalate privileges on the system.
145) Improper locking (CVE-ID: CVE-2025-21889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the perf_event_exec() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
146) Resource management error (CVE-ID: CVE-2025-21890)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idpf_rx_rsc() function in drivers/net/ethernet/intel/idpf/idpf_txrx.c. A local user can perform a denial of service (DoS) attack.
147) Use of uninitialized resource (CVE-ID: CVE-2025-21891)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ipvlan_addr_lookup() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
148) Improper locking (CVE-ID: CVE-2025-21892)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5r_umr_cleanup(), mlx5r_umr_recover() and mlx5r_umr_post_send_wait() functions in drivers/infiniband/hw/mlx5/umr.c. A local user can perform a denial of service (DoS) attack.
149) Use-after-free (CVE-ID: CVE-2025-21893)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the key_put() function in security/keys/key.c, within the rb_entry() function in security/keys/gc.c. A local user can escalate privileges on the system.
150) Resource management error (CVE-ID: CVE-2025-21894)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the enetc_set_coalesce() and enetc_get_ts_info() functions in drivers/net/ethernet/freescale/enetc/enetc_ethtool.c, within the enetc_hwtstamp_set() function in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.
151) Resource management error (CVE-ID: CVE-2025-21895)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the find_get_pmu_context() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
152) NULL pointer dereference (CVE-ID: CVE-2025-21904)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/caif/caif_virtio.c. A local user can perform a denial of service (DoS) attack.
153) Buffer overflow (CVE-ID: CVE-2025-21905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_parse_tlv_firmware() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.
154) Input validation error (CVE-ID: CVE-2025-21906)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_rx_session_protect_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/time-event.c. A local user can perform a denial of service (DoS) attack.
155) Improper locking (CVE-ID: CVE-2025-21908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kcompactd() function in mm/compaction.c, within the nfs_release_folio() function in fs/nfs/file.c. A local user can perform a denial of service (DoS) attack.
156) Input validation error (CVE-ID: CVE-2025-21909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_monitor_flags() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
157) Improper locking (CVE-ID: CVE-2025-21910)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_an_alpha2() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
158) Improper locking (CVE-ID: CVE-2025-21912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gpio_rcar_config_interrupt_input_mode(), gpio_rcar_config_general_input_output_mode(), gpio_rcar_get_multiple(), gpio_rcar_set(), gpio_rcar_set_multiple() and gpio_rcar_probe() functions in drivers/gpio/gpio-rcar.c. A local user can perform a denial of service (DoS) attack.
159) Resource management error (CVE-ID: CVE-2025-21913)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the early_is_amd_nb() and amd_get_mmconfig_range() functions in arch/x86/kernel/amd_nb.c. A local user can perform a denial of service (DoS) attack.
160) Use-after-free (CVE-ID: CVE-2025-21914)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the slim_do_transfer() function in drivers/slimbus/messaging.c. A local user can escalate privileges on the system.
161) Use-after-free (CVE-ID: CVE-2025-21915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the driver_override_show() function in drivers/cdx/cdx.c. A local user can escalate privileges on the system.
162) Resource management error (CVE-ID: CVE-2025-21916)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
163) NULL pointer dereference (CVE-ID: CVE-2025-21917)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2025-21918)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_init() and ucsi_unregister() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
165) Input validation error (CVE-ID: CVE-2025-21919)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the child_cfs_rq_on_list() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
166) Use of uninitialized resource (CVE-ID: CVE-2025-21922)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_send_frame() and ppp_receive_nonmp_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
167) Use-after-free (CVE-ID: CVE-2025-21923)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the steam_remove() function in drivers/hid/hid-steam.c. A local user can escalate privileges on the system.
168) Resource management error (CVE-ID: CVE-2025-21924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hclge_ptp_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
169) Improper error handling (CVE-ID: CVE-2025-21925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the llc_sap_action_unitdata_ind(), llc_sap_action_send_ui() and llc_sap_action_send_test_c() functions in net/llc/llc_s_ac.c. A local user can perform a denial of service (DoS) attack.
