SB20250918122 - SUSE update for the Linux Kernel
Published: September 18, 2025 Updated: November 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 98 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2023-3867)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the KSMBD implementation in the Linux kernel. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
2) Input validation error (CVE-ID: CVE-2023-4130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2023-4515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ksmbd_smb2_check_message() function in fs/ksmbd/smb2misc.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2024-26661)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn21_set_abm_immediate_disable() function in drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c. A local user can perform a denial of service (DoS) attack.
5) Memory leak (CVE-ID: CVE-2024-46733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
6) Buffer overflow (CVE-ID: CVE-2024-49996)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.
7) Resource management error (CVE-ID: CVE-2024-58238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ps_start_timer(), ps_control(), ps_setup(), nxp_dequeue() and btnxpuart_tx_work() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
8) Infinite loop (CVE-ID: CVE-2024-58239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the tls_sw_recvmsg() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2025-37885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
10) Input validation error (CVE-ID: CVE-2025-38006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_dump_addrinfo() function in net/mctp/device.c. A local user can perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2025-38075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.
12) Out-of-bounds read (CVE-ID: CVE-2025-38103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
13) Input validation error (CVE-ID: CVE-2025-38125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.
14) Out-of-bounds read (CVE-ID: CVE-2025-38146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.
15) Improper error handling (CVE-ID: CVE-2025-38160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the raspberrypi_clk_register() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2025-38184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
17) Memory leak (CVE-ID: CVE-2025-38185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atmtcp_c_send() function in drivers/atm/atmtcp.c. A local user can perform a denial of service (DoS) attack.
18) Memory leak (CVE-ID: CVE-2025-38190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_pop_raw() function in net/atm/raw.c, within the vcc_sendmsg() function in net/atm/common.c. A local user can perform a denial of service (DoS) attack.
19) Buffer overflow (CVE-ID: CVE-2025-38201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
20) Division by zero (CVE-ID: CVE-2025-38205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the populate_dummy_dml_surface_cfg() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c. A local user can perform a denial of service (DoS) attack.
21) NULL pointer dereference (CVE-ID: CVE-2025-38208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the automount_fullpath() function in fs/smb/client/namespace.c. A local user can perform a denial of service (DoS) attack.
22) Incorrect calculation (CVE-ID: CVE-2025-38245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the atm_dev_deregister() function in net/atm/resources.c. A local user can perform a denial of service (DoS) attack.
23) Input validation error (CVE-ID: CVE-2025-38251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clip_push() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
24) Resource management error (CVE-ID: CVE-2025-38360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn35_calc_blocks_to_gate() and dcn35_calc_blocks_to_ungate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c. A local user can perform a denial of service (DoS) attack.
25) Resource management error (CVE-ID: CVE-2025-38439)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
26) Use of uninitialized resource (CVE-ID: CVE-2025-38441)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the include/net/netfilter/nf_flow_table.h. A local user can perform a denial of service (DoS) attack.
27) Memory leak (CVE-ID: CVE-2025-38444)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid10_read_request() and raid10_write_request() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
28) Use-after-free (CVE-ID: CVE-2025-38445)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_reshape() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
29) NULL pointer dereference (CVE-ID: CVE-2025-38458)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atmarpd_close() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
30) Improper locking (CVE-ID: CVE-2025-38459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clip_mkip() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2025-38464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_topsrv_stop() function in net/tipc/topsrv.c. A local user can escalate privileges on the system.
32) Use-after-free (CVE-ID: CVE-2025-38472)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_ct_resolve_clash_harder(), __nf_conntrack_confirm() and __nf_conntrack_insert_prepare() functions in net/netfilter/nf_conntrack_core.c. A local user can escalate privileges on the system.
33) Double free (CVE-ID: CVE-2025-38490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the wx_dma_sync_frag(), wx_put_rx_buffer() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
34) Input validation error (CVE-ID: CVE-2025-38491)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
35) Input validation error (CVE-ID: CVE-2025-38499)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
36) Use-after-free (CVE-ID: CVE-2025-38500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrmi_changelink() function in net/xfrm/xfrm_interface_core.c. A local user can escalate privileges on the system.
37) Reachable assertion (CVE-ID: CVE-2025-38503)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
38) Improper locking (CVE-ID: CVE-2025-38506)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_vm_set_mem_attributes() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
39) Improper locking (CVE-ID: CVE-2025-38510)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_task_stack_addr() and print_address_description() functions in mm/kasan/report.c. A local user can perform a denial of service (DoS) attack.
40) Input validation error (CVE-ID: CVE-2025-38512)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
41) NULL pointer dereference (CVE-ID: CVE-2025-38513)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
42) Improper locking (CVE-ID: CVE-2025-38515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/drm/spsc_queue.h. A local user can perform a denial of service (DoS) attack.
