Ubuntu update for linux-xilinx-zynqmp

1) Improper access control

EUVDB-ID: #VU97651

Risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-8805

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the implementation of the HID over GATT Profile. A remote attacker on the local network can bypass implemented security restrictions and execute arbitrary code on the target system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Exposure of Sensitive System Information to an Unauthorized Control Sphere

EUVDB-ID: #VU107628

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-2312

CWE-ID: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exist due to cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments when trying to obtain Kerberos credentials. A local user can gain access to sensitive information.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU107684

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-39735

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

EUVDB-ID: #VU107773

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-39728

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the samsung_clk_init() function in drivers/clk/samsung/clk.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU107732

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38637

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the skbprio_enqueue() and skbprio_dequeue() functions in net/sched/sch_skbprio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU107658

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38575

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kfree() function in fs/smb/server/auth.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU107697

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38152

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rproc_shutdown() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Division by zero

EUVDB-ID: #VU109556

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37937

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dib8000_set_dds() function in drivers/media/dvb-frontends/dib8000.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU108869

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37889

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pci_msi_set_enable(), msi_setup_msi_desc(), msix_map_region() and msix_capability_init() functions in drivers/pci/msi/msi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU107659

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37785

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ext4_check_dir_entry() function in fs/ext4/dir.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Integer underflow

EUVDB-ID: #VU107761

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23138

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the watch_queue_set_size() function in kernel/watch_queue.c. A local user can execute arbitrary code.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU107703

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23136

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the int3402_thermal_probe() function in drivers/thermal/intel/int340x_thermal/int3402_thermal.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU107666

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22097

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vkms_init() and vkms_destroy() functions in drivers/gpu/drm/vkms/vkms_drv.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU107710

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22089

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ib_setup_device_attrs() function in drivers/infiniband/core/sysfs.c, within the rdma_init_coredev() function in drivers/infiniband/core/device.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU107711

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22086

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ntohl() function in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Integer overflow

EUVDB-ID: #VU107760

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22081

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the index_hdr_check() function in fs/ntfs3/index.c. A local user can execute arbitrary code.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU107689

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22079

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __ocfs2_find_path() function in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU107746

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22075

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtnl_vfinfo_size() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU107650

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22073

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the spufs_fill_dir() function in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Memory leak

EUVDB-ID: #VU107648

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22071

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the spufs_create_context() function in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU107714

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22066

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the imx_card_probe() function in sound/soc/fsl/imx-card.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU107716

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22063

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the calipso_sock_getattr() and calipso_sock_setattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU107670

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22060

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mvpp2_prs_hw_write(), mvpp2_prs_init_from_hw(), mvpp2_prs_flow_find(), mvpp2_prs_mac_drop_all_set(), mvpp2_prs_mac_promisc_set(), mvpp2_prs_dsa_tag_set(), mvpp2_prs_dsa_tag_ethertype_set(), mvpp2_prs_vlan_find(), mvpp2_prs_vlan_add(), mvpp2_prs_double_vlan_find(), mvpp2_prs_double_vlan_add(), mvpp2_prs_mac_init(), mvpp2_prs_vlan_init(), mvpp2_prs_vid_range_find(), mvpp2_prs_vid_entry_add(), mvpp2_prs_vid_entry_remove(), mvpp2_prs_vid_remove_all(), mvpp2_prs_vid_disable_filtering(), mvpp2_prs_vid_enable_filtering(), mvpp2_prs_default_init(), mvpp2_prs_mac_da_range_find(), mvpp2_prs_mac_da_accept(), mvpp2_prs_mac_del_all(), mvpp2_prs_tag_mode_set(), mvpp2_prs_add_flow(), mvpp2_prs_def_flow() and mvpp2_prs_hits() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c, within the mvpp2_probe() function in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU107782

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2025-22056

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: Yes

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_tunnel_obj_geneve_init() and nft_tunnel_opts_dump() functions in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