170) Improper error handling (CVE-ID: CVE-2025-21926)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
171) Buffer overflow (CVE-ID: CVE-2025-21927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvme_tcp_queue_id() and nvme_tcp_recv_pdu() functions in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
172) Use-after-free (CVE-ID: CVE-2025-21928)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ishtp_hid_remove() function in drivers/hid/intel-ish-hid/ishtp-hid.c. A local user can escalate privileges on the system.
173) Use-after-free (CVE-ID: CVE-2025-21929)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hid_ishtp_cl_remove() function in drivers/hid/intel-ish-hid/ishtp-hid-client.c. A local user can escalate privileges on the system.
174) Resource management error (CVE-ID: CVE-2025-21930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_dbgfs_fw_dbg_clear_write() function in drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c. A local user can perform a denial of service (DoS) attack.
175) Improper locking (CVE-ID: CVE-2025-21931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_migrate_range() function in mm/memory_hotplug.c. A local user can perform a denial of service (DoS) attack.
176) Use-after-free (CVE-ID: CVE-2025-21934)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rio_mport_add_riodev() function in drivers/rapidio/devices/rio_mport_cdev.c. A local user can escalate privileges on the system.
177) Use-after-free (CVE-ID: CVE-2025-21935)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rio_scan_alloc_net() function in drivers/rapidio/rio-scan.c. A local user can escalate privileges on the system.
178) NULL pointer dereference (CVE-ID: CVE-2025-21936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_device_connected() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
179) NULL pointer dereference (CVE-ID: CVE-2025-21937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_remote_name() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
180) NULL pointer dereference (CVE-ID: CVE-2025-21941)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resource_build_scaling_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
181) Improper locking (CVE-ID: CVE-2025-21943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the new_device_store(), kfree() and delete_device_store() functions in drivers/gpio/gpio-aggregator.c. A local user can perform a denial of service (DoS) attack.
182) NULL pointer dereference (CVE-ID: CVE-2025-21948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the appleir_raw_event() function in drivers/hid/hid-appleir.c. A local user can perform a denial of service (DoS) attack.
183) Memory leak (CVE-ID: CVE-2025-21950)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pmcmd_ioctl() function in drivers/virt/acrn/hsm.c. A local user can perform a denial of service (DoS) attack.
184) Improper locking (CVE-ID: CVE-2025-21951)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mhi_pci_recovery_work() function in drivers/bus/mhi/host/pci_generic.c. A local user can perform a denial of service (DoS) attack.
185) NULL pointer dereference (CVE-ID: CVE-2025-21953)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mana_cleanup_port_context(), mana_destroy_eq(), mana_destroy_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c, within the debugfs_remove_recursive(), mana_gd_remove(), mana_gd_shutdown(), mana_driver_init() and mana_driver_exit() functions in drivers/net/ethernet/microsoft/mana/gdma_main.c. A local user can perform a denial of service (DoS) attack.
186) Resource management error (CVE-ID: CVE-2025-21956)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_norm_pix_clk() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
187) NULL pointer dereference (CVE-ID: CVE-2025-21957)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla1280_64bit_start_scsi() function in drivers/scsi/qla1280.c. A local user can perform a denial of service (DoS) attack.
188) Reachable assertion (CVE-ID: CVE-2025-21960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the bnxt_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
189) Resource management error (CVE-ID: CVE-2025-21961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_xdp_build_skb() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
190) Integer overflow (CVE-ID: CVE-2025-21962)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
191) Integer overflow (CVE-ID: CVE-2025-21963)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
192) Integer overflow (CVE-ID: CVE-2025-21964)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
193) Buffer overflow (CVE-ID: CVE-2025-21966)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the clone_bio() function in drivers/md/dm-flakey.c. A local user can escalate privileges on the system.
