SB2025072898 - SUSE update for the Linux Kernel
Published: July 28, 2025 Updated: August 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 94 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2023-52888)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the h264_enc_free_work_buf() function in drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c, within the vdec_av1_slice_free_working_buffer() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_av1_req_lat_if.c. A local user can perform a denial of service (DoS) attack.
2) Memory leak (CVE-ID: CVE-2024-26831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the handshake_req_destroy_test1() function in net/handshake/handshake-test.c. A local user can perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2024-49568)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_msg_prop_valid() function in net/smc/smc_clc.c, within the smc_find_rdma_v2_device_serv() function in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
4) Use-after-free (CVE-ID: CVE-2024-50106)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the destroy_delegation(), nfsd4_revoke_states(), nfs4_laundromat(), nfsd4_free_stateid() and nfsd4_delegreturn() functions in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
5) Memory leak (CVE-ID: CVE-2024-56613)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
6) Improper resource shutdown or release (CVE-ID: CVE-2024-56699)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the zpci_device_reserved() and zpci_release_device() functions in arch/s390/pci/pci.c. A local user can perform a denial of service (DoS) attack.
7) Out-of-bounds read (CVE-ID: CVE-2024-57982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xfrm_state_deref_prot(), xfrm_dst_hash(), xfrm_src_hash(), xfrm_spi_hash(), xfrm_init_tempstate(), __xfrm_state_lookup_all(), xfrm_input_state_lookup(), EXPORT_SYMBOL(), __xfrm_state_lookup_byaddr(), xfrm_state_find(), xfrm_state_lookup() and xfrm_state_lookup_byaddr() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2024-58053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_abort_conn() and rxrpc_abort_calls() functions in net/rxrpc/conn_event.c. A local user can perform a denial of service (DoS) attack.
9) NULL pointer dereference (CVE-ID: CVE-2025-21658)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scrub_find_fill_first_stripe() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.
10) NULL pointer dereference (CVE-ID: CVE-2025-21720)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/xfrm.h. A local user can perform a denial of service (DoS) attack.
11) Resource management error (CVE-ID: CVE-2025-21868)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SKB_HEAD_ALIGN(), __netdev_alloc_skb() and napi_alloc_skb() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
12) Division by zero (CVE-ID: CVE-2025-21898)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the function_stat_show() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
13) Improper error handling (CVE-ID: CVE-2025-21899)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the event_hist_trigger_parse() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
14) Memory leak (CVE-ID: CVE-2025-21920)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vlan_check_real_dev() function in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
15) Resource management error (CVE-ID: CVE-2025-21938)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __mptcp_pm_release_addr_entry(), mptcp_pm_nl_append_new_local_addr(), mptcp_pm_nl_get_local_id() and mptcp_pm_nl_add_addr_doit() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
16) Use of uninitialized resource (CVE-ID: CVE-2025-21959)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the raw_smp_processor_id() function in net/netfilter/nf_conncount.c. A local user can perform a denial of service (DoS) attack.
17) Integer overflow (CVE-ID: CVE-2025-21997)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the xp_create_and_assign_umem() function in net/xdp/xsk_buff_pool.c. A local user can execute arbitrary code.
18) Use-after-free (CVE-ID: CVE-2025-22035)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wakeup_trace_open() function in kernel/trace/trace_sched_wakeup.c, within the irqsoff_trace_open() function in kernel/trace/trace_irqsoff.c, within the graph_trace_close() function in kernel/trace/trace_functions_graph.c. A local user can escalate privileges on the system.
19) Memory leak (CVE-ID: CVE-2025-22083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vhost_scsi_set_endpoint(), target_undepend_item() and vhost_scsi_flush() functions in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.
20) Improper locking (CVE-ID: CVE-2025-22111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_write_iter(), brioctl_set(), br_ioctl_call(), sock_ioctl() and compat_sock_ioctl_trans() functions in net/socket.c, within the dev_ifsioc() and dev_ioctl() functions in net/core/dev_ioctl.c, within the old_deviceless() and br_ioctl_stub() functions in net/bridge/br_ioctl.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-22113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_handle_error(), ext4_put_super() and ext4_load_and_init_journal() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
22) Improper locking (CVE-ID: CVE-2025-22120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_setattr() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
23) Resource management error (CVE-ID: CVE-2025-23155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stmmac_request_irq_multi_msi() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
24) Use-after-free (CVE-ID: CVE-2025-37738)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can escalate privileges on the system.