25) Out-of-bounds read

EUVDB-ID: #VU107692

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22055

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nft_tunnel_obj_erspan_init() function in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU107726

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22054

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the com20020pci_probe() function in drivers/net/arcnet/com20020-pci.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU107722

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22050

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU107755

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the arch/x86/include/asm/tlbflush.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Resource management error

EUVDB-ID: #VU107784

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22044

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU107675

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22035

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wakeup_trace_open() function in kernel/trace/trace_sched_wakeup.c, within the irqsoff_trace_open() function in kernel/trace/trace_irqsoff.c, within the graph_trace_close() function in kernel/trace/trace_functions_graph.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Memory leak

EUVDB-ID: #VU107655

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22025

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfs4_alloc_open_stateid() and nfsd_break_one_deleg() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Resource management error

EUVDB-ID: #VU107786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22021

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_sk_lookup_slow_v6() function in net/ipv6/netfilter/nf_socket_ipv6.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU107680

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22020

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtsx_usb_ms_drv_remove() function in drivers/memstick/host/rtsx_usb_ms.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU107728

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22018

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the MPOA_cache_impos_rcvd() function in net/atm/mpc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper locking

EUVDB-ID: #VU107751

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22014

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pdr_locator_new_server() function in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU107750

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22010

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hem_list_alloc_root_bt(), hns_roce_hem_list_request() and hns_roce_hem_list_find_mtt() functions in drivers/infiniband/hw/hns/hns_roce_hem.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Input validation error

EUVDB-ID: #VU107813

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22008

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the regulator_resolve_supply() and _regulator_get_common() functions in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU106961

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22007

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the chan_alloc_skb_cb() function in net/bluetooth/6lowpan.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Memory leak

EUVDB-ID: #VU106954

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22005

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the in6_dev_put() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU106956

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22004

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lec_send() function in net/atm/lec.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU106955

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21999

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use of uninitialized resource

EUVDB-ID: #VU106963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21996

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the radeon_vce_cs_parse() function in drivers/gpu/drm/radeon/radeon_vce.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Buffer overflow

EUVDB-ID: #VU106864

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21994

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the parse_dacl() function in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Input validation error

EUVDB-ID: #VU106867

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21992

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

EUVDB-ID: #VU106647

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21991

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the load_microcode_amd() function in arch/x86/kernel/cpu/microcode/amd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Memory leak

EUVDB-ID: #VU106578

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21981

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ice_init_arfs() function in drivers/net/ethernet/intel/ice/ice_arfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

EUVDB-ID: #VU106686

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21975

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_chains_create_table() function in drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Incorrect calculation

EUVDB-ID: #VU106863

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21971

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the tc_ctl_tclass() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Input validation error

EUVDB-ID: #VU106806

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21970

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_esw_bridge_lag_rep_get(), mlx5_esw_bridge_is_local() and mlx5_esw_bridge_switchdev_event() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bridge.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU106629

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21968

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hdcp_destroy() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Integer overflow

EUVDB-ID: #VU106843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21964

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Integer overflow

EUVDB-ID: #VU106842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21963

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Integer overflow

EUVDB-ID: #VU106841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21962

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use of uninitialized resource

EUVDB-ID: #VU106840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21959

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the raw_smp_processor_id() function in net/netfilter/nf_conncount.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU106695

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla1280_64bit_start_scsi() function in drivers/scsi/qla1280.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Resource management error

EUVDB-ID: #VU106860

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21956

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the get_norm_pix_clk() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper locking

EUVDB-ID: #VU106753

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21951

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mhi_pci_recovery_work() function in drivers/bus/mhi/host/pci_generic.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Memory leak

EUVDB-ID: #VU106561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21950

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pmcmd_ioctl() function in drivers/virt/acrn/hsm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU106674

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21948

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the appleir_raw_event() function in drivers/hid/hid-appleir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper locking

EUVDB-ID: #VU106768

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21943

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the new_device_store(), kfree() and delete_device_store() functions in drivers/gpio/gpio-aggregator.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) NULL pointer dereference

