SB2025101634 - SUSE update for the Linux Kernel
Published: October 16, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 183 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2022-36280)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
2) Buffer overflow (CVE-ID: CVE-2022-43945)
The vulnerability allows a remote attacker to perform a denial of service attacl.
The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2022-49975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __dev_queue_xmit() function in net/core/dev.c, within the convert___skb_to_skb() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2022-50233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the append_eir_data_to_buf() function in net/bluetooth/mgmt.c, within the eir_append_name(), eir_append_local_name() and eir_create() functions in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
5) Buffer overflow (CVE-ID: CVE-2022-50235)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfsd_init_dirlist_pages() function in fs/nfsd/nfsproc.c. A local user can escalate privileges on the system.
6) Memory leak (CVE-ID: CVE-2022-50242)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qlcnic_sriov_init() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c. A local user can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2022-50244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_init_afu() and cxl_pci_init_adapter() functions in drivers/misc/cxl/pci.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2022-50252)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igb_alloc_q_vector() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.
9) Reachable assertion (CVE-ID: CVE-2022-50253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __bpf_redirect_no_mac() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
10) Memory leak (CVE-ID: CVE-2022-50257)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gntdev_map_grant_pages() and __unmap_grant_pages_done() functions in drivers/xen/gntdev.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2022-50258)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the brcmf_c_preinit_dcmds() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c. A local user can perform a denial of service (DoS) attack.
12) Improper locking (CVE-ID: CVE-2022-50265)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kcm_rcv_ready(), kcm_rfree(), requeue_rx_msgs(), reserve_rx_kcm(), kcm_recv_disable() and kcm_done() functions in net/kcm/kcmsock.c. A local user can perform a denial of service (DoS) attack.
13) NULL pointer dereference (CVE-ID: CVE-2022-50266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kill_kprobe() function in kernel/kprobes.c. A local user can perform a denial of service (DoS) attack.
14) Buffer overflow (CVE-ID: CVE-2022-50271)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the EXPORT_SYMBOL_GPL() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2022-50272)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the az6027_i2c_xfer() function in drivers/media/usb/dvb-usb/az6027.c. A local user can perform a denial of service (DoS) attack.
16) Memory leak (CVE-ID: CVE-2022-50278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnp_alloc_dev() function in drivers/pnp/core.c. A local user can perform a denial of service (DoS) attack.
17) Improper error handling (CVE-ID: CVE-2022-50282)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the cdev_device_add() function in fs/char_dev.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2022-50285)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
19) Memory leak (CVE-ID: CVE-2022-50288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qlcnic_probe() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c. A local user can perform a denial of service (DoS) attack.
20) Memory leak (CVE-ID: CVE-2022-50289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ocfs2_stack_glue_init() function in fs/ocfs2/stackglue.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2022-50291)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kcm_rfree(), reserve_rx_kcm() and unreserve_rx_kcm() functions in net/kcm/kcmsock.c. A local user can perform a denial of service (DoS) attack.
22) Memory leak (CVE-ID: CVE-2022-50294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_init_adapter() function in drivers/net/wireless/marvell/libertas/main.c. A local user can perform a denial of service (DoS) attack.
23) Resource management error (CVE-ID: CVE-2022-50297)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the send_eject_command() function in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.
24) Resource management error (CVE-ID: CVE-2022-50299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dump_zones() function in drivers/md/raid0.c. A local user can perform a denial of service (DoS) attack.
25) Memory leak (CVE-ID: CVE-2022-50304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the init_mtd() function in drivers/mtd/mtdcore.c. A local user can perform a denial of service (DoS) attack.
26) Memory leak (CVE-ID: CVE-2022-50311)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cxl_calc_capp_routing() function in drivers/misc/cxl/pci.c. A local user can perform a denial of service (DoS) attack.
27) Memory leak (CVE-ID: CVE-2022-50312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the jsm_probe_one() function in drivers/tty/serial/jsm/jsm_driver.c. A local user can perform a denial of service (DoS) attack.
28) Memory leak (CVE-ID: CVE-2022-50321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the brcmf_netdev_start_xmit() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can perform a denial of service (DoS) attack.
