Ubuntu update for linux-realtime-6.14

1) Input validation error

EUVDB-ID: #VU113807

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38499

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper privilege management

EUVDB-ID: #VU113806

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38498

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU113253

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38415

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the squashfs_fill_super() function in fs/squashfs/super.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU113333

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38414

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath12k_pci_enable_ltssm() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU113313

Risk: High

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2025-38352

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.

Note, the vulnerability is being actively exploited in the wild against Android devices.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

6) NULL pointer dereference

EUVDB-ID: #VU112764

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38319

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper error handling

EUVDB-ID: #VU112816

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38318

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arm_ni_probe() function in drivers/perf/arm-ni.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU112822

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38317

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ath12k_write_htt_stats_type() function in drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU112765

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38316

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7996_phy_set_rxfilter() function in drivers/net/wireless/mediatek/mt76/mt7996/main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU112829

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38315

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the btintel_uefi_get_dsbr() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper locking

EUVDB-ID: #VU112789

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38314

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vp_modern_avq_done() function in drivers/virtio/virtio_pci_modern.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Double free

EUVDB-ID: #VU112815

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38313

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the fsl_mc_device_add() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU112811

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38312

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fb_find_mode_cvt() function in drivers/video/fbdev/core/fbcvt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper locking

EUVDB-ID: #VU112790

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38311

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iavf_configure(), iavf_clear_adv_rss_conf(), iavf_finish_config(), iavf_watchdog_step(), iavf_watchdog_task(), iavf_disable_vf(), iavf_reset_task(), wake_up(), iavf_adminq_task(), iavf_configure_clsflower(), iavf_open(), iavf_free_all_rx_resources(), iavf_close(), iavf_shaper_set(), iavf_shaper_del(), iavf_probe(), iavf_suspend() and iavf_remove() functions in drivers/net/ethernet/intel/iavf/iavf_main.c, within the iavf_add_fdir_ethtool() and iavf_set_adv_rss_hash_opt() functions in drivers/net/ethernet/intel/iavf/iavf_ethtool.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU112810

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38310

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sizeof() function in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU112767

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38307

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the trace_control_write() function in sound/soc/intel/avs/debugfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU112791

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38306

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drop_collected_mounts(), has_locked_children(), clone_private_mount(), __do_loopback() and do_set_group() functions in fs/namespace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU112792

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38305

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/ptp/ptp_private.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU112768

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38304

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the eir_create_scan_rsp() function in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU112809

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38303

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_set_ext_adv_data_sync() and hci_set_adv_data_sync() functions in net/bluetooth/hci_sync.c, within the eir_create_per_adv_data() and eir_create_adv_data() functions in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU112788

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38302

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the spin_unlock_irqrestore() function in block/blk-zoned.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU112769

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38301

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the zynqmp_nvmem_probe() function in drivers/nvmem/zynqmp_nvmem.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU112749

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38300

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU112770

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38299

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the SND_SOC_DAILINK_DEFS() function in sound/soc/mediatek/mt8195/mt8195-mt6359.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU112758

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38298

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL_GPL() function in drivers/edac/skx_common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU112847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38297

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the em_compute_costs() function in kernel/power/energy_model.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use of uninitialized resource

EUVDB-ID: #VU112818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38296

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the platform_profile_init() function in drivers/acpi/platform_profile.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU112846

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38295

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the meson_ddr_pmu_create() function in drivers/perf/amlogic/meson_ddr_pmu_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Input validation error

EUVDB-ID: #VU112845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38294

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath12k_mac_op_assign_vif_chanctx() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper locking

EUVDB-ID: #VU112793

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38293

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ath11k_core_halt() function in drivers/net/wireless/ath/ath11k/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU112748

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38292

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath12k_dp_rx_msdu_coalesce() function in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU112794

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38291

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ath12k_mhi_op_status_cb() function in drivers/net/wireless/ath/ath12k/mhi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper locking

EUVDB-ID: #VU112795

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38290

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ath12k_rfkill_work() and ath12k_core_halt() functions in drivers/net/wireless/ath/ath12k/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU112747

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38289

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU112844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38288

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pqi_is_parity_write_stream() and pqi_scsi_queue_command() functions in drivers/scsi/smartpqi/smartpqi_init.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU112796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38287

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cm_process_send_error() function in drivers/infiniband/core/cm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU112757

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38286

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the at91_gpio_probe() function in drivers/pinctrl/pinctrl-at91.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU112836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38285

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the get_bpf_raw_tp_regs() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource management error

