Ubuntu update for linux-aws
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 46 |
| CVE-ID | CVE-2025-38216 CVE-2025-37991 CVE-2025-37990 CVE-2025-37974 CVE-2025-37946 CVE-2025-37936 CVE-2025-37935 CVE-2025-37934 CVE-2025-37933 CVE-2025-37931 CVE-2025-37930 CVE-2025-37929 CVE-2025-37928 CVE-2025-37927 CVE-2025-37926 CVE-2025-37924 CVE-2025-37923 CVE-2025-37922 CVE-2025-37921 CVE-2025-37920 CVE-2025-37919 CVE-2025-37918 CVE-2025-37917 CVE-2025-37916 CVE-2025-37915 CVE-2025-37914 CVE-2025-37913 CVE-2025-37912 CVE-2025-37911 CVE-2025-37910 CVE-2025-37909 CVE-2025-37908 CVE-2025-37907 CVE-2025-37906 CVE-2025-37905 CVE-2025-37904 CVE-2025-37903 CVE-2025-37901 CVE-2025-37900 CVE-2025-37899 CVE-2025-37898 CVE-2025-37897 CVE-2025-37896 CVE-2025-37895 CVE-2025-37894 CVE-2025-37891 |
| CWE-ID | CWE-20 CWE-388 CWE-667 CWE-399 CWE-908 CWE-835 CWE-119 CWE-416 CWE-476 CWE-125 CWE-401 CWE-362 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-aws (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 46 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU112333
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38216
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the intel_nested_attach_dev() function in drivers/iommu/intel/nested.c, within the dmar_domain_attach_device(), device_block_translation() and identity_domain_attach_dev() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper error handling
EUVDB-ID: #VU109546
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37991
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the handle_fpe() function in arch/parisc/math-emu/driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper error handling
EUVDB-ID: #VU109545
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37990
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU109586
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __clp_add() function in arch/s390/pci/pci_clp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU109534
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37946
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the disable_slot() function in drivers/pci/hotplug/s390_pci_hpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU109561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37936
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the intel_guest_get_msrs() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU109577
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37935
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mediatek/mtk_eth_soc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of uninitialized resource
EUVDB-ID: #VU109551
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37934
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the graph_util_parse_link_direction() function in sound/soc/generic/simple-card-utils.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU109584
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37933
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the octep_hb_timeout_task() function in drivers/net/ethernet/marvell/octeon_ep/octep_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Infinite loop
EUVDB-ID: #VU109558
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37931
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the submit_eb_subpage() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU109571
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37930
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper error handling
EUVDB-ID: #VU109550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper error handling
EUVDB-ID: #VU109549
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37928
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Buffer overflow
EUVDB-ID: #VU109555
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37927
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU109508
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37926
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ksmbd_session_rpc_clear_list(), ksmbd_session_rpc_open(), ksmbd_session_rpc_close() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU109507
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37924
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the krb5_authenticate() function in fs/smb/server/smb2pdu.c, within the ksmbd_krb5_authenticate() function in fs/smb/server/auth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU109575
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37923
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tracing_splice_read_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU109506
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37922
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the radix__vmemmap_populate() function in arch/powerpc/mm/book3s64/radix_pgtable.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU109536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37921
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vxlan_vni_delete_group() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU109537
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37920
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xp_create_and_assign_umem() function in net/xdp/xsk_buff_pool.c, within the xsk_generic_rcv() and xsk_create() functions in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU109523
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acp_i2s_set_tdm_slot() function in sound/soc/amd/acp/acp-i2s.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU109522
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btusb_coredump_qca(), handle_dump_pkt_qca() and acl_pkt_is_dump_qca() functions in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU109538
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37917
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_star_tx_poll() and mtk_star_rx_poll() functions in drivers/net/ethernet/mediatek/mtk_star_emac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU109505
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37916
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pdsc_auxbus_dev_del() function in drivers/net/ethernet/amd/pds_core/auxbus.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU109504
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37915
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU109503
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37914
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and ets_qdisc_enqueue() functions in net/sched/sch_ets.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU109502
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37913
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and qfq_enqueue() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU109521
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37912
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vc_add_fdir_fltr() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU109514
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37911
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU109520
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37910
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ptp_ocp_sma_adva_set_output() function in drivers/ptp/ptp_ocp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU109493
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37909
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lan743x_tx_frame_add_lso(), lan743x_tx_frame_add_fragment() and lan743x_tx_frame_end() functions in drivers/net/ethernet/microchip/lan743x_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU109569
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37908
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the free_slab_obj_exts(), prepare_slab_obj_exts_hook() and account_slab() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU109539
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37907
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ivpu_job_submit() function in drivers/accel/ivpu/ivpu_job.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Race condition
EUVDB-ID: #VU109560
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37906
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ublk_start_cancel(), ublk_uring_cmd_cancel_fn() and ublk_cancel_queue() functions in drivers/block/ublk_drv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Memory leak
EUVDB-ID: #VU109492
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37905
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_child_dev_find() function in drivers/firmware/arm_scmi/bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory leak
EUVDB-ID: #VU109491
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37904
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_iget() function in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU109501
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37903
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_update_display(), hdcp_remove_display(), hdcp_reset_display() and update_config() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Input validation error
EUVDB-ID: #VU109543
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37901
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qcom_mpm_alloc() function in drivers/irqchip/irq-qcom-mpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) NULL pointer dereference
EUVDB-ID: #VU109519
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37900
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use-after-free
EUVDB-ID: #VU109500
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-37899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the smb2_session_logoff() function in fs/smb/server/smb2pdu.c. A remote attacker can send specially crafted data to the SMB client during session logoff and compromise the affected system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper error handling
EUVDB-ID: #VU109547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37898
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the get_stubs_size() function in arch/powerpc/kernel/module_64.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU109540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37897
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the plfxlc_mac_init_hw() function in drivers/net/wireless/purelifi/plfxlc/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Buffer overflow
EUVDB-ID: #VU109574
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37896
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spi_mem_calc_op_duration() function in drivers/spi/spi-mem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU109541
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37895
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnxt_init_napi() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU109535
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37894
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp6_check_fraglist_gro() function in net/ipv6/tcpv6_offload.c, within the tcp4_check_fraglist_gro() function in net/ipv4/tcp_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU109432
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37891
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the include/sound/ump_convert.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 25.04
linux-aws (Ubuntu package): before 6.14.0-1009.9
CPE2.3- cpe:2.3:o:canonical:ubuntu:25.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7649-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
