SB20250818103 - SUSE update for the Linux Kernel
Published: August 18, 2025 Updated: January 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 260 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2019-11135)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the TSX Asynchronous Abort (TAA) in Intel CPUs. The TAA condition, on some microprocessors utilizing speculative execution, may allow an authenticated user to potentially enable information disclosure via a side channel.2) Improper locking (CVE-ID: CVE-2024-36028)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __update_and_free_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
3) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36348)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information leak. A local user process can infer the control registers speculatively even if UMIP[3] feature is enabled, potentially resulting in information leakage.
4) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36349)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information leak. A local user process can infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.
5) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36350)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information leak. A local user can obtain sensitive data from previous stores.
6) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36357)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information leak. A local user can obtain sensitive data from the L1D cache.
7) Input validation error (CVE-ID: CVE-2024-42134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vp_del_vqs() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2024-44963)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_delete_free_space_tree() function in fs/btrfs/free-space-tree.c, within the btrfs_free_tree_block(), clear_bit() and walk_up_proc() functions in fs/btrfs/extent-tree.c, within the btrfs_force_cow_block(), balance_level(), insert_new_root() and btrfs_del_leaf() functions in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
9) Memory leak (CVE-ID: CVE-2024-56742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5vf_add_migration_pages() function in drivers/vfio/pci/mlx5/cmd.c. A local user can perform a denial of service (DoS) attack.
10) Memory leak (CVE-ID: CVE-2024-57947)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_pipapo_avx2_lookup_slow() function in net/netfilter/nft_set_pipapo_avx2.c, within the nft_pipapo_lookup() and pipapo_get() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
11) Infinite loop (CVE-ID: CVE-2025-21839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vcpu_enter_guest() function in arch/x86/kvm/x86.c, within the vmx_sync_dirty_debug_regs() and vmx_vcpu_run() functions in arch/x86/kvm/vmx/vmx.c, within the new_asid() and svm_vcpu_run() functions in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
12) Infinite loop (CVE-ID: CVE-2025-21872)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the efi_mokvar_table_init() function in drivers/firmware/efi/mokvar-table.c. A local user can perform a denial of service (DoS) attack.
13) Resource management error (CVE-ID: CVE-2025-23163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vlan_dev_open(), vlan_dev_stop() and vlan_dev_change_rx_flags() functions in net/8021q/vlan_dev.c. A local user can perform a denial of service (DoS) attack.
14) Input validation error (CVE-ID: CVE-2025-37798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_bstats_update() function in net/sched/sch_fq_codel.c, within the codel_qdisc_dequeue() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
15) Integer underflow (CVE-ID: CVE-2025-37856)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the btrfs_put_transaction() and btrfs_cleanup_pending_block_groups() functions in fs/btrfs/transaction.c, within the btrfs_finish_extent_commit() function in fs/btrfs/extent-tree.c. A local user can execute arbitrary code.
16) Memory leak (CVE-ID: CVE-2025-37864)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsa_switch_parse() function in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2025-37885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
18) Improper locking (CVE-ID: CVE-2025-37920)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xp_create_and_assign_umem() function in net/xdp/xsk_buff_pool.c, within the xsk_generic_rcv() and xsk_create() functions in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
19) Integer overflow (CVE-ID: CVE-2025-37984)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ecdsa_x962_verify() function in crypto/ecdsa-x962.c, within the ecdsa_p1363_verify() function in crypto/ecdsa-p1363.c, within the EXPORT_SYMBOL() function in crypto/ecc.c. A local user can execute arbitrary code.
20) NULL pointer dereference (CVE-ID: CVE-2025-38034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.
21) NULL pointer dereference (CVE-ID: CVE-2025-38035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_restore_socket_callbacks() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
22) Resource management error (CVE-ID: CVE-2025-38047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __restore_processor_state() function in arch/x86/power/cpu.c. A local user can perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2025-38051)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the find_cifs_entry() function in fs/cifs/readdir.c. A local user can escalate privileges on the system.
24) Use-after-free (CVE-ID: CVE-2025-38052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_aead_encrypt() and tipc_aead_encrypt_done() functions in net/tipc/crypto.c. A local user can escalate privileges on the system.
25) Incorrect calculation (CVE-ID: CVE-2025-38058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __legitimize_mnt() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
26) Out-of-bounds read (CVE-ID: CVE-2025-38061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pktgen_thread_write() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
27) Use-after-free (CVE-ID: CVE-2025-38062)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iommu_dma_prepare_msi() function in drivers/iommu/dma-iommu.c. A local user can escalate privileges on the system.
28) Improper locking (CVE-ID: CVE-2025-38063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
29) Resource management error (CVE-ID: CVE-2025-38064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virtio_irq_get_affinity() and __register_virtio_driver() functions in drivers/virtio/virtio.c. A local user can perform a denial of service (DoS) attack.
30) Use-after-free (CVE-ID: CVE-2025-38074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
31) Improper locking (CVE-ID: CVE-2025-38084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_vma() function in mm/vma.c, within the hugetlb_vma_lock_free(), hugetlb_vm_op_split(), move_hugetlb_state() and hugetlb_unshare_pmds() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
32) Buffer overflow (CVE-ID: CVE-2025-38085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the huge_pmd_unshare() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
33) Use-after-free (CVE-ID: CVE-2025-38087)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_dev_notifier() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
34) Out-of-bounds read (CVE-ID: CVE-2025-38088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the memtrace_read() function in arch/powerpc/platforms/powernv/memtrace.c. A local user can perform a denial of service (DoS) attack.
35) NULL pointer dereference (CVE-ID: CVE-2025-38089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svc_process_common() function in net/sunrpc/svc.c. A local user can perform a denial of service (DoS) attack.