194) Use-after-free (CVE-ID: CVE-2025-21968)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_destroy() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
195) Use-after-free (CVE-ID: CVE-2025-21969)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_get_ident(), l2cap_send_cmd(), l2cap_conn_del(), l2cap_conn_free(), l2cap_recv_reset() and l2cap_recv_acldata() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
196) Input validation error (CVE-ID: CVE-2025-21970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_esw_bridge_lag_rep_get(), mlx5_esw_bridge_is_local() and mlx5_esw_bridge_switchdev_event() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bridge.c. A local user can perform a denial of service (DoS) attack.
197) Incorrect calculation (CVE-ID: CVE-2025-21971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the tc_ctl_tclass() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
198) Memory leak (CVE-ID: CVE-2025-21972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mctp_test_route_input_sk_fail_frag() and KUNIT_CASE() functions in net/mctp/test/route-test.c, within the mctp_frag_queue() function in net/mctp/route.c. A local user can perform a denial of service (DoS) attack.
199) NULL pointer dereference (CVE-ID: CVE-2025-21973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bnxt_get_queue_stats_rx() and bnxt_get_queue_stats_tx() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
200) Use-after-free (CVE-ID: CVE-2025-21974)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bnxt_queue_mem_alloc() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can escalate privileges on the system.
201) NULL pointer dereference (CVE-ID: CVE-2025-21975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_chains_create_table() function in drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c. A local user can perform a denial of service (DoS) attack.
202) Memory leak (CVE-ID: CVE-2025-21978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hyperv_vmbus_probe() and hyperv_vmbus_remove() functions in drivers/gpu/drm/hyperv/hyperv_drm_drv.c. A local user can perform a denial of service (DoS) attack.
203) Use-after-free (CVE-ID: CVE-2025-21979)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cfg80211_dev_free() function in net/wireless/core.c. A local user can escalate privileges on the system.
204) NULL pointer dereference (CVE-ID: CVE-2025-21980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gred_destroy() function in net/sched/sch_gred.c. A local user can perform a denial of service (DoS) attack.
205) Memory leak (CVE-ID: CVE-2025-21981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ice_init_arfs() function in drivers/net/ethernet/intel/ice/ice_arfs.c. A local user can perform a denial of service (DoS) attack.
206) Out-of-bounds read (CVE-ID: CVE-2025-21985)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the populate_dml_output_cfg_from_stream_state() and map_dc_state_into_dml_display_cfg() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c, within the dml21_map_dc_state_into_dml_display_cfg() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c. A local user can perform a denial of service (DoS) attack.
207) NULL pointer dereference (CVE-ID: CVE-2025-21989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dce60_timing_generator_construct() function in drivers/gpu/drm/amd/display/dc/dce60/dce60_timing_generator.c. A local user can perform a denial of service (DoS) attack.
208) NULL pointer dereference (CVE-ID: CVE-2025-21990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gmc_v12_0_get_vm_pte() function in drivers/gpu/drm/amd/amdgpu/gmc_v12_0.c. A local user can perform a denial of service (DoS) attack.
209) Out-of-bounds read (CVE-ID: CVE-2025-21991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the load_microcode_amd() function in arch/x86/kernel/cpu/microcode/amd.c. A local user can perform a denial of service (DoS) attack.
210) Input validation error (CVE-ID: CVE-2025-21992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
211) Out-of-bounds read (CVE-ID: CVE-2025-21993)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ibft_attr_show_nic() function in drivers/firmware/iscsi_ibft.c. A local user can perform a denial of service (DoS) attack.
212) Memory leak (CVE-ID: CVE-2025-21995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drm_sched_entity_kill() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
213) Use of uninitialized resource (CVE-ID: CVE-2025-21996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the radeon_vce_cs_parse() function in drivers/gpu/drm/radeon/radeon_vce.c. A local user can perform a denial of service (DoS) attack.
214) Use-after-free (CVE-ID: CVE-2025-21999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
215) Integer overflow (CVE-ID: CVE-2025-22001)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the invalid_sem() and qaic_validate_req() functions in drivers/accel/qaic/qaic_data.c. A local user can execute arbitrary code.