29) Integer overflow (CVE-ID: CVE-2022-50330)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the cpt_ucode_load_fw() function in drivers/crypto/cavium/cpt/cptpf_main.c. A local user can execute arbitrary code.
30) NULL pointer dereference (CVE-ID: CVE-2022-50344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_write_info() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
31) Resource management error (CVE-ID: CVE-2022-50346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ext4_rename() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
32) Memory leak (CVE-ID: CVE-2022-50349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tifm_7xx1_switch_media() function in drivers/misc/tifm_7xx1.c. A local user can perform a denial of service (DoS) attack.
33) Memory leak (CVE-ID: CVE-2022-50351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_create() function in fs/cifs/dir.c. A local user can perform a denial of service (DoS) attack.
34) Memory leak (CVE-ID: CVE-2022-50352)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hnae_ae_register() function in drivers/net/ethernet/hisilicon/hns/hnae.c. A local user can perform a denial of service (DoS) attack.
35) NULL pointer dereference (CVE-ID: CVE-2022-50359)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the queue_setup() and buffer_prepare() functions in drivers/media/pci/cx88/cx88-video.c. A local user can perform a denial of service (DoS) attack.
36) Improper error handling (CVE-ID: CVE-2022-50365)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __pskb_pull_tail() function in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
37) Memory leak (CVE-ID: CVE-2022-50372)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the SMB2_sess_auth_rawntlmssp_negotiate() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
38) Incorrect calculation (CVE-ID: CVE-2022-50375)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the lpuart_dma_shutdown() function in drivers/tty/serial/fsl_lpuart.c. A local user can perform a denial of service (DoS) attack.
39) NULL pointer dereference (CVE-ID: CVE-2022-50381)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the md_end_flush() and super_written() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
40) Input validation error (CVE-ID: CVE-2022-50385)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_d_automount() function in fs/nfs/namespace.c. A local user can perform a denial of service (DoS) attack.
41) Use-after-free (CVE-ID: CVE-2022-50386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_connect_create_rsp() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
42) Memory leak (CVE-ID: CVE-2022-50389)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the crb_acpi_add() function in drivers/char/tpm/tpm_crb.c. A local user can perform a denial of service (DoS) attack.
43) Memory leak (CVE-ID: CVE-2022-50396)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcindex_set_parms() function in net/sched/cls_tcindex.c. A local user can perform a denial of service (DoS) attack.
44) Use-after-free (CVE-ID: CVE-2022-50401)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the setup_callback_client() function in fs/nfsd/nfs4callback.c. A local user can escalate privileges on the system.
45) NULL pointer dereference (CVE-ID: CVE-2022-50402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the md_bitmap_resize() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
46) NULL pointer dereference (CVE-ID: CVE-2022-50405)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in net/ipv4/udp_tunnel.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2022-50406)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iomap_writepage_map() function in fs/iomap/buffered-io.c. A local user can perform a denial of service (DoS) attack.
48) Use-after-free (CVE-ID: CVE-2022-50408)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_netdev_start_xmit() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can escalate privileges on the system.
49) NULL pointer dereference (CVE-ID: CVE-2022-50409)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sk_stream_wait_memory() function in net/core/stream.c. A local user can perform a denial of service (DoS) attack.
50) Buffer overflow (CVE-ID: CVE-2022-50410)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfsd_proc_read() function in fs/nfsd/nfsproc.c. A local user can escalate privileges on the system.
51) Use-after-free (CVE-ID: CVE-2022-50411)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.
52) Resource management error (CVE-ID: CVE-2022-50414)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fcoe_init() function in drivers/scsi/fcoe/fcoe.c. A local user can perform a denial of service (DoS) attack.
53) Improper error handling (CVE-ID: CVE-2022-50419)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the hci_conn_add_sysfs() function in net/bluetooth/hci_sysfs.c. A local user can perform a denial of service (DoS) attack.
54) Use-after-free (CVE-ID: CVE-2022-50422)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smp_execute_task_sg() function in drivers/scsi/libsas/sas_expander.c. A local user can escalate privileges on the system.