EUVDB-ID: #VU106704

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21941

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the resource_build_scaling_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU106611

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21935

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rio_scan_alloc_net() function in drivers/rapidio/rio-scan.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Use-after-free

EUVDB-ID: #VU106606

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rio_mport_add_riodev() function in drivers/rapidio/devices/rio_mport_cdev.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use-after-free

EUVDB-ID: #VU106598

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21928

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ishtp_hid_remove() function in drivers/hid/intel-ish-hid/ishtp-hid.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper error handling

EUVDB-ID: #VU106815

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21926

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper error handling

EUVDB-ID: #VU106812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21925

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the llc_sap_action_unitdata_ind(), llc_sap_action_send_ui() and llc_sap_action_send_test_c() functions in net/llc/llc_s_ac.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Resource management error

EUVDB-ID: #VU106852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21924

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hclge_ptp_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use of uninitialized resource

EUVDB-ID: #VU106839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21922

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_send_frame() and ppp_receive_nonmp_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Memory leak

EUVDB-ID: #VU106554

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21920

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vlan_check_real_dev() function in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Input validation error

EUVDB-ID: #VU106804

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21919

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the child_cfs_rq_on_list() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) NULL pointer dereference

EUVDB-ID: #VU106731

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Resource management error

EUVDB-ID: #VU106858

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21916

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU106585

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21914

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the slim_do_transfer() function in drivers/slimbus/messaging.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Improper locking

EUVDB-ID: #VU106792

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21912

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gpio_rcar_config_interrupt_input_mode(), gpio_rcar_config_general_input_output_mode(), gpio_rcar_get_multiple(), gpio_rcar_set(), gpio_rcar_set_multiple() and gpio_rcar_probe() functions in drivers/gpio/gpio-rcar.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper locking

EUVDB-ID: #VU106800

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21910

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the is_an_alpha2() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Input validation error

EUVDB-ID: #VU106869

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21909

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the parse_monitor_flags() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Buffer overflow

EUVDB-ID: #VU106865

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21905

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_parse_tlv_firmware() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU106736

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21904

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/caif/caif_virtio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Division by zero

EUVDB-ID: #VU106846

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21898

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the function_stat_show() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use-after-free

EUVDB-ID: #VU106110

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21887

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovl_link_up() function in fs/overlayfs/copy_up.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper locking

EUVDB-ID: #VU106117

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21878

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the npcm_i2c_probe_bus() function in drivers/i2c/busses/i2c-npcm7xx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Resource management error

EUVDB-ID: #VU106132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21877

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the genelink_bind() function in drivers/net/usb/gl620a.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper locking

EUVDB-ID: #VU106115

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21875

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mptcp_nl_remove_subflow_and_signal_addr() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper locking

EUVDB-ID: #VU106122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21871

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the optee_supp_thrd_req() function in drivers/tee/optee/supp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Out-of-bounds read

EUVDB-ID: #VU105656

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21866

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the text_area_cpu_up() function in arch/powerpc/lib/code-patching.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Improper error handling

EUVDB-ID: #VU105672

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21865

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the gtp_net_exit_batch_rtnl() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper locking

EUVDB-ID: #VU105670

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21862

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the init_net_drop_monitor() and exit_net_drop_monitor() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Improper locking

EUVDB-ID: #VU105669

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21859

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f_midi_complete() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Use-after-free

EUVDB-ID: #VU105654

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21858

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the geneve_destroy_tunnels() function in drivers/net/geneve.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) NULL pointer dereference

EUVDB-ID: #VU105662

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21848

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfp_bpf_cmsg_alloc() function in drivers/net/ethernet/netronome/nfp/bpf/cmsg.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) NULL pointer dereference

EUVDB-ID: #VU105660

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21846

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the do_acct_process(), acct_pin_kill(), close_work(), encode_float() and fill_ac() functions in kernel/acct.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) NULL pointer dereference