36) Buffer overflow (CVE-ID: CVE-2025-38090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riocm_ch_send() function in drivers/rapidio/rio_cm.c. A local user can perform a denial of service (DoS) attack.
37) Resource management error (CVE-ID: CVE-2025-38091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the populate_dml21_plane_config_from_plane_state(), dml21_wrapper_get_plane_id(), map_stream_to_dml21_display_cfg() and dml21_map_dc_state_into_dml_display_cfg() functions in drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c. A local user can perform a denial of service (DoS) attack.
38) Improper locking (CVE-ID: CVE-2025-38094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the macb_update_stats() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.
39) NULL pointer dereference (CVE-ID: CVE-2025-38095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dma_resv_add_fence() function in drivers/dma-buf/dma-resv.c. A local user can perform a denial of service (DoS) attack.
40) Memory leak (CVE-ID: CVE-2025-38097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __xfrm_state_delete() function in net/xfrm/xfrm_state.c, within the esp_ssg_unref(), esp6_find_tcp_sk(), esp_output_tcp_finish() and esp6_output_tcp_encap() functions in net/ipv6/esp6.c, within the esp_ssg_unref(), esp_find_tcp_sk(), esp_output_tcp_finish() and esp_output_tcp_encap() functions in net/ipv4/esp4.c. A local user can perform a denial of service (DoS) attack.
41) Input validation error (CVE-ID: CVE-2025-38098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pre_validate_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c, within the create_validate_stream_for_sink(), amdgpu_dm_connector_mode_valid() and dm_update_crtc_state() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
42) Improper locking (CVE-ID: CVE-2025-38099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_cc_read_buffer_size() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
43) Memory leak (CVE-ID: CVE-2025-38100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the copy_thread() and native_tss_update_io_bitmap() functions in arch/x86/kernel/process.c, within the io_bitmap_share(), io_bitmap_exit() and SYSCALL_DEFINE1() functions in arch/x86/kernel/ioport.c. A local user can perform a denial of service (DoS) attack.
44) Double free (CVE-ID: CVE-2025-38102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drv_cp_harray_to_user() and vmci_host_setup_notify() functions in drivers/misc/vmw_vmci/vmci_host.c. A local user can perform a denial of service (DoS) attack.
45) Input validation error (CVE-ID: CVE-2025-38105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_usbmidi_free() and snd_usbmidi_disconnect() functions in sound/usb/midi.c. A local user can perform a denial of service (DoS) attack.
46) Use-after-free (CVE-ID: CVE-2025-38106)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_sq_thread() and io_sq_offload_create() functions in io_uring/sqpoll.c, within the __io_uring_show_fdinfo() function in io_uring/fdinfo.c. A local user can escalate privileges on the system.
47) Integer underflow (CVE-ID: CVE-2025-38107)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can execute arbitrary code.
48) Improper locking (CVE-ID: CVE-2025-38108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __red_change() function in net/sched/sch_red.c. A local user can perform a denial of service (DoS) attack.
49) Use-after-free (CVE-ID: CVE-2025-38109)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_eswitch_enable_pf_vf_vports() and mlx5_eswitch_disable_pf_vf_vports() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can escalate privileges on the system.
50) Out-of-bounds write (CVE-ID: CVE-2025-38110)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the __mdiobus_c45_read() and __mdiobus_c45_write() functions in drivers/net/phy/mdio_bus.c. A local user can execute arbitrary code.
51) Out-of-bounds read (CVE-ID: CVE-2025-38111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __mdiobus_read() and __mdiobus_write() functions in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
52) NULL pointer dereference (CVE-ID: CVE-2025-38112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.
53) NULL pointer dereference (CVE-ID: CVE-2025-38113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_allow_fast_switch() function in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
54) Improper locking (CVE-ID: CVE-2025-38114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the e1000_down_and_stop() and e1000_remove() functions in drivers/net/ethernet/intel/e1000/e1000_main.c. A local user can perform a denial of service (DoS) attack.
55) Input validation error (CVE-ID: CVE-2025-38115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
56) Improper locking (CVE-ID: CVE-2025-38117)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mgmt_cmd_complete(), mgmt_pending_new(), mgmt_pending_add() and mgmt_pending_free() functions in net/bluetooth/mgmt_util.c, within the settings_rsp(), cmd_complete_rsp(), mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_le_complete(), set_mesh_complete(), mgmt_class_complete(), pairing_complete(), mgmt_add_adv_patterns_monitor_complete(), mgmt_remove_adv_monitor_complete(), start_discovery_complete(), stop_discovery_complete(), set_advertising_complete(), set_bredr_complete(), set_secure_conn_complete(), get_conn_info_complete(), get_clock_info_complete(), add_advertising_complete(), add_ext_adv_params_complete(), add_ext_adv_data_complete(), remove_advertising_complete(), mgmt_index_removed(), mgmt_power_on(), __mgmt_power_off(), unpair_device_rsp(), mgmt_disconnect_failed(), mgmt_auth_enable_complete() and mgmt_set_class_of_dev_complete() functions in net/bluetooth/mgmt.c, within the hci_alloc_dev_priv() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
57) Use-after-free (CVE-ID: CVE-2025-38118)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_adv_monitor_added(), __add_adv_patterns_monitor(), mgmt_remove_adv_monitor_complete() and remove_adv_monitor() functions in net/bluetooth/mgmt.c, within the hci_free_adv_monitor() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
58) Memory leak (CVE-ID: CVE-2025-38120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_pipapo_avx2_estimate() and nft_pipapo_avx2_lookup() functions in net/netfilter/nft_set_pipapo_avx2.c. A local user can perform a denial of service (DoS) attack.
59) NULL pointer dereference (CVE-ID: CVE-2025-38122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_tx_add_skb_dqo() function in drivers/net/ethernet/google/gve/gve_tx_dqo.c. A local user can perform a denial of service (DoS) attack.