216) Out-of-bounds read (CVE-ID: CVE-2025-22003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ucan_ctrl_command_out() and ucan_probe() functions in drivers/net/can/usb/ucan.c. A local user can perform a denial of service (DoS) attack.
217) NULL pointer dereference (CVE-ID: CVE-2025-22007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the chan_alloc_skb_cb() function in net/bluetooth/6lowpan.c. A local user can perform a denial of service (DoS) attack.
218) Input validation error (CVE-ID: CVE-2025-22008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the regulator_resolve_supply() and _regulator_get_common() functions in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
219) NULL pointer dereference (CVE-ID: CVE-2025-22009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/regulator/dummy.c. A local user can perform a denial of service (DoS) attack.
220) Improper locking (CVE-ID: CVE-2025-22010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hem_list_alloc_root_bt(), hns_roce_hem_list_request() and hns_roce_hem_list_find_mtt() functions in drivers/infiniband/hw/hns/hns_roce_hem.c. A local user can perform a denial of service (DoS) attack.
221) Resource management error (CVE-ID: CVE-2025-22013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_arch_vcpu_load_fp() function in arch/arm64/kvm/fpsimd.c, within the fpsimd_signal_preserve_current_state() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
222) Improper locking (CVE-ID: CVE-2025-22014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pdr_locator_new_server() function in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.
223) NULL pointer dereference (CVE-ID: CVE-2025-22015)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the folio_migrate_mapping() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
224) Improper error handling (CVE-ID: CVE-2025-22016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dpll_pin_alloc() function in drivers/dpll/dpll_core.c. A local user can perform a denial of service (DoS) attack.
225) NULL pointer dereference (CVE-ID: CVE-2025-22017)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devlink_rel_alloc() function in net/devlink/core.c. A local user can perform a denial of service (DoS) attack.
226) NULL pointer dereference (CVE-ID: CVE-2025-22018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the MPOA_cache_impos_rcvd() function in net/atm/mpc.c. A local user can perform a denial of service (DoS) attack.
227) Use-after-free (CVE-ID: CVE-2025-22020)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtsx_usb_ms_drv_remove() function in drivers/memstick/host/rtsx_usb_ms.c. A local user can escalate privileges on the system.
228) Resource management error (CVE-ID: CVE-2025-22021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_sk_lookup_slow_v6() function in net/ipv6/netfilter/nf_socket_ipv6.c. A local user can perform a denial of service (DoS) attack.
229) Memory leak (CVE-ID: CVE-2025-22025)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_alloc_open_stateid() and nfsd_break_one_deleg() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
230) NULL pointer dereference (CVE-ID: CVE-2025-22027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the streamzap_disconnect() function in drivers/media/rc/streamzap.c. A local user can perform a denial of service (DoS) attack.
231) Use-after-free (CVE-ID: CVE-2025-22030)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zswap_cpu_comp_dead() function in mm/zswap.c. A local user can escalate privileges on the system.
232) NULL pointer dereference (CVE-ID: CVE-2025-22033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_compat_alignment_fixup() function in arch/arm64/kernel/compat_alignment.c. A local user can perform a denial of service (DoS) attack.
233) Use-after-free (CVE-ID: CVE-2025-22036)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the exfat_get_block() function in fs/exfat/inode.c. A local user can escalate privileges on the system.
234) Resource management error (CVE-ID: CVE-2025-22044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.
235) Input validation error (CVE-ID: CVE-2025-22045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/x86/include/asm/tlbflush.h. A local user can perform a denial of service (DoS) attack.
236) NULL pointer dereference (CVE-ID: CVE-2025-22050)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
237) Improper locking (CVE-ID: CVE-2025-22053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the veth_pool_store() function in drivers/net/ethernet/ibm/ibmveth.c. A local user can perform a denial of service (DoS) attack.