25) Memory leak (CVE-ID: CVE-2025-37743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_dp_mon_rx_parse_status_tlv() and ath12k_dp_mon_parse_rx_dest() functions in drivers/net/wireless/ath/ath12k/dp_mon.c. A local user can perform a denial of service (DoS) attack.
26) Out-of-bounds read (CVE-ID: CVE-2025-37752)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sfq_change() function in net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
27) Resource management error (CVE-ID: CVE-2025-37756)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tls_setsockopt() and build_protos() functions in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
28) Memory leak (CVE-ID: CVE-2025-37757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_link_xmit() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
29) Use-after-free (CVE-ID: CVE-2025-37786)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dsa_tree_teardown_lags(), dsa_tree_setup(), dsa_tree_teardown_switches() and dsa_tree_teardown() functions in net/dsa/dsa.c. A local user can escalate privileges on the system.
30) NULL pointer dereference (CVE-ID: CVE-2025-37800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_uevent_name() and dev_uevent() functions in drivers/base/core.c, within the bus_rescan_devices_helper() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
31) NULL pointer dereference (CVE-ID: CVE-2025-37801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the spi_imx_transfer_one() function in drivers/spi/spi-imx.c. A local user can perform a denial of service (DoS) attack.
32) NULL pointer dereference (CVE-ID: CVE-2025-37811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpu_latency_qos_remove_request() and ci_hdrc_imx_remove() functions in drivers/usb/chipidea/ci_hdrc_imx.c. A local user can perform a denial of service (DoS) attack.
33) NULL pointer dereference (CVE-ID: CVE-2025-37844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_handle_cancelled_close() function in fs/smb/client/smb2misc.c. A local user can perform a denial of service (DoS) attack.
34) Infinite loop (CVE-ID: CVE-2025-37859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the page_pool_release_retry() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
35) NULL pointer dereference (CVE-ID: CVE-2025-37862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pidff_set_autocenter() and pidff_reports_ok() functions in drivers/hid/usbhid/hid-pidff.c. A local user can perform a denial of service (DoS) attack.
36) Use of uninitialized resource (CVE-ID: CVE-2025-37865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mv88e6xxx_vtu_get() and mv88e6xxx_mst_put() functions in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
37) Memory leak (CVE-ID: CVE-2025-37874)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ngbe_probe() and wx_clear_interrupt_scheme() functions in drivers/net/ethernet/wangxun/ngbe/ngbe_main.c. A local user can perform a denial of service (DoS) attack.
38) Improper locking (CVE-ID: CVE-2025-37884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __set_printk_clr_event() and bpf_get_trace_vprintk_proto() functions in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
39) Memory leak (CVE-ID: CVE-2025-37909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lan743x_tx_frame_add_lso(), lan743x_tx_frame_add_fragment() and lan743x_tx_frame_end() functions in drivers/net/ethernet/microchip/lan743x_main.c. A local user can perform a denial of service (DoS) attack.
40) Improper locking (CVE-ID: CVE-2025-37917)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_star_tx_poll() and mtk_star_rx_poll() functions in drivers/net/ethernet/mediatek/mtk_star_emac.c. A local user can perform a denial of service (DoS) attack.
41) Improper locking (CVE-ID: CVE-2025-37921)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vxlan_vni_delete_group() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.
42) Buffer overflow (CVE-ID: CVE-2025-37923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tracing_splice_read_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
43) Buffer overflow (CVE-ID: CVE-2025-37927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
44) Input validation error (CVE-ID: CVE-2025-37933)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the octep_hb_timeout_task() function in drivers/net/ethernet/marvell/octeon_ep/octep_main.c. A local user can perform a denial of service (DoS) attack.