60) NULL pointer dereference (CVE-ID: CVE-2025-38123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the t7xx_ccmni_wwan_newlink(), t7xx_ccmni_wwan_dellink(), t7xx_ccmni_recv_skb(), t7xx_ccmni_queue_tx_irq_notify() and t7xx_ccmni_queue_state_notify() functions in drivers/net/wwan/t7xx/t7xx_netdev.c. A local user can perform a denial of service (DoS) attack.
61) Improper locking (CVE-ID: CVE-2025-38124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
62) Improper error handling (CVE-ID: CVE-2025-38126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the stmmac_ptp_register() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c, within the stmmac_init_tstamp_counter() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
63) Improper locking (CVE-ID: CVE-2025-38127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_map_xdp_rings(), ice_prepare_xdp_rings(), mutex_unlock(), ice_destroy_xdp_rings() and ice_xdp_setup_prog() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
64) Use-after-free (CVE-ID: CVE-2025-38129)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the page_pool_ethtool_stats_get(), page_pool_return_page() and page_pool_scrub() functions in net/core/page_pool.c. A local user can escalate privileges on the system.
65) Use-after-free (CVE-ID: CVE-2025-38131)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), _cscfg_activate_config(), _cscfg_deactivate_config(), cscfg_csdev_enable_active_config() and cscfg_csdev_disable_active_config() functions in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can escalate privileges on the system.
66) Improper locking (CVE-ID: CVE-2025-38132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cscfg_remove_owned_csdev_configs() function in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2025-38135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlb_usio_probe() function in drivers/tty/serial/milbeaut_usio.c. A local user can perform a denial of service (DoS) attack.
68) Use of uninitialized resource (CVE-ID: CVE-2025-38136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the usbhs_probe() and usbhs_fifo_remove() functions in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
69) NULL pointer dereference (CVE-ID: CVE-2025-38138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udma_probe() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
70) Input validation error (CVE-ID: CVE-2025-38142)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the asus_ec_hwmon_read_string() function in drivers/hwmon/asus-ec-sensors.c. A local user can perform a denial of service (DoS) attack.
71) NULL pointer dereference (CVE-ID: CVE-2025-38143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wled_configure() function in drivers/video/backlight/qcom-wled.c. A local user can perform a denial of service (DoS) attack.
72) NULL pointer dereference (CVE-ID: CVE-2025-38145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() function in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
73) Memory leak (CVE-ID: CVE-2025-38147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_conn_setattr() function in net/netlabel/netlabel_kapi.c. A local user can perform a denial of service (DoS) attack.
74) Memory leak (CVE-ID: CVE-2025-38148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vsc85xx_txtstamp() function in drivers/net/phy/mscc/mscc_ptp.c. A local user can perform a denial of service (DoS) attack.
75) NULL pointer dereference (CVE-ID: CVE-2025-38149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-38151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cma_netevent_callback() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
77) Improper error handling (CVE-ID: CVE-2025-38153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the aqc111_read_cmd_nopm() and aqc111_read_cmd() functions in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
78) Improper locking (CVE-ID: CVE-2025-38154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_backlog() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
79) NULL pointer dereference (CVE-ID: CVE-2025-38155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7915_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7915/mmio.c. A local user can perform a denial of service (DoS) attack.
80) Out-of-bounds read (CVE-ID: CVE-2025-38157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_swba() function in drivers/net/wireless/ath/ath9k/htc_drv_beacon.c. A local user can perform a denial of service (DoS) attack.
81) Input validation error (CVE-ID: CVE-2025-38158)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_func_stop(), vf_qm_check_match(), vf_qm_get_match_data() and vf_qm_read_data() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
82) Out-of-bounds read (CVE-ID: CVE-2025-38159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_coex_tdma_timer_base() function in drivers/net/wireless/realtek/rtw88/coex.c. A local user can perform a denial of service (DoS) attack.
83) Use-after-free (CVE-ID: CVE-2025-38161)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_get_rsc(), create_resource_common() and mlx5_core_destroy_rq_tracked() functions in drivers/infiniband/hw/mlx5/qpc.c. A local user can escalate privileges on the system.
84) Buffer overflow (CVE-ID: CVE-2025-38162)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lt_calculate_size(), pipapo_resize(), pipapo_lt_bits_adjust() and pipapo_clone() functions in net/netfilter/nft_set_pipapo.c. A local user can escalate privileges on the system.
85) Improper locking (CVE-ID: CVE-2025-38165)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_skb_ingress_enqueue(), sk_psock_skb_ingress(), sk_psock_skb_ingress_self() and sk_psock_verdict_apply() functions in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
86) Improper locking (CVE-ID: CVE-2025-38166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
87) Input validation error (CVE-ID: CVE-2025-38173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv_cesa_skcipher_queue_req() function in drivers/crypto/marvell/cipher.c. A local user can perform a denial of service (DoS) attack.
88) Race condition (CVE-ID: CVE-2025-38174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tb_cfg_request_dequeue() function in drivers/thunderbolt/ctl.c. A local user can perform a denial of service (DoS) attack.
89) Input validation error (CVE-ID: CVE-2025-38177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the eltree_insert() and hfsc_qlen_notify() functions in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
90) Use-after-free (CVE-ID: CVE-2025-38180)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lec_itf_walk(), lec_seq_start() and lec_seq_stop() functions in net/atm/lec.c. A local user can escalate privileges on the system.
91) Improper error handling (CVE-ID: CVE-2025-38181)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the calipso_req_setattr() and calipso_req_delattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
92) Input validation error (CVE-ID: CVE-2025-38182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
93) Out-of-bounds read (CVE-ID: CVE-2025-38183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/microchip/lan743x_ptp.h. A local user can perform a denial of service (DoS) attack.