EUVDB-ID: #VU105659

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21844

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Memory leak

EUVDB-ID: #VU105465

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21835

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the f_midi_bind() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Resource management error

EUVDB-ID: #VU105425

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21830

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the get_mode_access() function in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Buffer overflow

EUVDB-ID: #VU105421

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21826

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nft_set_desc_concat_parse() and nft_set_desc_concat() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper locking

EUVDB-ID: #VU105149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21823

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the batadv_v_elp_start_timer(), batadv_v_elp_get_throughput(), batadv_v_elp_throughput_metric_update(), batadv_v_elp_wifi_neigh_probe() and batadv_v_elp_periodic_work() functions in net/batman-adv/bat_v_elp.c, within the batadv_v_hardif_neigh_init() function in net/batman-adv/bat_v.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Improper locking

EUVDB-ID: #VU105148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21820

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cdns_uart_handle_rx(), cdns_uart_isr() and cdns_uart_console_write() functions in drivers/tty/serial/xilinx_uartps.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) NULL pointer dereference

EUVDB-ID: #VU105141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21814

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ptp_getcycles64() and ptp_clock_register() functions in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper locking

EUVDB-ID: #VU105146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21811

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_lookup_dirty_data_buffers() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Improper error handling

EUVDB-ID: #VU105153

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21806

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Buffer overflow

EUVDB-ID: #VU105159

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21804

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rcar_pcie_parse_outbound_ranges() function in drivers/pci/controller/pcie-rcar-ep.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Input validation error

EUVDB-ID: #VU105162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21802

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hclgevf_init() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c, within the module_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c, within the EXPORT_SYMBOL() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Improper error handling

EUVDB-ID: #VU105152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21799

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the am65_cpsw_nuss_remove_tx_chns() function in drivers/net/ethernet/ti/am65-cpsw-nuss.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Use-after-free

EUVDB-ID: #VU104953

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21796

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_acl_release() function in fs/nfsd/nfs3acl.c, within the posix_acl_release() function in fs/nfsd/nfs2acl.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Input validation error

EUVDB-ID: #VU105087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21795

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfsd4_run_cb_work() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Use-after-free

EUVDB-ID: #VU104952

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21791

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the include/net/l3mdev.h. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Input validation error

EUVDB-ID: #VU105035

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21787

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the team_nl_options_set_doit() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Out-of-bounds read

EUVDB-ID: #VU104982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21785

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the populate_cache_leaves() function in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Out-of-bounds read

EUVDB-ID: #VU104981

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21782

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the orangefs_debug_write() function in fs/orangefs/orangefs-debugfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Resource management error

EUVDB-ID: #VU105077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21781

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the batadv_v_elp_start_timer() and batadv_v_elp_get_throughput() functions in net/batman-adv/bat_v_elp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU104994

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21779

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kvm_hv_send_ipi() and kvm_get_hv_cpuid() functions in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) NULL pointer dereference

EUVDB-ID: #VU104995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21776

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hub_probe() function in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Out-of-bounds read

EUVDB-ID: #VU104980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21772

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mac_partition() function in block/partitions/mac.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper locking

EUVDB-ID: #VU105021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21767

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the clocksource_verify_percpu() function in kernel/time/clocksource.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Input validation error

EUVDB-ID: #VU105089

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21766

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the out: kfree_skb_reason() and __ip_rt_update_pmtu() functions in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Input validation error

EUVDB-ID: #VU105090

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21765

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ip6_default_advmss() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Use-after-free

EUVDB-ID: #VU104950

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21764

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Use-after-free

EUVDB-ID: #VU104943

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21763

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __neigh_notify() function in net/core/neighbour.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Use-after-free

EUVDB-ID: #VU104949

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21762

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the arp_xmit_finish() function in net/ipv4/arp.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Use-after-free

EUVDB-ID: #VU104948

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21761

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovs_vport_cmd_fill_info() function in net/openvswitch/datapath.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Use-after-free

EUVDB-ID: #VU104947

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21760

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_nd_hdr() and ndisc_send_skb() functions in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Buffer overflow