EUVDB-ID: #VU112827

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38284

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the rtw89_pci_is_dac_compatible_bridge(), rtw89_pci_setup_mapping() and rtw89_pci_l2_hci_ldo() functions in drivers/net/wireless/realtek/rtw89/pci.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU112843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38283

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vf_qm_check_match(), vf_qm_load_data() and hisi_acc_vfio_pci_migrn_init_dev() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU112797

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38282

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kernfs_should_drain_open_files() function in fs/kernfs/file.c, within the kernfs_break_active_protection() function in fs/kernfs/dir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU112771

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38281

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7996_thermal_init() function in drivers/net/wireless/mediatek/mt76/mt7996/init.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Resource management error

EUVDB-ID: #VU112835

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38280

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Resource management error

EUVDB-ID: #VU112834

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38279

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the backtrack_insn() and check_cond_jmp_op() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Resource management error

EUVDB-ID: #VU112833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38278

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the otx2_qos_leaf_del_last() function in drivers/net/ethernet/marvell/octeontx2/nic/qos.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU112808

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38277

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mxic_ecc_finish_io_req_external() function in drivers/mtd/nand/ecc-mxic.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

EUVDB-ID: #VU112763

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38275

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qmp_usb_iomap() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU112772

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38274

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fpga_mgr_test_img_load_sgt() function in drivers/fpga/tests/fpga-mgr-test.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Resource management error

EUVDB-ID: #VU112832

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38272

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the b53_eee_init() and b53_support_eee() functions in drivers/net/dsa/b53/b53_common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Resource management error

EUVDB-ID: #VU112826

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38270

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nsim_poll() function in drivers/net/netdevsim/netdev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU112774

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38269

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/btrfs/extent-io-tree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper locking

EUVDB-ID: #VU112799

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38268

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcpm_queue_vdm(), tcpm_altmode_enter(), tcpm_altmode_exit(), tcpm_altmode_vdm(), tcpm_cable_altmode_enter(), tcpm_cable_altmode_exit() and tcpm_cable_altmode_vdm() functions in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Memory leak

EUVDB-ID: #VU112738

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38267

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the local_add() function in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) NULL pointer dereference

EUVDB-ID: #VU112776

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38265

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the jsm_uart_port_init() function in drivers/tty/serial/jsm/jsm_tty.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Resource management error

EUVDB-ID: #VU112251

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38176

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the binderfs_evict_inode() function in drivers/android/binderfs.c, within the HLIST_HEAD(), binder_add_device(), init_binder_device() and binder_init() functions in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Buffer overflow

EUVDB-ID: #VU112260

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38175

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the binder_free_proc() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Race condition

EUVDB-ID: #VU112258

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38174

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tb_cfg_request_dequeue() function in drivers/thunderbolt/ctl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Input validation error

EUVDB-ID: #VU112264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38173

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mv_cesa_skcipher_queue_req() function in drivers/crypto/marvell/cipher.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Use-after-free

EUVDB-ID: #VU112192

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38172

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the erofs_init_device() function in fs/erofs/super.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Resource management error

EUVDB-ID: #VU112256

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38170

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_sme_acc() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Input validation error

EUVDB-ID: #VU112265

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38169

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fpsimd_thread_switch() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper error handling

EUVDB-ID: #VU112247

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38168

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arm_ni_init_cd() and arm_ni_probe() functions in drivers/perf/arm-ni.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) NULL pointer dereference

EUVDB-ID: #VU112205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38167

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the indx_get_entry_to_replace() function in fs/ntfs3/index.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper locking

EUVDB-ID: #VU112239

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38166

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper locking

EUVDB-ID: #VU112238

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38165

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sk_psock_skb_ingress_enqueue(), sk_psock_skb_ingress(), sk_psock_skb_ingress_self() and sk_psock_verdict_apply() functions in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Buffer overflow

EUVDB-ID: #VU112262

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38164

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the f2fs_gc_range() function in fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Input validation error

EUVDB-ID: #VU112241

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38163

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Buffer overflow

EUVDB-ID: #VU112250

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38162

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the lt_calculate_size(), pipapo_resize(), pipapo_lt_bits_adjust() and pipapo_clone() functions in net/netfilter/nft_set_pipapo.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use-after-free

EUVDB-ID: #VU112191

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38161

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlx5_get_rsc(), create_resource_common() and mlx5_core_destroy_rq_tracked() functions in drivers/infiniband/hw/mlx5/qpc.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper error handling

EUVDB-ID: #VU112246

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38160

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the raspberrypi_clk_register() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Out-of-bounds read

EUVDB-ID: #VU112199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38159

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtw_coex_tdma_timer_base() function in drivers/net/wireless/realtek/rtw88/coex.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Input validation error