238) Resource management error (CVE-ID: CVE-2025-22056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_tunnel_obj_geneve_init() and nft_tunnel_opts_dump() functions in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
239) Use-after-free (CVE-ID: CVE-2025-22057)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dst_count_dec() function in net/core/dst.c. A local user can escalate privileges on the system.
240) Memory leak (CVE-ID: CVE-2025-22058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the udp_skb_has_head_state(), udp_rmem_release(), EXPORT_SYMBOL_GPL() and first_packet_length() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
241) Use-after-free (CVE-ID: CVE-2025-22060)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvpp2_prs_hw_write(), mvpp2_prs_init_from_hw(), mvpp2_prs_flow_find(), mvpp2_prs_mac_drop_all_set(), mvpp2_prs_mac_promisc_set(), mvpp2_prs_dsa_tag_set(), mvpp2_prs_dsa_tag_ethertype_set(), mvpp2_prs_vlan_find(), mvpp2_prs_vlan_add(), mvpp2_prs_double_vlan_find(), mvpp2_prs_double_vlan_add(), mvpp2_prs_mac_init(), mvpp2_prs_vlan_init(), mvpp2_prs_vid_range_find(), mvpp2_prs_vid_entry_add(), mvpp2_prs_vid_entry_remove(), mvpp2_prs_vid_remove_all(), mvpp2_prs_vid_disable_filtering(), mvpp2_prs_vid_enable_filtering(), mvpp2_prs_default_init(), mvpp2_prs_mac_da_range_find(), mvpp2_prs_mac_da_accept(), mvpp2_prs_mac_del_all(), mvpp2_prs_tag_mode_set(), mvpp2_prs_add_flow(), mvpp2_prs_def_flow() and mvpp2_prs_hits() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c, within the mvpp2_probe() function in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can escalate privileges on the system.
242) NULL pointer dereference (CVE-ID: CVE-2025-22062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() and proc_sctp_do_udp_port() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
243) NULL pointer dereference (CVE-ID: CVE-2025-22063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the calipso_sock_getattr() and calipso_sock_setattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
244) Incorrect calculation (CVE-ID: CVE-2025-22064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_updchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
245) NULL pointer dereference (CVE-ID: CVE-2025-22065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_shutdown() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
246) NULL pointer dereference (CVE-ID: CVE-2025-22070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v9fs_vfs_mkdir_dotl() function in fs/9p/vfs_inode_dotl.c. A local user can perform a denial of service (DoS) attack.
247) Improper locking (CVE-ID: CVE-2025-22075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtnl_vfinfo_size() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
248) Integer overflow (CVE-ID: CVE-2025-22080)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fs/ntfs3/ntfs.h. A local user can execute arbitrary code.
249) Use-after-free (CVE-ID: CVE-2025-22085)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ib_device_notify_register() function in drivers/infiniband/core/device.c. A local user can escalate privileges on the system.
250) NULL pointer dereference (CVE-ID: CVE-2025-22086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntohl() function in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.
251) Use-after-free (CVE-ID: CVE-2025-22088)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the erdma_cancel_mpatimer() function in drivers/infiniband/hw/erdma/erdma_cm.c. A local user can escalate privileges on the system.
252) Resource management error (CVE-ID: CVE-2025-22090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the copy_page_range() function in mm/memory.c, within the vm_area_dup() function in kernel/fork.c, within the get_pat_info() and untrack_pfn() functions in arch/x86/mm/pat/memtype.c. A local user can perform a denial of service (DoS) attack.
253) Buffer overflow (CVE-ID: CVE-2025-22091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the create_mkey_callback(), alloc_cacheable_mr(), reg_create() and create_real_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
254) NULL pointer dereference (CVE-ID: CVE-2025-22093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dmub_hw_lock_mgr_inbox0_cmd() function in drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c. A local user can perform a denial of service (DoS) attack.
255) NULL pointer dereference (CVE-ID: CVE-2025-22094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vpa_pmu_del() function in arch/powerpc/perf/vpa-pmu.c. A local user can perform a denial of service (DoS) attack.