45) Resource management error (CVE-ID: CVE-2025-37936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the intel_guest_get_msrs() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
46) Use-after-free (CVE-ID: CVE-2025-37938)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the test_event_printk() function in kernel/trace/trace_events.c. A local user can escalate privileges on the system.
47) NULL pointer dereference (CVE-ID: CVE-2025-37945)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_link_change() and mdio_bus_phy_suspend() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
48) Improper locking (CVE-ID: CVE-2025-37946)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the disable_slot() function in drivers/pci/hotplug/s390_pci_hpc.c. A local user can perform a denial of service (DoS) attack.
49) Use of uninitialized resource (CVE-ID: CVE-2025-37961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __mtu_check_toobig_v6(), do_output_route4() and __ip_vs_get_out_rt() functions in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
50) Improper locking (CVE-ID: CVE-2025-37967)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ucsi_set_drvdata() function in drivers/usb/typec/ucsi/ucsi.c, within the ucsi_displayport_enter(), ucsi_displayport_exit() and ucsi_displayport_vdm() functions in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
51) Improper locking (CVE-ID: CVE-2025-37968)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the opt3001_irq() function in drivers/iio/light/opt3001.c. A local user can perform a denial of service (DoS) attack.
52) Buffer overflow (CVE-ID: CVE-2025-37973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cfg80211_defrag_mle() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
53) Buffer overflow (CVE-ID: CVE-2025-37987)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_core_init() function in drivers/net/ethernet/amd/pds_core/core.c. A local user can perform a denial of service (DoS) attack.
54) NULL pointer dereference (CVE-ID: CVE-2025-37992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_change() function in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
55) NULL pointer dereference (CVE-ID: CVE-2025-37994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_displayport_remove_partner() function in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
56) Improper error handling (CVE-ID: CVE-2025-37995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the module_kobj_release() function in kernel/params.c. A local user can perform a denial of service (DoS) attack.
57) Improper locking (CVE-ID: CVE-2025-37997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/netfilter/ipset/ip_set_hash_gen.h. A local user can perform a denial of service (DoS) attack.
58) Incorrect calculation (CVE-ID: CVE-2025-37998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the output_userspace() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.
59) Use-after-free (CVE-ID: CVE-2025-38000)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
60) Use-after-free (CVE-ID: CVE-2025-38001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_in_el_or_vttree(), hfsc_change_class() and hfsc_enqueue() functions in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
61) Use-after-free (CVE-ID: CVE-2025-38003)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_proc_show(), bcm_delete_rx_op(), bcm_delete_tx_op() and bcm_rx_setup() functions in net/can/bcm.c. A local user can escalate privileges on the system.
62) Improper locking (CVE-ID: CVE-2025-38004)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bcm_can_tx(), bcm_tx_timeout_handler() and bcm_tx_setup() functions in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
63) Improper locking (CVE-ID: CVE-2025-38005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the udma_check_tx_completion() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
64) NULL pointer dereference (CVE-ID: CVE-2025-38007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uclogic_input_configured() function in drivers/hid/hid-uclogic-core.c. A local user can perform a denial of service (DoS) attack.
65) Improper resource shutdown or release (CVE-ID: CVE-2025-38009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
66) Race condition (CVE-ID: CVE-2025-38010)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the DATA0_VAL_PD BIT(), DECLARE_BITMAP(), tegra186_utmi_bias_pad_power_on(), tegra186_utmi_bias_pad_power_off(), tegra186_utmi_pad_power_on() and tegra186_utmi_pad_power_down() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can escalate privileges on the system.
67) Memory leak (CVE-ID: CVE-2025-38011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amdgpu_unmap_static_csa() function in drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c. A local user can perform a denial of service (DoS) attack.
68) Out-of-bounds read (CVE-ID: CVE-2025-38013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_register_hw() function in net/mac80211/main.c. A local user can perform a denial of service (DoS) attack.
69) Input validation error (CVE-ID: CVE-2025-38014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_new_node_page() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
70) Memory leak (CVE-ID: CVE-2025-38015)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the idxd_alloc() function in drivers/dma/idxd/init.c. A local user can perform a denial of service (DoS) attack.
71) NULL pointer dereference (CVE-ID: CVE-2025-38018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_strp_read_copy() function in net/tls/tls_strp.c. A local user can perform a denial of service (DoS) attack.