EUVDB-ID: #VU112266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38158

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vf_qm_func_stop(), vf_qm_check_match(), vf_qm_get_match_data() and vf_qm_read_data() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Out-of-bounds read

EUVDB-ID: #VU112198

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38157

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_swba() function in drivers/net/wireless/ath/ath9k/htc_drv_beacon.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) NULL pointer dereference

EUVDB-ID: #VU112206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38156

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7996_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7996/mmio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) NULL pointer dereference

EUVDB-ID: #VU112207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38155

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7915_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7915/mmio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper locking

EUVDB-ID: #VU112237

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38154

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sk_psock_backlog() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Improper error handling

EUVDB-ID: #VU112245

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38153

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the aqc111_read_cmd_nopm() and aqc111_read_cmd() functions in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Improper locking

EUVDB-ID: #VU112235

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38151

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cma_netevent_callback() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) NULL pointer dereference

EUVDB-ID: #VU112208

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38149

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Memory leak

EUVDB-ID: #VU112176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38148

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vsc85xx_txtstamp() function in drivers/net/phy/mscc/mscc_ptp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Memory leak

EUVDB-ID: #VU112175

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38147

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the netlbl_conn_setattr() function in net/netlabel/netlabel_kapi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Out-of-bounds read

EUVDB-ID: #VU112197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38146

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) NULL pointer dereference

EUVDB-ID: #VU112209

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38145

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() function in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) NULL pointer dereference

EUVDB-ID: #VU112211

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38143

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the wled_configure() function in drivers/video/backlight/qcom-wled.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Input validation error

EUVDB-ID: #VU112267

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38142

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the asus_ec_hwmon_read_string() function in drivers/hwmon/asus-ec-sensors.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Use-after-free

EUVDB-ID: #VU112188

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38141

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dm_blk_report_zones() and dm_revalidate_zones() functions in drivers/md/dm-zone.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Resource management error

EUVDB-ID: #VU112252

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38140

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __bind() function in drivers/md/dm.c, within the dm_revalidate_zones() and dm_set_zones_restrictions() functions in drivers/md/dm-zone.c, within the dm_table_has_no_data_devices(), dm_table_supports_atomic_writes() and dm_table_set_restrictions() functions in drivers/md/dm-table.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Out-of-bounds read

EUVDB-ID: #VU112196

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38139

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the netfs_retry_write_stream() function in fs/netfs/write_retry.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) NULL pointer dereference

EUVDB-ID: #VU112201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38138

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the udma_probe() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Use-after-free

EUVDB-ID: #VU112186

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38137

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in drivers/pci/pwrctrl/core.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Use of uninitialized resource

EUVDB-ID: #VU112248

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38136

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the usbhs_probe() and usbhs_fifo_remove() functions in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) NULL pointer dereference

EUVDB-ID: #VU112212

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38135

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlb_usio_probe() function in drivers/tty/serial/milbeaut_usio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU112213

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38134

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_acpi_add_usb4_devlink() function in drivers/usb/core/usb-acpi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Improper locking

EUVDB-ID: #VU112233

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38132

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cscfg_remove_owned_csdev_configs() function in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Use-after-free

EUVDB-ID: #VU112185

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38131

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), _cscfg_activate_config(), _cscfg_deactivate_config(), cscfg_csdev_enable_active_config() and cscfg_csdev_disable_active_config() functions in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) NULL pointer dereference

EUVDB-ID: #VU112215

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38130

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drm_connector_hdmi_audio_hook_plugged_cb() function in drivers/gpu/drm/display/drm_hdmi_audio_helper.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Use-after-free

EUVDB-ID: #VU112184

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38129

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the page_pool_ethtool_stats_get(), page_pool_return_page() and page_pool_scrub() functions in net/core/page_pool.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Buffer overflow

EUVDB-ID: #VU112261

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38128

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mgmt_hci_cmd_sync() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper locking

EUVDB-ID: #VU112232

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38127

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ice_map_xdp_rings(), ice_prepare_xdp_rings(), mutex_unlock(), ice_destroy_xdp_rings() and ice_xdp_setup_prog() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Improper error handling

EUVDB-ID: #VU112244

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38126

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the stmmac_ptp_register() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c, within the stmmac_init_tstamp_counter() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Input validation error

EUVDB-ID: #VU112268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38125

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Improper locking

EUVDB-ID: #VU112230

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38124

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) NULL pointer dereference

EUVDB-ID: #VU112216

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38123

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the t7xx_ccmni_wwan_newlink(), t7xx_ccmni_wwan_dellink(), t7xx_ccmni_recv_skb(), t7xx_ccmni_queue_tx_irq_notify() and t7xx_ccmni_queue_state_notify() functions in drivers/net/wwan/t7xx/t7xx_netdev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) NULL pointer dereference