256) Use-after-free (CVE-ID: CVE-2025-22097)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vkms_init() and vkms_destroy() functions in drivers/gpu/drm/vkms/vkms_drv.c. A local user can escalate privileges on the system.
257) Improper locking (CVE-ID: CVE-2025-22102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nxp_download_firmware() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
258) NULL pointer dereference (CVE-ID: CVE-2025-22103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ipvlan_l3s_unregister() function in drivers/net/ipvlan/ipvlan_l3s.c. A local user can perform a denial of service (DoS) attack.
259) Out-of-bounds read (CVE-ID: CVE-2025-22104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vnic_add_client_data(), send_login(), handle_query_ip_offload_rsp() and handle_login_rsp() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
260) Resource management error (CVE-ID: CVE-2025-22105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bond_set_xfrm_features() function in drivers/net/bonding/bond_options.c, within the bond_sk_check(), bond_xdp_set_features() and bond_xdp_set() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
261) Resource management error (CVE-ID: CVE-2025-22106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmxnet3_rq_cleanup() and vmxnet3_rq_destroy() functions in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
262) Out-of-bounds read (CVE-ID: CVE-2025-22107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sja1105_table_delete_entry() function in drivers/net/dsa/sja1105/sja1105_static_config.c. A local user can perform a denial of service (DoS) attack.
263) Input validation error (CVE-ID: CVE-2025-22108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnxt_xmit_bd() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_start_xmit() and dma_unmap_addr_set() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
264) Memory leak (CVE-ID: CVE-2025-22109)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_get_route() function in net/ax25/ax25_route.c, within the ax25_connect() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
265) Buffer overflow (CVE-ID: CVE-2025-22112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bnxt_queue_start() and bnxt_queue_stop() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
266) Improper error handling (CVE-ID: CVE-2025-22116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idpf_stop() and idpf_init_task() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
267) Use-after-free (CVE-ID: CVE-2025-22121)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_xattr_check_block(), __xattr_check_inode(), ext4_xattr_ibody_get(), ext4_xattr_ibody_list(), ext4_get_inode_usage(), ext4_xattr_ibody_find() and sizeof() functions in fs/ext4/xattr.c, within the ext4_iget_extra_inode() function in fs/ext4/inode.c. A local user can escalate privileges on the system.
268) Improper locking (CVE-ID: CVE-2025-22125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid10_read_request() and raid10_write_one_disk() functions in drivers/md/raid10.c, within the raid1_read_request() and raid1_write_request() functions in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.
269) Use-after-free (CVE-ID: CVE-2025-22126)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mddev_put(), md_seq_show(), EXPORT_SYMBOL_GPL(), md_notify_reboot(), md_autostart_arrays() and md_exit() functions in drivers/md/md.c. A local user can escalate privileges on the system.
270) Resource management error (CVE-ID: CVE-2025-22128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath12k_pci_probe() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
271) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2025-2312)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exist due to cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments when trying to obtain Kerberos credentials. A local user can gain access to sensitive information.
272) Resource management error (CVE-ID: CVE-2025-23129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __free_irq() function in drivers/net/wireless/ath/ath11k/pci.c. A local user can perform a denial of service (DoS) attack.
273) NULL pointer dereference (CVE-ID: CVE-2025-23131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the new_lockspace() function in fs/dlm/lockspace.c. A local user can perform a denial of service (DoS) attack.
274) Out-of-bounds read (CVE-ID: CVE-2025-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath11k_reg_notifier(), ath11k_regd_update() and ath11k_regd_update_work() functions in drivers/net/wireless/ath/ath11k/reg.c. A local user can perform a denial of service (DoS) attack.
275) Improper locking (CVE-ID: CVE-2025-23134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_timer_user_copy_id(), snd_timer_user_ginfo() and snd_timer_user_gstatus() functions in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
276) NULL pointer dereference (CVE-ID: CVE-2025-23136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the int3402_thermal_probe() function in drivers/thermal/intel/int340x_thermal/int3402_thermal.c. A local user can perform a denial of service (DoS) attack.