55) Use-after-free (CVE-ID: CVE-2022-50432)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kernfs_remove_by_name_ns() function in fs/kernfs/dir.c. A local user can escalate privileges on the system.
56) Memory leak (CVE-ID: CVE-2022-50434)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the blk_mq_register_hctx() function in block/blk-mq-sysfs.c. A local user can perform a denial of service (DoS) attack.
57) Race condition (CVE-ID: CVE-2022-50435)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the ext4_seek_data() function in fs/ext4/file.c. A local user can perform a denial of service (DoS) attack.
58) Input validation error (CVE-ID: CVE-2022-50440)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vmw_kms_cursor_snoop() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.
59) Incorrect calculation (CVE-ID: CVE-2022-50456)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the add_all_parents() function in fs/btrfs/backref.c. A local user can perform a denial of service (DoS) attack.
60) Memory leak (CVE-ID: CVE-2022-50460)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_flock() function in fs/cifs/file.c. A local user can perform a denial of service (DoS) attack.
61) Out-of-bounds read (CVE-ID: CVE-2023-1380)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Broadcom Full MAC Wi-Fi driver (brcmfmac.ko). A local user can trigger an out-of-bounds read error and read contents of kernel memory on the system.
62) NULL pointer dereference (CVE-ID: CVE-2023-28328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
63) NULL pointer dereference (CVE-ID: CVE-2023-3772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.
64) Out-of-bounds read (CVE-ID: CVE-2023-39197)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Netfilter Connection Tracking (conntrack) in the Linux kernel in the nf_conntrack_dccp_packet() function in net/netfilter/nf_conntrack_proto_dccp.c. A remote attacker can send specially crafted DCCP packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.
65) NULL pointer dereference (CVE-ID: CVE-2023-53147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm_update_ae_params() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.
66) Resource management error (CVE-ID: CVE-2023-53148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the igb_io_error_detected() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
67) Improper locking (CVE-ID: CVE-2023-53149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the free_ext_block(), ext4_ext_migrate() and ext4_ind_migrate() functions in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.
68) NULL pointer dereference (CVE-ID: CVE-2023-53150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_bsg_request() function in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.
69) Memory leak (CVE-ID: CVE-2023-53151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the flush_pending_writes() and raid10_unplug() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
70) Use-after-free (CVE-ID: CVE-2023-53153)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cfg80211_conn_work(), cfg80211_get_conn_bss(), cfg80211_sme_connect() and cfg80211_connect() functions in net/wireless/sme.c. A local user can escalate privileges on the system.
71) Use of uninitialized resource (CVE-ID: CVE-2023-53165)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_name_from_CS0() function in fs/udf/unicode.c. A local user can perform a denial of service (DoS) attack.
72) Memory leak (CVE-ID: CVE-2023-53174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid_component_add() function in drivers/scsi/raid_class.c. A local user can perform a denial of service (DoS) attack.
73) Improper error handling (CVE-ID: CVE-2023-53176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the serial8250_unregister_port() function in drivers/tty/serial/8250/8250_core.c. A local user can perform a denial of service (DoS) attack.
74) Use-after-free (CVE-ID: CVE-2023-53178)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zswap_writeback_entry() function in mm/zswap.c. A local user can escalate privileges on the system.
75) Integer underflow (CVE-ID: CVE-2023-53189)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the addrconf_del_dad_work() function in net/ipv6/addrconf.c. A local user can execute arbitrary code.
76) Memory leak (CVE-ID: CVE-2023-53199)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath9k_hif_usb_rx_stream() function in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.
77) Integer overflow (CVE-ID: CVE-2023-53201)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __send_message() and bnxt_qplib_alloc_rcfw_channel() functions in drivers/infiniband/hw/bnxt_re/qplib_rcfw.c. A local user can execute arbitrary code.
78) Out-of-bounds read (CVE-ID: CVE-2023-53213)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the brcmf_get_assoc_ies() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.