EUVDB-ID: #VU112217

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38122

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gve_tx_add_skb_dqo() function in drivers/net/ethernet/google/gve/gve_tx_dqo.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Memory leak

EUVDB-ID: #VU112173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38120

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_pipapo_avx2_estimate() and nft_pipapo_avx2_lookup() functions in net/netfilter/nft_set_pipapo_avx2.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper locking

EUVDB-ID: #VU112229

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38119

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ufshcd_err_handler() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Use-after-free

EUVDB-ID: #VU112183

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38118

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mgmt_adv_monitor_added(), __add_adv_patterns_monitor(), mgmt_remove_adv_monitor_complete() and remove_adv_monitor() functions in net/bluetooth/mgmt.c, within the hci_free_adv_monitor() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper locking

EUVDB-ID: #VU112228

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38117

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mgmt_cmd_complete(), mgmt_pending_new(), mgmt_pending_add() and mgmt_pending_free() functions in net/bluetooth/mgmt_util.c, within the settings_rsp(), cmd_complete_rsp(), mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_le_complete(), set_mesh_complete(), mgmt_class_complete(), pairing_complete(), mgmt_add_adv_patterns_monitor_complete(), mgmt_remove_adv_monitor_complete(), start_discovery_complete(), stop_discovery_complete(), set_advertising_complete(), set_bredr_complete(), set_secure_conn_complete(), get_conn_info_complete(), get_clock_info_complete(), add_advertising_complete(), add_ext_adv_params_complete(), add_ext_adv_data_complete(), remove_advertising_complete(), mgmt_index_removed(), mgmt_power_on(), __mgmt_power_off(), unpair_device_rsp(), mgmt_disconnect_failed(), mgmt_auth_enable_complete() and mgmt_set_class_of_dev_complete() functions in net/bluetooth/mgmt.c, within the hci_alloc_dev_priv() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Use-after-free

EUVDB-ID: #VU112182

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38116

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath12k_core_init() function in drivers/net/wireless/ath/ath12k/core.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Input validation error

EUVDB-ID: #VU112263

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38115

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper locking

EUVDB-ID: #VU112227

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38114

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the e1000_down_and_stop() and e1000_remove() functions in drivers/net/ethernet/intel/e1000/e1000_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) NULL pointer dereference

EUVDB-ID: #VU112219

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38113

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cppc_allow_fast_switch() function in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) NULL pointer dereference

EUVDB-ID: #VU112220

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38112

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Out-of-bounds read

EUVDB-ID: #VU112195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38111

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __mdiobus_read() and __mdiobus_write() functions in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Out-of-bounds write

EUVDB-ID: #VU112259

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38110

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the __mdiobus_c45_read() and __mdiobus_c45_write() functions in drivers/net/phy/mdio_bus.c. A local user can execute arbitrary code.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Use-after-free

EUVDB-ID: #VU112180

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38109

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlx5_eswitch_enable_pf_vf_vports() and mlx5_eswitch_disable_pf_vf_vports() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Improper locking

EUVDB-ID: #VU112225

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38108

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __red_change() function in net/sched/sch_red.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Integer underflow

EUVDB-ID: #VU112249

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38107

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can execute arbitrary code.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Use-after-free

EUVDB-ID: #VU112178

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38106

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the io_sq_thread() and io_sq_offload_create() functions in io_uring/sqpoll.c, within the __io_uring_show_fdinfo() function in io_uring/fdinfo.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Input validation error

EUVDB-ID: #VU112269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38105

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_usbmidi_free() and snd_usbmidi_disconnect() functions in sound/usb/midi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Out-of-bounds read

EUVDB-ID: #VU112193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38103

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Double free

EUVDB-ID: #VU112243

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38102

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the drv_cp_harray_to_user() and vmci_host_setup_notify() functions in drivers/misc/vmw_vmci/vmci_host.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Improper locking

EUVDB-ID: #VU112224

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38101

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ring_buffer_subbuf_order_set() and atomic_dec() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Memory leak

EUVDB-ID: #VU112172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38100

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the copy_thread() and native_tss_update_io_bitmap() functions in arch/x86/kernel/process.c, within the io_bitmap_share(), io_bitmap_exit() and SYSCALL_DEFINE1() functions in arch/x86/kernel/ioport.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Improper locking

EUVDB-ID: #VU112223

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38099

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_cc_read_buffer_size() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Input validation error