277) Integer underflow (CVE-ID: CVE-2025-23138)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the watch_queue_set_size() function in kernel/watch_queue.c. A local user can execute arbitrary code.
278) Memory leak (CVE-ID: CVE-2025-23140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_endpoint_test_release_irq() function in drivers/misc/pci_endpoint_test.c. A local user can perform a denial of service (DoS) attack.
279) NULL pointer dereference (CVE-ID: CVE-2025-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subflow_hmac_valid() and subflow_syn_recv_sock() functions in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
280) Use-after-free (CVE-ID: CVE-2025-23150)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_split() function in fs/ext4/namei.c. A local user can escalate privileges on the system.
281) Resource management error (CVE-ID: CVE-2025-23154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_sendmsg_prep() function in io_uring/net.c, within the ~() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
282) Memory leak (CVE-ID: CVE-2025-23160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
283) Memory leak (CVE-ID: CVE-2025-37747)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exclusive_event_installable(), _free_event(), perf_remove_from_owner(), list_del(), perf_pending_task(), __perf_event_overflow(), perf_event_alloc(), perf_event_exit_event() and perf_free_event() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
284) NULL pointer dereference (CVE-ID: CVE-2025-37748)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_iommu_probe() function in drivers/iommu/mtk_iommu.c. A local user can perform a denial of service (DoS) attack.
285) Out-of-bounds read (CVE-ID: CVE-2025-37749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ppp_sync_txmunge() function in drivers/net/ppp/ppp_synctty.c. A local user can perform a denial of service (DoS) attack.
286) Use-after-free (CVE-ID: CVE-2025-37750)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the decrypt_raw_data() function in fs/smb/client/smb2ops.c, within the cifs_crypto_secmech_release() function in fs/smb/client/cifsencrypt.c. A local user can escalate privileges on the system.
287) NULL pointer dereference (CVE-ID: CVE-2025-37755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wx_alloc_mapped_page() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
288) Input validation error (CVE-ID: CVE-2025-37773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c. A local user can perform a denial of service (DoS) attack.
289) Out-of-bounds read (CVE-ID: CVE-2025-37780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_fh_to_parent() function in fs/isofs/export.c. A local user can perform a denial of service (DoS) attack.
290) Use-after-free (CVE-ID: CVE-2025-37785)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_check_dir_entry() function in fs/ext4/dir.c. A local user can escalate privileges on the system.
291) Input validation error (CVE-ID: CVE-2025-37787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv88e6xxx_teardown_devlink_regions_global() function in drivers/net/dsa/mv88e6xxx/devlink.c. A local user can perform a denial of service (DoS) attack.
292) Input validation error (CVE-ID: CVE-2025-37789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
293) Input validation error (CVE-ID: CVE-2025-37790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_sk_hash() function in net/mctp/af_mctp.c. A local user can perform a denial of service (DoS) attack.
294) Input validation error (CVE-ID: CVE-2025-37797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
295) Input validation error (CVE-ID: CVE-2025-37798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_bstats_update() function in net/sched/sch_fq_codel.c, within the codel_qdisc_dequeue() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
296) Memory leak (CVE-ID: CVE-2025-37799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
297) Buffer overflow (CVE-ID: CVE-2025-37803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udmabuf_create() function in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.
298) Race condition within a thread (CVE-ID: CVE-2025-37804)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the io_wq_free_work() function in io_uring/io_uring.c. A local user can corrupt data.
299) NULL pointer dereference (CVE-ID: CVE-2025-37809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the typec_register_partner(), typec_unregister_partner(), typec_get_partner(), typec_partner_attach(), typec_partner_deattach() and typec_register_port() functions in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.
300) Memory leak (CVE-ID: CVE-2025-37820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xennet_run_xdp() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
301) Input validation error (CVE-ID: CVE-2025-37823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
302) NULL pointer dereference (CVE-ID: CVE-2025-37824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_mon_reinit_self() function in net/tipc/monitor.c. A local user can perform a denial of service (DoS) attack.