94) NULL pointer dereference (CVE-ID: CVE-2025-38186)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bnxt_ulp_stop() and bnxt_ulp_start() functions in drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c. A local user can perform a denial of service (DoS) attack.
95) Use-after-free (CVE-ID: CVE-2025-38187)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the r535_gsp_rpc_push() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c. A local user can escalate privileges on the system.
96) Memory leak (CVE-ID: CVE-2025-38188)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the a6xx_set_pagetable() function in drivers/gpu/drm/msm/adreno/a6xx_gpu.c. A local user can perform a denial of service (DoS) attack.
97) NULL pointer dereference (CVE-ID: CVE-2025-38189)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_job_update_stats() function in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2025-38192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_skb_change_protocol(), bpf_skb_proto_4_to_6(), bpf_skb_proto_6_to_4(), bpf_skb_net_grow() and bpf_skb_net_shrink() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
99) Race condition (CVE-ID: CVE-2025-38193)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the sfq_change() function in net/sched/sch_sfq.c. A local user can escalate privileges on the system.
100) Input validation error (CVE-ID: CVE-2025-38194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
101) NULL pointer dereference (CVE-ID: CVE-2025-38197)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the packet_read_list() and packet_empty_list() functions in drivers/platform/x86/dell/dell_rbu.c. A local user can perform a denial of service (DoS) attack.
102) NULL pointer dereference (CVE-ID: CVE-2025-38198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fbcon_info_from_console() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
103) Integer underflow (CVE-ID: CVE-2025-38200)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the i40e_pf_reset() function in drivers/net/ethernet/intel/i40e/i40e_common.c. A local user can execute arbitrary code.
104) Resource management error (CVE-ID: CVE-2025-38202)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_3() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
105) NULL pointer dereference (CVE-ID: CVE-2025-38203)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jfs_ioc_trim() function in fs/jfs/jfs_discard.c. A local user can perform a denial of service (DoS) attack.
106) Out-of-bounds read (CVE-ID: CVE-2025-38204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtInitRoot() and add_missing_indices() functions in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
107) Double free (CVE-ID: CVE-2025-38206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the exfat_free_upcase_table() function in fs/exfat/nls.c. A local user can perform a denial of service (DoS) attack.
108) NULL pointer dereference (CVE-ID: CVE-2025-38210)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the DECLARE_RWSEM(), tsm_report_privlevel_store(), tsm_report_privlevel_floor_show(), CONFIGFS_ATTR_RO(), tsm_report_read(), tsm_report_make_item(), tsm_register() and tsm_unregister() functions in drivers/virt/coco/tsm.c. A local user can perform a denial of service (DoS) attack.
109) Use-after-free (CVE-ID: CVE-2025-38211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
110) Use-after-free (CVE-ID: CVE-2025-38212)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shm_try_destroy_orphaned() function in ipc/shm.c. A local user can escalate privileges on the system.
111) Out-of-bounds read (CVE-ID: CVE-2025-38213)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vgacon_scroll() function in drivers/video/console/vgacon.c. A local user can perform a denial of service (DoS) attack.
112) Improper error handling (CVE-ID: CVE-2025-38214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fb_set_var() function in drivers/video/fbdev/core/fbmem.c. A local user can perform a denial of service (DoS) attack.
113) NULL pointer dereference (CVE-ID: CVE-2025-38215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fb_check_foreignness() and do_register_framebuffer() functions in drivers/video/fbdev/core/fbmem.c. A local user can perform a denial of service (DoS) attack.
114) Improper locking (CVE-ID: CVE-2025-38217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fts_read() function in drivers/hwmon/ftsteutates.c. A local user can perform a denial of service (DoS) attack.
115) NULL pointer dereference (CVE-ID: CVE-2025-38220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_walk_page_buffers() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
116) Improper error handling (CVE-ID: CVE-2025-38222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
117) NULL pointer dereference (CVE-ID: CVE-2025-38225)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_err() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
118) Out-of-bounds read (CVE-ID: CVE-2025-38226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vivid_vid_cap_s_selection() function in drivers/media/test-drivers/vivid/vivid-vid-cap.c. A local user can perform a denial of service (DoS) attack.
119) Use-after-free (CVE-ID: CVE-2025-38227)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vidtv_psi_sdt_table_destroy() function in drivers/media/test-drivers/vidtv/vidtv_channel.c. A local user can escalate privileges on the system.
120) Use of uninitialized resource (CVE-ID: CVE-2025-38229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cxusb_gpio_tuner() function in drivers/media/usb/dvb-usb/cxusb.c. A local user can perform a denial of service (DoS) attack.
121) NULL pointer dereference (CVE-ID: CVE-2025-38231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd_startup_net() function in fs/nfsd/nfssvc.c. A local user can perform a denial of service (DoS) attack.
122) Use-after-free (CVE-ID: CVE-2025-38236)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() and unix_stream_recv_urg() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.
123) Input validation error (CVE-ID: CVE-2025-38238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fdls_send_fabric_abts(), fdls_fabric_timer_callback(), fdls_fdmi_timer_callback() and fdls_process_fdmi_abts_rsp() functions in drivers/scsi/fnic/fdls_disc.c. A local user can perform a denial of service (DoS) attack.
124) Out-of-bounds read (CVE-ID: CVE-2025-38239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the megasas_set_high_iops_queue_affinity_and_hint() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
125) Improper locking (CVE-ID: CVE-2025-38244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_query_server_interfaces() and cifs_signal_cifsd_for_reconnect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
126) Improper error handling (CVE-ID: CVE-2025-38246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __bnxt_poll_work() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
127) Use-after-free (CVE-ID: CVE-2025-38248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_port_ctx_init() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
128) Out-of-bounds read (CVE-ID: CVE-2025-38249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_usb_get_audioformat_uac3() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
129) Use-after-free (CVE-ID: CVE-2025-38250)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_IDA(), hci_dev_get(), hci_dev_do_reset(), hci_dev_reset(), hci_alloc_dev_priv() and hci_unregister_dev() functions in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
130) Improper locking (CVE-ID: CVE-2025-38256)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_release_ubuf() function in io_uring/rsrc.c. A local user can perform a denial of service (DoS) attack.