EUVDB-ID: #VU112270

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38098

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pre_validate_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c, within the create_validate_stream_for_sink(), amdgpu_dm_connector_mode_valid() and dm_update_crtc_state() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Memory leak

EUVDB-ID: #VU112169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38097

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __xfrm_state_delete() function in net/xfrm/xfrm_state.c, within the esp_ssg_unref(), esp6_find_tcp_sk(), esp_output_tcp_finish() and esp6_output_tcp_encap() functions in net/ipv6/esp6.c, within the esp_ssg_unref(), esp_find_tcp_sk(), esp_output_tcp_finish() and esp_output_tcp_encap() functions in net/ipv4/esp4.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Resource management error

EUVDB-ID: #VU112254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38096

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the IWL_EXPORT_SYMBOL() function in drivers/net/wireless/intel/iwlwifi/iwl-trans.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) NULL pointer dereference

EUVDB-ID: #VU112117

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38092

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the opinfo_get_list() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Resource management error

EUVDB-ID: #VU112122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38091

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the populate_dml21_plane_config_from_plane_state(), dml21_wrapper_get_plane_id(), map_stream_to_dml21_display_cfg() and dml21_map_dc_state_into_dml_display_cfg() functions in drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Out-of-bounds read

EUVDB-ID: #VU112116

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38088

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the memtrace_read() function in arch/powerpc/platforms/powernv/memtrace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Out-of-bounds read

EUVDB-ID: #VU111492

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38082

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the gpio_virtuser_direction_do_write() and gpio_virtuser_consumer_write() functions in drivers/gpio/gpio-virtuser.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Out-of-bounds read

EUVDB-ID: #VU111491

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38081

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rockchip_spi_config() function in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Buffer overflow

EUVDB-ID: #VU111662

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38080

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/gpu/drm/amd/display/dc/inc/core_types.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Use-after-free

EUVDB-ID: #VU111459

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38079

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Use-after-free

EUVDB-ID: #VU111460

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38078

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_pcm_buffer_access_unlock() function in sound/core/pcm_native.c, within the snd_pcm_oss_change_params_locked() function in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Buffer overflow

EUVDB-ID: #VU111636

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38077

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the current_password_store() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Use-after-free

EUVDB-ID: #VU111461

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38076

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the codetag_module_init() and codetag_unload_module() functions in lib/codetag.c, within the needs_section_mem(), clean_unused_module_areas_locked(), release_module_tags(), mas_unlock() and alloc_tag_init() functions in lib/alloc_tag.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) NULL pointer dereference

EUVDB-ID: #VU111547

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38075

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Use-after-free

EUVDB-ID: #VU111536

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38074

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Improper locking

EUVDB-ID: #VU111597

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38073

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the blk_ioctl_discard(), blk_finish_plug(), blk_ioctl_secure_erase() and blk_ioctl_zeroout() functions in block/ioctl.c, within the blkdev_write_iter(), blkdev_read_iter() and blkdev_fallocate() functions in block/fops.c, within the blkdev_zone_mgmt_ioctl() function in block/blk-zoned.c, within the set_blocksize() function in block/bdev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Division by zero

EUVDB-ID: #VU111639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38072

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the nd_label_data_init() function in drivers/nvdimm/label.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Use-after-free

EUVDB-ID: #VU111462

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38071

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) NULL pointer dereference

EUVDB-ID: #VU111548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38070

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sma1307_setting_loaded() function in sound/soc/codecs/sma1307.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Use-after-free

EUVDB-ID: #VU111463

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38069

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_epf_test_set_bar() and pci_epf_test_free_space() functions in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can escalate privileges on the system.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Buffer overflow

EUVDB-ID: #VU111661

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38068

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the lzo1x_1_do_compress() and lzogeneric1x_1_compress() functions in lib/lzo/lzo1x_compress.c, within the obj-$() function in lib/lzo/Makefile, within the __lzo_compress() function in crypto/lzo.c, within the __lzorle_compress() function in crypto/lzo-rle.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Input validation error

EUVDB-ID: #VU111703

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38067

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rseq_get_rseq_cs_ptr_val(), rseq_get_rseq_cs(), rseq_need_restart(), clear_rseq_cs(), rseq_ip_fixup() and SYSCALL_DEFINE4() functions in kernel/rseq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Improper locking

EUVDB-ID: #VU111598

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38066

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-realtime-6.14 to the latest version.

Ubuntu: 24.04

linux-realtime-6.14 (Ubuntu package): before 6.14.0-1012.12~24.04.1

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-realtime-6_14_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7769-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Input validation error