79) Resource management error (CVE-ID: CVE-2023-53215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the load_balance() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
80) Out-of-bounds read (CVE-ID: CVE-2023-53226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mwifiex_process_mgmt_packet() function in drivers/net/wireless/marvell/mwifiex/util.c. A local user can perform a denial of service (DoS) attack.
81) NULL pointer dereference (CVE-ID: CVE-2023-53245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the storvsc_host_reset_handler() function in drivers/scsi/storvsc_drv.c. A local user can perform a denial of service (DoS) attack.
82) NULL pointer dereference (CVE-ID: CVE-2023-53246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/cifs/cifsfs.h. A local user can perform a denial of service (DoS) attack.
83) NULL pointer dereference (CVE-ID: CVE-2023-53248)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_vm_bo_add(), amdgpu_vm_init() and amdgpu_vm_make_compute() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can perform a denial of service (DoS) attack.
84) NULL pointer dereference (CVE-ID: CVE-2023-53250)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dmi_sysfs_register_handle() function in drivers/firmware/dmi-sysfs.c. A local user can perform a denial of service (DoS) attack.
85) Out-of-bounds read (CVE-ID: CVE-2023-53254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cache_shared_cpu_map_setup() and cache_shared_cpu_map_remove() functions in drivers/base/cacheinfo.c. A local user can perform a denial of service (DoS) attack.
86) Out-of-bounds write (CVE-ID: CVE-2023-53265)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the io_init() function in drivers/mtd/ubi/build.c. A local user can execute arbitrary code.
87) Resource management error (CVE-ID: CVE-2023-53270)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ext4_da_write_end() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
88) Integer overflow (CVE-ID: CVE-2023-53272)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ena_com_comp_status_to_errno() function in drivers/net/ethernet/amazon/ena/ena_com.c. A local user can execute arbitrary code.
89) Input validation error (CVE-ID: CVE-2023-53277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DEVICE_ATTR(), il3945_setup_deferred_work() and il3945_pci_probe() functions in drivers/net/wireless/intel/iwlegacy/3945-mac.c. A local user can perform a denial of service (DoS) attack.
90) Improper Initialization (CVE-ID: CVE-2023-53280)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the qla_nvme_ls_req() and qla_nvme_post_cmd() functions in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
91) Information disclosure (CVE-ID: CVE-2023-53288)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can gain access to sensitive information.
92) Input validation error (CVE-ID: CVE-2023-53295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the udf_file_write_iter() function in fs/udf/file.c. A local user can perform a denial of service (DoS) attack.
93) Information disclosure (CVE-ID: CVE-2023-53298)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the nfc_se_io() function in net/nfc/netlink.c. A local user can gain access to sensitive information.
94) Information disclosure (CVE-ID: CVE-2023-53299)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the recovery_request_write() function in drivers/md/raid10.c. A local user can gain access to sensitive information.
95) Input validation error (CVE-ID: CVE-2023-53302)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the il4965_bg_txpower_work(), il4965_setup_deferred_work() and il4965_pci_probe() functions in drivers/net/wireless/intel/iwlegacy/4965-mac.c. A local user can perform a denial of service (DoS) attack.
96) Use-after-free (CVE-ID: CVE-2023-53305)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_le_command_rej() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
97) Use-after-free (CVE-ID: CVE-2023-53307)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rbd_dev_release(), __rbd_dev_create(), rbd_dev_create() and rbd_dev_probe_parent() functions in drivers/block/rbd.c. A local user can escalate privileges on the system.
98) Memory leak (CVE-ID: CVE-2023-53308)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fec_drv_remove() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
99) Use of uninitialized resource (CVE-ID: CVE-2023-53309)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the radeon_cs_parser_init() function in drivers/gpu/drm/radeon/radeon_cs.c. A local user can perform a denial of service (DoS) attack.
100) Buffer overflow (CVE-ID: CVE-2023-53313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the max_corrected_read_errors_store() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
101) Resource management error (CVE-ID: CVE-2023-53317)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ext4_get_group_desc() and ext4_validate_block_bitmap() functions in fs/ext4/balloc.c. A local user can perform a denial of service (DoS) attack.