131) Buffer overflow (CVE-ID: CVE-2025-38257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the _copy_apqns_from_user() function in drivers/s390/crypto/pkey_api.c. A local user can escalate privileges on the system.
132) Memory leak (CVE-ID: CVE-2025-38259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WCD9335_SLIM_TX_CH() and wcd9335_parse_dt() functions in sound/soc/codecs/wcd9335.c. A local user can perform a denial of service (DoS) attack.
133) Infinite loop (CVE-ID: CVE-2025-38264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the nvme_tcp_fetch_request(), nvme_tcp_init_request(), nvme_tcp_handle_r2t() and nvme_tcp_submit_async_event() functions in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.
134) NULL pointer dereference (CVE-ID: CVE-2025-38265)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jsm_uart_port_init() function in drivers/tty/serial/jsm/jsm_tty.c. A local user can perform a denial of service (DoS) attack.
135) Improper locking (CVE-ID: CVE-2025-38268)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcpm_queue_vdm(), tcpm_altmode_enter(), tcpm_altmode_exit(), tcpm_altmode_vdm(), tcpm_cable_altmode_enter(), tcpm_cable_altmode_exit() and tcpm_cable_altmode_vdm() functions in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.
136) Resource management error (CVE-ID: CVE-2025-38272)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the b53_eee_init() and b53_support_eee() functions in drivers/net/dsa/b53/b53_common.c. A local user can perform a denial of service (DoS) attack.
137) Use-after-free (CVE-ID: CVE-2025-38273)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_aead_encrypt() function in net/tipc/crypto.c. A local user can escalate privileges on the system.
138) NULL pointer dereference (CVE-ID: CVE-2025-38275)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usb_iomap() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.
139) Input validation error (CVE-ID: CVE-2025-38277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mxic_ecc_finish_io_req_external() function in drivers/mtd/nand/ecc-mxic.c. A local user can perform a denial of service (DoS) attack.
140) Resource management error (CVE-ID: CVE-2025-38279)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the backtrack_insn() and check_cond_jmp_op() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
141) Input validation error (CVE-ID: CVE-2025-38283)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_check_match(), vf_qm_load_data() and hisi_acc_vfio_pci_migrn_init_dev() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
142) Out-of-bounds read (CVE-ID: CVE-2025-38286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the at91_gpio_probe() function in drivers/pinctrl/pinctrl-at91.c. A local user can perform a denial of service (DoS) attack.
143) Improper locking (CVE-ID: CVE-2025-38287)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cm_process_send_error() function in drivers/infiniband/core/cm.c. A local user can perform a denial of service (DoS) attack.
144) Input validation error (CVE-ID: CVE-2025-38288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pqi_is_parity_write_stream() and pqi_scsi_queue_command() functions in drivers/scsi/smartpqi/smartpqi_init.c. A local user can perform a denial of service (DoS) attack.
145) Use-after-free (CVE-ID: CVE-2025-38289)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.
146) Improper locking (CVE-ID: CVE-2025-38290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath12k_rfkill_work() and ath12k_core_halt() functions in drivers/net/wireless/ath/ath12k/core.c. A local user can perform a denial of service (DoS) attack.
147) Improper locking (CVE-ID: CVE-2025-38291)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath12k_mhi_op_status_cb() function in drivers/net/wireless/ath/ath12k/mhi.c. A local user can perform a denial of service (DoS) attack.
148) Use-after-free (CVE-ID: CVE-2025-38292)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath12k_dp_rx_msdu_coalesce() function in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can escalate privileges on the system.
149) Improper locking (CVE-ID: CVE-2025-38293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath11k_core_halt() function in drivers/net/wireless/ath/ath11k/core.c. A local user can perform a denial of service (DoS) attack.
150) NULL pointer dereference (CVE-ID: CVE-2025-38299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SND_SOC_DAILINK_DEFS() function in sound/soc/mediatek/mt8195/mt8195-mt6359.c. A local user can perform a denial of service (DoS) attack.
151) Use-after-free (CVE-ID: CVE-2025-38300)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c. A local user can escalate privileges on the system.
152) Input validation error (CVE-ID: CVE-2025-38303)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_set_ext_adv_data_sync() and hci_set_adv_data_sync() functions in net/bluetooth/hci_sync.c, within the eir_create_per_adv_data() and eir_create_adv_data() functions in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
153) NULL pointer dereference (CVE-ID: CVE-2025-38304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eir_create_scan_rsp() function in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
154) Improper locking (CVE-ID: CVE-2025-38305)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/ptp/ptp_private.h. A local user can perform a denial of service (DoS) attack.
155) NULL pointer dereference (CVE-ID: CVE-2025-38307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_control_write() function in sound/soc/intel/avs/debugfs.c. A local user can perform a denial of service (DoS) attack.
156) Input validation error (CVE-ID: CVE-2025-38310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.
157) Input validation error (CVE-ID: CVE-2025-38312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fb_find_mode_cvt() function in drivers/video/fbdev/core/fbcvt.c. A local user can perform a denial of service (DoS) attack.
158) Double free (CVE-ID: CVE-2025-38313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fsl_mc_device_add() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
159) Buffer overflow (CVE-ID: CVE-2025-38315)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the btintel_uefi_get_dsbr() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.