43) Input validation error (CVE-ID: CVE-2025-38516)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msm_gpio_needs_dual_edge_parent_workaround() and msm_gpio_init() functions in drivers/pinctrl/qcom/pinctrl-msm.c. A local user can perform a denial of service (DoS) attack.
44) Memory leak (CVE-ID: CVE-2025-38520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svm_range_split_head(), svm_range_split_by_granularity(), svm_range_add_list_work(), schedule_deferred_list_work(), svm_range_unmap_split(), svm_range_unmap_from_cpu() and svm_range_cpu_invalidate_pagetables() functions in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
45) Improper locking (CVE-ID: CVE-2025-38524)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_see_call() and release_sock() functions in net/rxrpc/recvmsg.c, within the rxrpc_discard_prealloc() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
46) Resource management error (CVE-ID: CVE-2025-38528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_bprintf_prepare() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
47) Out-of-bounds read (CVE-ID: CVE-2025-38529)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aio_iiro_16_attach() function in drivers/comedi/drivers/aio_iiro_16.c. A local user can perform a denial of service (DoS) attack.
48) Out-of-bounds read (CVE-ID: CVE-2025-38530)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl812_attach() function in drivers/comedi/drivers/pcl812.c. A local user can perform a denial of service (DoS) attack.
49) Use of uninitialized resource (CVE-ID: CVE-2025-38531)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the st_sensors_allocate_trigger() function in drivers/iio/common/st_sensors/st_sensors_trigger.c, within the st_sensors_set_fullscale(), st_sensors_power_enable(), EXPORT_SYMBOL_NS(), st_sensors_set_drdy_int_pin() and st_sensors_init_sensor() functions in drivers/iio/common/st_sensors/st_sensors_core.c, within the apply_acpi_orientation() function in drivers/iio/accel/st_accel_core.c. A local user can perform a denial of service (DoS) attack.
50) Resource management error (CVE-ID: CVE-2025-38535)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tegra186_xusb_padctl_vbus_override(), tegra186_xusb_padctl_id_override() and tegra186_utmi_phy_set_mode() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can perform a denial of service (DoS) attack.
51) Improper locking (CVE-ID: CVE-2025-38537)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the phy_probe() and phy_remove() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
52) Buffer overflow (CVE-ID: CVE-2025-38538)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nbpf_probe() function in drivers/dma/nbpfaxi.c. A local user can escalate privileges on the system.
53) Input validation error (CVE-ID: CVE-2025-38540)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
54) NULL pointer dereference (CVE-ID: CVE-2025-38541)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7925_thermal_init() function in drivers/net/wireless/mediatek/mt76/mt7925/init.c. A local user can perform a denial of service (DoS) attack.
55) Improper error handling (CVE-ID: CVE-2025-38543)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvdec_load_falcon_firmware() function in drivers/gpu/drm/tegra/nvdec.c. A local user can perform a denial of service (DoS) attack.
56) Memory leak (CVE-ID: CVE-2025-38546)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
57) Input validation error (CVE-ID: CVE-2025-38548)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_BITMAP(), send_usb_cmd() and ccp_raw_event() functions in drivers/hwmon/corsair-cpro.c. A local user can perform a denial of service (DoS) attack.
58) Input validation error (CVE-ID: CVE-2025-38550)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mld_del_delrec() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
59) Improper locking (CVE-ID: CVE-2025-38553)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
60) Use-after-free (CVE-ID: CVE-2025-38555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the composite_os_desc_req_prepare() function in drivers/usb/gadget/composite.c. A local user can escalate privileges on the system.
61) Input validation error (CVE-ID: CVE-2025-38560)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the early_set_pages_state() function in arch/x86/kernel/sev.c, within the setup_cpuid_table() and pvalidate_pages() functions in arch/x86/kernel/sev-shared.c, within the get_cpuflags() function in arch/x86/boot/cpuflags.c, within the __page_state_change() function in arch/x86/boot/compressed/sev.c. A local user can perform a denial of service (DoS) attack.
62) Memory leak (CVE-ID: CVE-2025-38563)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
63) Memory leak (CVE-ID: CVE-2025-38565)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() and vm_flags_set() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
64) Resource management error (CVE-ID: CVE-2025-38566)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
65) Out-of-bounds read (CVE-ID: CVE-2025-38568)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mqprio_parse_opt() function in net/sched/sch_mqprio.c. A local user can perform a denial of service (DoS) attack.
66) Incorrect calculation (CVE-ID: CVE-2025-38571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the xs_alloc_sparse_pages(), xs_sock_process_cmsg(), xs_sock_recvmsg() and xs_read_discard() functions in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
67) Integer overflow (CVE-ID: CVE-2025-38572)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
68) Infinite loop (CVE-ID: CVE-2025-38576)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the eeh_bridge_check_link() function in arch/powerpc/kernel/eeh_pe.c, within the eeh_pe_report_edev(), eeh_pe_report(), eeh_dev_restore_state(), eeh_reset_device(), eeh_handle_normal_event(), eeh_pe_state_clear(), eeh_clear_slot_attention() and eeh_handle_special_event() functions in arch/powerpc/kernel/eeh_driver.c. A local user can perform a denial of service (DoS) attack.