EUVDB-ID: #VU105082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21758

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Use-after-free

EUVDB-ID: #VU104944

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21753

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/btrfs/transaction.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Improper locking

EUVDB-ID: #VU105019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21749

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rose_bind() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Integer overflow

EUVDB-ID: #VU105050

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21748

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ksmbd_ipc_spnego_authen_request(), ksmbd_rpc_write() and ksmbd_rpc_ioctl() functions in fs/smb/server/transport_ipc.c. A local user can execute arbitrary code.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Memory leak

EUVDB-ID: #VU104936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21745

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the blkcg_fill_root_iostats() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) NULL pointer dereference

EUVDB-ID: #VU105000

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21744

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcmf_txfinalize() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Integer overflow

EUVDB-ID: #VU105049

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21736

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the nilfs_fiemap() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Buffer overflow

EUVDB-ID: #VU105056

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21735

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nci_hci_create_pipe() function in net/nfc/nci/hci.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Use-after-free

EUVDB-ID: #VU104969

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21731

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_disconnect_and_put() function in drivers/block/nbd.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Resource management error

EUVDB-ID: #VU105066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21728

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bpf_send_signal_common() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Use-after-free

EUVDB-ID: #VU104960

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21727

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the padata_free_shell() function in kernel/padata.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Use-after-free

EUVDB-ID: #VU104961

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21726

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the padata_reorder() and invoke_padata_reorder() functions in kernel/padata.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Use-after-free

EUVDB-ID: #VU104962

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21722

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_clear_dirty_pages() and nilfs_clear_folio_dirty() functions in fs/nilfs2/page.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Input validation error

EUVDB-ID: #VU105036

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21721

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_rename() function in fs/nilfs2/namei.c, within the nilfs_inode_by_name(), nilfs_set_link() and nilfs_delete_entry() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Race condition

EUVDB-ID: #VU105081

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21719

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Use-after-free

EUVDB-ID: #VU104963

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21718

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rose_heartbeat_expiry(), rose_timer_expiry() and rose_idletimer_expiry() functions in net/rose/rose_timer.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Use-after-free

EUVDB-ID: #VU104964

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21715

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dm9000_drv_remove() function in drivers/net/ethernet/davicom/dm9000.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Integer overflow

EUVDB-ID: #VU105053

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21711

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the rose_setsockopt() function in net/rose/af_rose.c. A local user can execute arbitrary code.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Resource management error

EUVDB-ID: #VU105080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21708

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the MSR_SPEED() and rtl8150_probe() functions in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Use of uninitialized resource

EUVDB-ID: #VU105042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21707

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mptcp_parse_option() and mptcp_get_options() functions in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Buffer overflow

EUVDB-ID: #VU104139

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21704

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the acm_process_notification() and acm_ctrl_irq() functions in drivers/usb/class/cdc-acm.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Improper locking

EUVDB-ID: #VU103749

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21684

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DECLARE_BITMAP(), xgpio_set(), xgpio_set_multiple(), xgpio_dir_in(), xgpio_dir_out(), xgpio_irq_mask(), xgpio_irq_unmask(), xgpio_irqhandler() and xgpio_probe() functions in drivers/gpio/gpio-xilinx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Out-of-bounds read

EUVDB-ID: #VU103014

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21647

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cake_ddst(), cake_enqueue() and cake_dequeue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Use-after-free

EUVDB-ID: #VU107678

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58093

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Infinite loop

EUVDB-ID: #VU106127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58090

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the !defined() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Input validation error

EUVDB-ID: #VU105431

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58086

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the v3d_perfmon_destroy_ioctl() function in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Buffer overflow

EUVDB-ID: #VU105422

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58085

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the tomoyo_write_control() function in security/tomoyo/common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-xilinx-zynqmp to the latest version.

Ubuntu: 22.04

linux-xilinx-zynqmp (Ubuntu package): before 5.15.0-1050.54

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7602-1