160) Buffer overflow (CVE-ID: CVE-2025-38317)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ath12k_write_htt_stats_type() function in drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c. A local user can escalate privileges on the system.
161) NULL pointer dereference (CVE-ID: CVE-2025-38319)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
162) Use-after-free (CVE-ID: CVE-2025-38323)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX(), lec_vcc_attach(), lecd_attach() and lane_ioctl() functions in net/atm/lec.c. A local user can escalate privileges on the system.
163) Improper locking (CVE-ID: CVE-2025-38326)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aoedev_downdev() function in drivers/block/aoe/aoedev.c. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2025-38328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jffs2_scan_medium() function in fs/jffs2/scan.c, within the jffs2_mark_erased_block() function in fs/jffs2/erase.c. A local user can perform a denial of service (DoS) attack.
165) Buffer overflow (CVE-ID: CVE-2025-38332)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lpfc_sli4_get_ctl_attr() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can escalate privileges on the system.
166) Use-after-free (CVE-ID: CVE-2025-38334)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arch_memory_failure() function in arch/x86/kernel/cpu/sgx/main.c. A local user can escalate privileges on the system.
167) Improper locking (CVE-ID: CVE-2025-38335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gpio_keys_irq_isr() and gpio_keys_setup_key() functions in drivers/input/keyboard/gpio_keys.c. A local user can perform a denial of service (DoS) attack.
168) Resource management error (CVE-ID: CVE-2025-38336)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the via_mode_filter() function in drivers/ata/pata_via.c. A local user can perform a denial of service (DoS) attack.
169) NULL pointer dereference (CVE-ID: CVE-2025-38337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jbd2_journal_dirty_metadata() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
170) Improper locking (CVE-ID: CVE-2025-38338)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_return_empty_folio() function in fs/nfs/read.c. A local user can perform a denial of service (DoS) attack.
171) Buffer overflow (CVE-ID: CVE-2025-38342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the software_node_get_reference_args() function in drivers/base/swnode.c. A local user can perform a denial of service (DoS) attack.
172) Input validation error (CVE-ID: CVE-2025-38343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt7996_mac_fill_rx() function in drivers/net/wireless/mediatek/mt76/mt7996/mac.c. A local user can perform a denial of service (DoS) attack.
173) Memory leak (CVE-ID: CVE-2025-38344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c. A local user can perform a denial of service (DoS) attack.
174) Memory leak (CVE-ID: CVE-2025-38345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c. A local user can perform a denial of service (DoS) attack.
175) Input validation error (CVE-ID: CVE-2025-38348)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the p54_rx_eeprom_readback() function in drivers/net/wireless/intersil/p54/txrx.c, within the p54_download_eeprom() function in drivers/net/wireless/intersil/p54/fwio.c. A local user can perform a denial of service (DoS) attack.
176) Use-after-free (CVE-ID: CVE-2025-38349)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ep_remove() and ep_clear_and_put() functions in fs/eventpoll.c. A local user can escalate privileges on the system.
177) Use-after-free (CVE-ID: CVE-2025-38350)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_alloc_handle() and qdisc_tree_reduce_backlog() functions in net/sched/sch_api.c. A local user can escalate privileges on the system.
178) Race condition (CVE-ID: CVE-2025-38352)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android devices.
179) Improper locking (CVE-ID: CVE-2025-38353)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xe_guc_submit_init() and xe_guc_submit_wedge() functions in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
180) Improper locking (CVE-ID: CVE-2025-38354)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the msm_devfreq_init() function in drivers/gpu/drm/msm/msm_gpu_devfreq.c. A local user can perform a denial of service (DoS) attack.
181) Improper locking (CVE-ID: CVE-2025-38355)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_fini_ggtt() and xe_ggtt_init_early() functions in drivers/gpu/drm/xe/xe_ggtt.c. A local user can perform a denial of service (DoS) attack.
182) Improper locking (CVE-ID: CVE-2025-38356)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the receive_g2h() and guc_ct_fini() functions in drivers/gpu/drm/xe/xe_guc_ct.c. A local user can perform a denial of service (DoS) attack.
183) NULL pointer dereference (CVE-ID: CVE-2025-38361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dce110_blank_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c. A local user can perform a denial of service (DoS) attack.
184) NULL pointer dereference (CVE-ID: CVE-2025-38362)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_enable_encryption() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.
185) NULL pointer dereference (CVE-ID: CVE-2025-38363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_crtc_reset() function in drivers/gpu/drm/tegra/dc.c. A local user can perform a denial of service (DoS) attack.
186) NULL pointer dereference (CVE-ID: CVE-2025-38364)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mas_preallocate() function in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
187) Race condition (CVE-ID: CVE-2025-38365)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the btrfs_rename_exchange() and btrfs_rename() functions in fs/btrfs/inode.c. A local user can escalate privileges on the system.
188) Resource management error (CVE-ID: CVE-2025-38369)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idxd_cdev_evl_drain_pasid() function in drivers/dma/idxd/cdev.c. A local user can perform a denial of service (DoS) attack.
189) NULL pointer dereference (CVE-ID: CVE-2025-38371)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_hub_irq(), v3d_irq_init() and v3d_irq_disable() functions in drivers/gpu/drm/v3d/v3d_irq.c, within the v3d_reset() function in drivers/gpu/drm/v3d/v3d_gem.c. A local user can perform a denial of service (DoS) attack.
190) Improper locking (CVE-ID: CVE-2025-38373)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_ib_revoke_data_direct_mrs(), mlx5_revoke_mr() and __mlx5_ib_dereg_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
191) Out-of-bounds read (CVE-ID: CVE-2025-38375)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mergeable_ctx_to_truesize(), virtnet_get_headroom(), xdp_linearize_page(), receive_small_xdp() and mergeable_xdp_get_buf() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
192) Resource management error (CVE-ID: CVE-2025-38376)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the udc_suspend() and udc_resume() functions in drivers/usb/chipidea/udc.c. A local user can perform a denial of service (DoS) attack.