102) Input validation error (CVE-ID: CVE-2023-53321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hwsim_cloned_frame_received_nl() function in drivers/net/wireless/mac80211_hwsim.c. A local user can perform a denial of service (DoS) attack.
103) Use-after-free (CVE-ID: CVE-2023-53322)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla2x00_terminate_rport_io() function in drivers/scsi/qla2xxx/qla_attr.c. A local user can escalate privileges on the system.
104) NULL pointer dereference (CVE-ID: CVE-2023-53326)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gpr_set() function in arch/powerpc/kernel/ptrace/ptrace-view.c. A local user can perform a denial of service (DoS) attack.
105) Input validation error (CVE-ID: CVE-2023-53331)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the persistent_ram_post_init() function in fs/pstore/ram_core.c. A local user can perform a denial of service (DoS) attack.
106) NULL pointer dereference (CVE-ID: CVE-2023-53332)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and ipi_send_verify() functions in kernel/irq/ipi.c. A local user can perform a denial of service (DoS) attack.
107) Out-of-bounds read (CVE-ID: CVE-2023-53333)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dccp_error() function in net/netfilter/nf_conntrack_proto_dccp.c. A local user can perform a denial of service (DoS) attack.
108) NULL pointer dereference (CVE-ID: CVE-2023-53335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pass_establish() function in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.
109) Use of uninitialized resource (CVE-ID: CVE-2023-53344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the bcm_tx_setup() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
110) Improper locking (CVE-ID: CVE-2023-53348)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_relocate_chunk() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.
111) Out-of-bounds read (CVE-ID: CVE-2023-53357)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
112) Improper locking (CVE-ID: CVE-2023-53365)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6mr_cache_report() function in net/ipv6/ip6mr.c. A local user can perform a denial of service (DoS) attack.
113) Improper error handling (CVE-ID: CVE-2023-53368)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tracing_snapshot_open() and tracing_snapshot_write() functions in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
114) NULL pointer dereference (CVE-ID: CVE-2023-53380)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the raid10_sync_request() function in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
115) NULL pointer dereference (CVE-ID: CVE-2023-53384)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mwifiex_handle_uap_rx_forward() function in drivers/net/wireless/marvell/mwifiex/uap_txrx.c. A local user can perform a denial of service (DoS) attack.
116) Improper locking (CVE-ID: CVE-2023-53393)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_get_hw_stats() function in drivers/infiniband/hw/mlx5/counters.c. A local user can perform a denial of service (DoS) attack.
117) Out-of-bounds read (CVE-ID: CVE-2023-53395)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the function in drivers/acpi/acpica/psopcode.c. A local user can perform a denial of service (DoS) attack.
118) Out-of-bounds read (CVE-ID: CVE-2023-53397)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the default_mismatch_handler() function in scripts/mod/modpost.c. A local user can perform a denial of service (DoS) attack.
119) Buffer overflow (CVE-ID: CVE-2023-53400)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the path_has_mixer() and get_line_out_pfx() functions in sound/pci/hda/hda_generic.c. A local user can perform a denial of service (DoS) attack.
120) Use-after-free (CVE-ID: CVE-2023-53427)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the allocate_mr_list() function in fs/cifs/smbdirect.c. A local user can escalate privileges on the system.
121) Memory leak (CVE-ID: CVE-2023-53436)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the snic_tgt_create() function in drivers/scsi/snic/snic_disc.c. A local user can perform a denial of service (DoS) attack.
122) Improper error handling (CVE-ID: CVE-2023-53438)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/x86/kernel/cpu/mce/internal.h. A local user can perform a denial of service (DoS) attack.
123) Memory leak (CVE-ID: CVE-2023-53441)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_cpu_map_entry() and put_cpu_map_entry() functions in kernel/bpf/cpumap.c. A local user can perform a denial of service (DoS) attack.
124) Use-after-free (CVE-ID: CVE-2023-53446)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.
125) Input validation error (CVE-ID: CVE-2023-53451)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qla24xx_build_scsi_type_6_iocbs() function in drivers/scsi/qla2xxx/qla_iocb.c. A local user can perform a denial of service (DoS) attack.