72) NULL pointer dereference (CVE-ID: CVE-2025-38020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_fix_uplink_rep_features() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
73) Use-after-free (CVE-ID: CVE-2025-38022)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ib_device_notify_register() and ib_register_device() functions in drivers/infiniband/core/device.c. A local user can escalate privileges on the system.
74) Use-after-free (CVE-ID: CVE-2025-38023)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_alloc_unlockdata() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
75) Use-after-free (CVE-ID: CVE-2025-38024)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_cq_from_init() function in drivers/infiniband/sw/rxe/rxe_cq.c. A local user can escalate privileges on the system.
76) Buffer overflow (CVE-ID: CVE-2025-38027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the max20086_regulators_register() and max20086_parse_regulators_dt() functions in drivers/regulator/max20086-regulator.c. A local user can perform a denial of service (DoS) attack.
77) Memory leak (CVE-ID: CVE-2025-38031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the padata_reorder() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
78) Improper locking (CVE-ID: CVE-2025-38040)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32_usart_enable_ms() function in drivers/tty/serial/stm32-usart.c, within the sci_shutdown() function in drivers/tty/serial/sh-sci.c, within the mctrl_gpio_enable_ms() and mctrl_gpio_disable_ms() functions in drivers/tty/serial/serial_mctrl_gpio.c, within the imx_uart_shutdown() function in drivers/tty/serial/imx.c, within the atmel_disable_ms() function in drivers/tty/serial/atmel_serial.c, within the serial8250_disable_ms() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
79) Resource management error (CVE-ID: CVE-2025-38043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
80) Input validation error (CVE-ID: CVE-2025-38044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_setup_tc_mqprio() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
81) Input validation error (CVE-ID: CVE-2025-38045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the _iwl_dbg_tlv_time_point() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
82) NULL pointer dereference (CVE-ID: CVE-2025-38053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_cfg_netdev() and idpf_features_check() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
83) Memory leak (CVE-ID: CVE-2025-38057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the espintcp_queue_out() function in net/xfrm/espintcp.c, within the esp_output_tcp_finish() function in net/ipv6/esp6.c, within the esp_output_tcp_finish() function in net/ipv4/esp4.c. A local user can perform a denial of service (DoS) attack.
84) NULL pointer dereference (CVE-ID: CVE-2025-38059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scrub_find_fill_first_stripe() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.
85) Infinite loop (CVE-ID: CVE-2025-38060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the copy_verifier_state() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
86) Input validation error (CVE-ID: CVE-2025-38065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the orangefs_writepage_locked() and orangefs_writepages_work() functions in fs/orangefs/inode.c. A local user can perform a denial of service (DoS) attack.
87) Buffer overflow (CVE-ID: CVE-2025-38068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lzo1x_1_do_compress() and lzogeneric1x_1_compress() functions in lib/lzo/lzo1x_compress.c, within the obj-$() function in lib/lzo/Makefile, within the __lzo_compress() function in crypto/lzo.c, within the __lzorle_compress() function in crypto/lzo-rle.c. A local user can perform a denial of service (DoS) attack.
88) Division by zero (CVE-ID: CVE-2025-38072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the nd_label_data_init() function in drivers/nvdimm/label.c. A local user can perform a denial of service (DoS) attack.
89) Buffer overflow (CVE-ID: CVE-2025-38077)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the current_password_store() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c. A local user can escalate privileges on the system.
90) Use-after-free (CVE-ID: CVE-2025-38078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_pcm_buffer_access_unlock() function in sound/core/pcm_native.c, within the snd_pcm_oss_change_params_locked() function in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
91) Use-after-free (CVE-ID: CVE-2025-38079)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.
92) Buffer overflow (CVE-ID: CVE-2025-38080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/amd/display/dc/inc/core_types.h. A local user can perform a denial of service (DoS) attack.
93) Out-of-bounds read (CVE-ID: CVE-2025-38081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rockchip_spi_config() function in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.
94) Race condition (CVE-ID: CVE-2025-38083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the prio_tune() function in net/sched/sch_prio.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.