193) Use-after-free (CVE-ID: CVE-2025-38377)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_rt_device_down() function in net/rose/rose_route.c. A local user can escalate privileges on the system.
194) Out-of-bounds read (CVE-ID: CVE-2025-38380)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amd_i2c_dw_xfer_quirk() function in drivers/i2c/busses/i2c-designware-master.c. A local user can perform a denial of service (DoS) attack.
195) Infinite loop (CVE-ID: CVE-2025-38382)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
196) Memory leak (CVE-ID: CVE-2025-38384)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spinand_cleanup() function in drivers/mtd/nand/spi/core.c. A local user can perform a denial of service (DoS) attack.
197) Improper locking (CVE-ID: CVE-2025-38385)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.
198) Use-after-free (CVE-ID: CVE-2025-38386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.
199) NULL pointer dereference (CVE-ID: CVE-2025-38387)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subscribe_event_xa_alloc() function in drivers/infiniband/hw/mlx5/devx.c. A local user can perform a denial of service (DoS) attack.
200) Resource management error (CVE-ID: CVE-2025-38389)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ring_context_alloc() function in drivers/gpu/drm/i915/gt/intel_ring_submission.c. A local user can perform a denial of service (DoS) attack.
201) Out-of-bounds read (CVE-ID: CVE-2025-38391)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pin_assignment_show() function in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
202) Use-after-free (CVE-ID: CVE-2025-38392)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the idpf_alloc_dma_mem() and idpf_free_dma_mem() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c, within the idpf_ctlq_init_rxq_bufs(), idpf_ctlq_shutdown(), idpf_ctlq_add(), idpf_ctlq_send(), idpf_ctlq_clean_sq(), idpf_ctlq_post_rx_buffs(), wr32() and idpf_ctlq_recv() functions in drivers/net/ethernet/intel/idpf/idpf_controlq.c. A local user can escalate privileges on the system.
203) Improper locking (CVE-ID: CVE-2025-38393)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_layoutget_begin() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
204) Out-of-bounds read (CVE-ID: CVE-2025-38395)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gpio_regulator_probe() function in drivers/regulator/gpio-regulator.c. A local user can perform a denial of service (DoS) attack.
205) Buffer overflow (CVE-ID: CVE-2025-38396)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the secretmem_file_create() function in mm/secretmem.c, within the anon_inode_make_secure_inode() and __anon_inode_getfile() functions in fs/anon_inodes.c. A local user can perform a denial of service (DoS) attack.
206) NULL pointer dereference (CVE-ID: CVE-2025-38399)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kmem_cache_free() function in drivers/target/target_core_pr.c. A local user can perform a denial of service (DoS) attack.
207) Memory leak (CVE-ID: CVE-2025-38400)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
208) Buffer overflow (CVE-ID: CVE-2025-38401)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the msdc_prepare_data() and msdc_ops_request() functions in drivers/mmc/host/mtk-sd.c. A local user can escalate privileges on the system.
209) Use of uninitialized resource (CVE-ID: CVE-2025-38403)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the vmci_transport_packet_init() function in net/vmw_vsock/vmci_transport.c. A local user can perform a denial of service (DoS) attack.
210) Improper locking (CVE-ID: CVE-2025-38404)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dp_altmode_vdm() function in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
211) Input validation error (CVE-ID: CVE-2025-38406)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath6kl_bmi_get_target_info() function in drivers/net/wireless/ath/ath6kl/bmi.c. A local user can perform a denial of service (DoS) attack.
212) Memory leak (CVE-ID: CVE-2025-38409)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the msm_ioctl_gem_submit() and mutex_unlock() functions in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
213) Memory leak (CVE-ID: CVE-2025-38410)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __msm_gem_submit_destroy() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
214) Input validation error (CVE-ID: CVE-2025-38412)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_bios_attributes() function in drivers/platform/x86/dell/dell-wmi-sysman/sysman.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c, within the is_enabled_show() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c. A local user can perform a denial of service (DoS) attack.
215) Input validation error (CVE-ID: CVE-2025-38414)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_pci_enable_ltssm() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
216) Out-of-bounds read (CVE-ID: CVE-2025-38415)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the squashfs_fill_super() function in fs/squashfs/super.c. A local user can perform a denial of service (DoS) attack.
217) Input validation error (CVE-ID: CVE-2025-38416)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_uart_set_driver() function in net/nfc/nci/uart.c. A local user can perform a denial of service (DoS) attack.
218) Memory leak (CVE-ID: CVE-2025-38417)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ice_eswitch_attach_vf() function in drivers/net/ethernet/intel/ice/ice_eswitch.c. A local user can perform a denial of service (DoS) attack.
219) NULL pointer dereference (CVE-ID: CVE-2025-38420)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the carl9170_usb_rx_complete() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
220) Buffer overflow (CVE-ID: CVE-2025-38424)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the do_exit() function in kernel/exit.c, within the perf_sample_ustack_size() and perf_callchain() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
221) Input validation error (CVE-ID: CVE-2025-38425)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_i2c_xfer() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.
222) Input validation error (CVE-ID: CVE-2025-38426)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the amdgpu_ras_eeprom_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c. A local user can perform a denial of service (DoS) attack.
223) Resource management error (CVE-ID: CVE-2025-38427)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_RES_MEM() and screen_info_apply_fixups() functions in drivers/video/screen_info_pci.c. A local user can perform a denial of service (DoS) attack.
224) Buffer overflow (CVE-ID: CVE-2025-38428)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ims_pcu_flash_firmware() function in drivers/input/misc/ims-pcu.c. A local user can escalate privileges on the system.