303) NULL pointer dereference (CVE-ID: CVE-2025-37829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_cpufreq_get_rate() function in drivers/cpufreq/scpi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
304) NULL pointer dereference (CVE-ID: CVE-2025-37830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scmi_cpufreq_get_rate() function in drivers/cpufreq/scmi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
305) NULL pointer dereference (CVE-ID: CVE-2025-37831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_soc_cpufreq_get_rate() function in drivers/cpufreq/apple-soc-cpufreq.c. A local user can perform a denial of service (DoS) attack.
306) Resource management error (CVE-ID: CVE-2025-37833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the niu_try_msix() function in drivers/net/ethernet/sun/niu.c. A local user can perform a denial of service (DoS) attack.
307) Resource management error (CVE-ID: CVE-2025-37842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fsl_qspi_cleanup(), fsl_qspi_probe(), fsl_qspi_remove() and module_platform_driver() functions in drivers/spi/spi-fsl-qspi.c. A local user can perform a denial of service (DoS) attack.
308) NULL pointer dereference (CVE-ID: CVE-2025-37860)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ef100_process_design_param() and ef100_check_design_params() functions in drivers/net/ethernet/sfc/ef100_nic.c, within the ef100_probe_netdev() function in drivers/net/ethernet/sfc/ef100_netdev.c. A local user can perform a denial of service (DoS) attack.
309) Input validation error (CVE-ID: CVE-2025-37870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dcn401_enable_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c, within the dcn20_enable_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
310) Incorrect calculation (CVE-ID: CVE-2025-37879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the p9_client_read_once(), p9_client_write(), EXPORT_SYMBOL_GPL() and p9_client_readdir() functions in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
311) Buffer overflow (CVE-ID: CVE-2025-37886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_q_map() function in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pdsc_adminq_isr(), __pdsc_adminq_post() and pdsc_adminq_post() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.
312) Buffer overflow (CVE-ID: CVE-2025-37887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_dl_info_get() function in drivers/net/ethernet/amd/pds_core/devlink.c. A local user can perform a denial of service (DoS) attack.
313) Improper locking (CVE-ID: CVE-2025-37949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_suspend_exit(), xs_send(), xs_wait_for_reply(), xenbus_dev_request_and_reply() and xs_talkv() functions in drivers/xen/xenbus/xenbus_xs.c, within the xenbus_dev_queue_reply() function in drivers/xen/xenbus/xenbus_dev_frontend.c, within the process_msg() and process_writes() functions in drivers/xen/xenbus/xenbus_comms.c. A local user can perform a denial of service (DoS) attack.
314) Use-after-free (CVE-ID: CVE-2025-37957)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shutdown_interception() function in arch/x86/kvm/svm/svm.c, within the kvm_smm_changed() function in arch/x86/kvm/smm.c. A local user can escalate privileges on the system.
315) Improper locking (CVE-ID: CVE-2025-37958)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_huge_pmd_locked() and split_huge_pmd_locked() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
316) Resource management error (CVE-ID: CVE-2025-37960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the memblock_double_array() function in mm/memblock.c. A local user can perform a denial of service (DoS) attack.
317) Input validation error (CVE-ID: CVE-2025-37974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __clp_add() function in arch/s390/pci/pci_clp.c. A local user can perform a denial of service (DoS) attack.
318) NULL pointer dereference (CVE-ID: CVE-2025-38152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rproc_shutdown() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
319) Improper locking (CVE-ID: CVE-2025-38637)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the skbprio_enqueue() and skbprio_dequeue() functions in net/sched/sch_skbprio.c. A local user can perform a denial of service (DoS) attack.
320) Resource management error (CVE-ID: CVE-2025-39728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the samsung_clk_init() function in drivers/clk/samsung/clk.c. A local user can perform a denial of service (DoS) attack.
321) Resource management error (CVE-ID: CVE-2025-40325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the raid10_handle_discard() function in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.