69) NULL pointer dereference (CVE-ID: CVE-2025-38581)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ccp5_debugfs_setup() function in drivers/crypto/ccp/ccp-debugfs.c. A local user can perform a denial of service (DoS) attack.
70) Buffer overflow (CVE-ID: CVE-2025-38582)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hns_roce_setup_hca() and hns_roce_init() functions in drivers/infiniband/hw/hns/hns_roce_main.c, within the hns_roce_v2_init() and __hns_roce_hw_v2_init_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
71) NULL pointer dereference (CVE-ID: CVE-2025-38583)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xvcu_unregister_clock_provider() function in drivers/clk/xilinx/xlnx_vcu.c. A local user can perform a denial of service (DoS) attack.
72) Buffer overflow (CVE-ID: CVE-2025-38585)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the gmin_get_config_var() function in drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c. A local user can escalate privileges on the system.
73) Infinite loop (CVE-ID: CVE-2025-38587)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fib6_info_uses_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
74) Infinite loop (CVE-ID: CVE-2025-38588)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rt6_nh_nlmsg_size() function in net/ipv6/route.c, within the WRITE_ONCE() and fib6_del_route() functions in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
75) Resource management error (CVE-ID: CVE-2025-38591)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_skb_is_valid_access(), sock_addr_is_valid_access(), sock_ops_is_valid_access(), sk_msg_is_valid_access() and sk_lookup_is_valid_access() functions in net/core/filter.c, within the cg_sockopt_is_valid_access() function in kernel/bpf/cgroup.c. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-38601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in drivers/net/wireless/ath/ath11k/hal.c. A local user can perform a denial of service (DoS) attack.
77) NULL pointer dereference (CVE-ID: CVE-2025-38602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
78) NULL pointer dereference (CVE-ID: CVE-2025-38604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl8187_stop() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can perform a denial of service (DoS) attack.
79) Use of uninitialized resource (CVE-ID: CVE-2025-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
80) NULL pointer dereference (CVE-ID: CVE-2025-38609)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devfreq_remove_governor() function in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
81) NULL pointer dereference (CVE-ID: CVE-2025-38610)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_pd_power_uw() function in drivers/powercap/dtpm_cpu.c. A local user can perform a denial of service (DoS) attack.
82) Memory leak (CVE-ID: CVE-2025-38612)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fbtft_framebuffer_alloc() function in drivers/staging/fbtft/fbtft-core.c. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2025-38617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the packet_set_ring() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
84) Use-after-free (CVE-ID: CVE-2025-38618)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
85) NULL pointer dereference (CVE-ID: CVE-2025-38621)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rdev_is_spare() and rdev_addable() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
86) Memory leak (CVE-ID: CVE-2025-38624)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
87) NULL pointer dereference (CVE-ID: CVE-2025-38630)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imxfb_probe() function in drivers/video/fbdev/imxfb.c. A local user can perform a denial of service (DoS) attack.
88) NULL pointer dereference (CVE-ID: CVE-2025-38632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pin_free() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
89) NULL pointer dereference (CVE-ID: CVE-2025-38634)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpcap_usb_detect() function in drivers/power/supply/cpcap-charger.c. A local user can perform a denial of service (DoS) attack.
90) NULL pointer dereference (CVE-ID: CVE-2025-38635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the davinci_lpsc_clk_register() function in drivers/clk/davinci/psc.c. A local user can perform a denial of service (DoS) attack.
91) Use of uninitialized resource (CVE-ID: CVE-2025-38644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.
92) NULL pointer dereference (CVE-ID: CVE-2025-38646)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_core_cancel_6ghz_probe_tx() function in drivers/net/wireless/realtek/rtw89/core.c. A local user can perform a denial of service (DoS) attack.
93) Improper locking (CVE-ID: CVE-2025-38650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_free_extents() function in fs/hfsplus/extents.c. A local user can perform a denial of service (DoS) attack.
94) Use-after-free (CVE-ID: CVE-2025-38656)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iwl_op_mode_dvm_start() function in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can escalate privileges on the system.
95) Input validation error (CVE-ID: CVE-2025-38663)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nilfs_read_inode() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
96) NULL pointer dereference (CVE-ID: CVE-2025-38665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_changelink() function in drivers/net/can/dev/netlink.c, within the can_change_state(), can_restart() and can_restart_now() functions in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
97) Improper error handling (CVE-ID: CVE-2025-38670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_END(), SYM_FUNC_START() and NOKPROBE() functions in arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
98) Infinite loop (CVE-ID: CVE-2025-38671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the qup_i2c_bus_active() function in drivers/i2c/busses/i2c-qup.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.