126) Memory leak (CVE-ID: CVE-2023-53456)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qla4xxx_set_chap_entry(), qla4xxx_iface_set_param() and qla4xxx_sysfs_ddb_set_param() functions in drivers/scsi/qla4xxx/ql4_os.c. A local user can perform a denial of service (DoS) attack.
127) Memory leak (CVE-ID: CVE-2023-53499)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtnet_poll(), virtnet_open() and virtnet_close() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
128) Input validation error (CVE-ID: CVE-2023-53506)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the udf_merge_extents() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
129) Memory leak (CVE-ID: CVE-2023-53512)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the _base_release_memory_pools() function in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
130) Input validation error (CVE-ID: CVE-2023-53521)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ses_intf_remove_enclosure() function in drivers/scsi/ses.c. A local user can perform a denial of service (DoS) attack.
131) Buffer overflow (CVE-ID: CVE-2023-53526)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the jbd2_journal_try_remove_checkpoint() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
132) Input validation error (CVE-ID: CVE-2023-53530)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tcm_qla2xxx_free_cmd() and tcm_qla2xxx_handle_data() functions in drivers/scsi/qla2xxx/tcm_qla2xxx.c. A local user can perform a denial of service (DoS) attack.
133) Use-after-free (CVE-ID: CVE-2024-53194)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_slot_release(), pci_bus_get() and make_slot_name() functions in drivers/pci/slot.c. A local user can escalate privileges on the system.
134) Use-after-free (CVE-ID: CVE-2024-58240)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_do_decryption() function in net/tls/tls_sw.c. A local user can escalate privileges on the system.
135) Buffer overflow (CVE-ID: CVE-2025-38465)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netlink_skb_set_owner_r(), netlink_alloc_large_skb(), netlink_unicast_kernel(), EXPORT_SYMBOL_GPL() and netlink_dump() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
136) Use-after-free (CVE-ID: CVE-2025-38488)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the crypt_message() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
137) Use-after-free (CVE-ID: CVE-2025-38527)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.
138) Improper locking (CVE-ID: CVE-2025-38553)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
139) Integer overflow (CVE-ID: CVE-2025-38572)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
140) Use of uninitialized resource (CVE-ID: CVE-2025-38574)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the pptp_xmit() function in drivers/net/ppp/pptp.c. A local user can perform a denial of service (DoS) attack.
141) NULL pointer dereference (CVE-ID: CVE-2025-38602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
142) NULL pointer dereference (CVE-ID: CVE-2025-38604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl8187_stop() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can perform a denial of service (DoS) attack.
143) Improper error handling (CVE-ID: CVE-2025-38623)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pnv_php_set_attention_state(), pnv_php_enable() and pnv_php_enable_msix() functions in drivers/pci/hotplug/pnv_php.c, within the pci_hp_add_devices() function in arch/powerpc/kernel/pci-hotplug.c. A local user can perform a denial of service (DoS) attack.
144) Memory leak (CVE-ID: CVE-2025-38624)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
145) NULL pointer dereference (CVE-ID: CVE-2025-38632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pin_free() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
146) Out-of-bounds read (CVE-ID: CVE-2025-38639)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfacct_mt_checkentry() function in net/netfilter/xt_nfacct.c. A local user can perform a denial of service (DoS) attack.
147) NULL pointer dereference (CVE-ID: CVE-2025-38665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_changelink() function in drivers/net/can/dev/netlink.c, within the can_change_state(), can_restart() and can_restart_now() functions in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
148) Out-of-bounds read (CVE-ID: CVE-2025-38685)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the con2fb_init_display() and fbcon_set_disp() functions in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
149) Input validation error (CVE-ID: CVE-2025-38701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_create_inline_data(), ext4_update_inline_data() and ext4_inline_data_truncate() functions in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
150) Buffer overflow (CVE-ID: CVE-2025-38702)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the do_register_framebuffer() function in drivers/video/fbdev/core/fbmem.c. A local user can escalate privileges on the system.