225) Use of uninitialized resource (CVE-ID: CVE-2025-38429)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mhi_ep_ring_add_element() function in drivers/bus/mhi/ep/ring.c. A local user can perform a denial of service (DoS) attack.
226) Input validation error (CVE-ID: CVE-2025-38430)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_spo_must_allow() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
227) Input validation error (CVE-ID: CVE-2025-38436)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drm_sched_entity_kill_jobs_work() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
228) Use-after-free (CVE-ID: CVE-2025-38443)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_start_device() and set_bit() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
229) Improper locking (CVE-ID: CVE-2025-38448)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __acquires() and gs_start_io() functions in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
230) Improper locking (CVE-ID: CVE-2025-38449)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_gem_fb_destroy() and drm_gem_fb_init_with_funcs() functions in drivers/gpu/drm/drm_gem_framebuffer_helper.c, within the drm_gem_private_object_fini(), drm_gem_object_exported_dma_buf_free(), drm_gem_object_handle_put_unlocked() and drm_gem_handle_create_tail() functions in drivers/gpu/drm/drm_gem.c. A local user can perform a denial of service (DoS) attack.
231) Buffer overflow (CVE-ID: CVE-2025-38453)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_msg_tw_complete() and io_msg_remote_post() functions in io_uring/msg_ring.c. A local user can perform a denial of service (DoS) attack.
232) Input validation error (CVE-ID: CVE-2025-38455)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sev_check_source_vcpus() function in arch/x86/kvm/svm/sev.c. A local user can perform a denial of service (DoS) attack.
233) Improper error handling (CVE-ID: CVE-2025-38457)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qdisc_leaf(), tc_get_qdisc() and NL_SET_ERR_MSG() functions in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
234) NULL pointer dereference (CVE-ID: CVE-2025-38460)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the DEFINE_MUTEX(), to_atmarpd(), atmarpd_close() and atm_init_atmarp() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
235) Improper locking (CVE-ID: CVE-2025-38461)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL() and vsock_assign_transport() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
236) NULL pointer dereference (CVE-ID: CVE-2025-38462)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vsock_assign_transport() and vsock_dev_do_ioctl() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
237) Buffer overflow (CVE-ID: CVE-2025-38463)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the net/ipv4/tcp.c. A local user can escalate privileges on the system.
238) Buffer overflow (CVE-ID: CVE-2025-38465)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netlink_skb_set_owner_r(), netlink_alloc_large_skb(), netlink_unicast_kernel(), EXPORT_SYMBOL_GPL() and netlink_dump() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
239) NULL pointer dereference (CVE-ID: CVE-2025-38467)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the decon_irq_handler() function in drivers/gpu/drm/exynos/exynos7_drm_decon.c. A local user can perform a denial of service (DoS) attack.
240) NULL pointer dereference (CVE-ID: CVE-2025-38468)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the htb_lookup_leaf() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
241) Memory leak (CVE-ID: CVE-2025-38470)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __vlan_device_event() and vlan_device_event() functions in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
242) Use-after-free (CVE-ID: CVE-2025-38471)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_strp_read_sock() function in net/tls/tls_strp.c. A local user can escalate privileges on the system.
243) Use-after-free (CVE-ID: CVE-2025-38473)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_resume_cb() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
244) Input validation error (CVE-ID: CVE-2025-38474)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sierra_net_bind() function in drivers/net/usb/sierra_net.c. A local user can perform a denial of service (DoS) attack.
245) Use-after-free (CVE-ID: CVE-2025-38475)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() and smc_destruct() functions in net/smc/af_smc.c. A local user can escalate privileges on the system.
246) Use-after-free (CVE-ID: CVE-2025-38476)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpl_do_srh_inline() function in net/ipv6/rpl_iptunnel.c. A local user can escalate privileges on the system.
247) Use-after-free (CVE-ID: CVE-2025-38477)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qfq_change_class(), qfq_delete_class(), qfq_dump_class() and qfq_dump_class_stats() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
248) Use of uninitialized resource (CVE-ID: CVE-2025-38478)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_insnlist_ioctl() and do_insn_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
249) Use of uninitialized resource (CVE-ID: CVE-2025-38480)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the insn_rw_emulate_bits() function in drivers/comedi/drivers.c. A local user can perform a denial of service (DoS) attack.
250) Resource management error (CVE-ID: CVE-2025-38481)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_insnlist_len(), comedi_unlocked_ioctl() and compat_insnlist() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
251) Out-of-bounds read (CVE-ID: CVE-2025-38482)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das6402_attach() function in drivers/comedi/drivers/das6402.c. A local user can perform a denial of service (DoS) attack.
252) Out-of-bounds read (CVE-ID: CVE-2025-38483)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das16m1_attach() function in drivers/comedi/drivers/das16m1.c. A local user can perform a denial of service (DoS) attack.
253) Use-after-free (CVE-ID: CVE-2025-38485)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fxls8962af_buffer_predisable() function in drivers/iio/accel/fxls8962af-core.c. A local user can escalate privileges on the system.
254) NULL pointer dereference (CVE-ID: CVE-2025-38487)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() and aspeed_lpc_disable_snoop() functions in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
255) NULL pointer dereference (CVE-ID: CVE-2025-38489)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_jit_plt() function in arch/s390/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
256) Buffer overflow (CVE-ID: CVE-2025-38494)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __hid_request() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
257) Incorrect calculation (CVE-ID: CVE-2025-38495)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
258) Improper locking (CVE-ID: CVE-2025-38496)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __evict_many() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
259) Out-of-bounds read (CVE-ID: CVE-2025-38497)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the webusb_landingPage_store() and os_desc_qw_sign_store() functions in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
260) Improper privilege management (CVE-ID: CVE-2025-38498)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.
Remediation
Install update from vendor's website.