151) NULL pointer dereference (CVE-ID: CVE-2025-38705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_set_pp_power_profile_mode() and parse_input_od_command_lines() functions in drivers/gpu/drm/amd/pm/amdgpu_pm.c. A local user can perform a denial of service (DoS) attack.
152) Input validation error (CVE-ID: CVE-2025-38712)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the PTR_ERR() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
153) Out-of-bounds read (CVE-ID: CVE-2025-38713)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_uni2asc() function in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
154) Improper locking (CVE-ID: CVE-2025-38727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netlink_attachskb() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
155) Out-of-bounds read (CVE-ID: CVE-2025-38729)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_uac3_feature_unit() and FUNC() functions in sound/usb/validate.c. A local user can perform a denial of service (DoS) attack.
156) NULL pointer dereference (CVE-ID: CVE-2025-38735)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_shutdown() function in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.
157) Integer underflow (CVE-ID: CVE-2025-39677)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_load_priomap() and fq_change() functions in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can execute arbitrary code.
158) Use-after-free (CVE-ID: CVE-2025-39691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __end_buffer_read_notouch() function in fs/buffer.c. A local user can escalate privileges on the system.
159) NULL pointer dereference (CVE-ID: CVE-2025-39705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_destruct() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
160) NULL pointer dereference (CVE-ID: CVE-2025-39706)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kfd_exit() function in drivers/gpu/drm/amd/amdkfd/kfd_module.c. A local user can perform a denial of service (DoS) attack.
161) Buffer overflow (CVE-ID: CVE-2025-39726)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ism_cmd() and ism_probe() functions in drivers/s390/net/ism_drv.c. A local user can perform a denial of service (DoS) attack.
162) Buffer overflow (CVE-ID: CVE-2025-39751)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the add_tuning_control() function in sound/pci/hda/patch_ca0132.c. A local user can escalate privileges on the system.
163) Improper locking (CVE-ID: CVE-2025-39754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smaps_hugetlb_range() function in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
164) Out-of-bounds read (CVE-ID: CVE-2025-39757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the convert_chmap_v3() and snd_usb_get_audioformat_uac3() functions in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
165) Out-of-bounds read (CVE-ID: CVE-2025-39760)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the usb_parse_ss_endpoint_companion() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
166) Improper locking (CVE-ID: CVE-2025-39763)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ghes_do_proc() function in drivers/acpi/apei/ghes.c. A local user can perform a denial of service (DoS) attack.
167) Memory leak (CVE-ID: CVE-2025-39764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ctnetlink_expect_event(), ctnetlink_exp_dump_table(), ctnetlink_exp_ct_dump_table(), ctnetlink_dump_exp_ct() and ctnetlink_get_expect() functions in net/netfilter/nf_conntrack_netlink.c. A local user can perform a denial of service (DoS) attack.
168) Improper locking (CVE-ID: CVE-2025-39773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/bridge/br_private.h. A local user can perform a denial of service (DoS) attack.
169) Improper locking (CVE-ID: CVE-2025-39782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the jbd2_log_do_checkpoint() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
170) Incorrect calculation (CVE-ID: CVE-2025-39787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qcom_mdt_get_size(), qcom_mdt_read_metadata() and __qcom_mdt_load() functions in drivers/soc/qcom/mdt_loader.c. A local user can perform a denial of service (DoS) attack.
171) Resource management error (CVE-ID: CVE-2025-39800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the btrfs_copy_root() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
172) Resource management error (CVE-ID: CVE-2025-39808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ntrig_report_version() function in drivers/hid/hid-ntrig.c. A local user can perform a denial of service (DoS) attack.
173) Resource management error (CVE-ID: CVE-2025-39824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the asus_probe() function in drivers/hid/hid-asus.c. A local user can perform a denial of service (DoS) attack.
174) Improper locking (CVE-ID: CVE-2025-39833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfcpci_softirq() and HFC_init() functions in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can perform a denial of service (DoS) attack.
175) NULL pointer dereference (CVE-ID: CVE-2025-39838)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cifs_strndup_to_utf16() function in fs/smb/client/cifs_unicode.c. A local user can perform a denial of service (DoS) attack.
176) Memory leak (CVE-ID: CVE-2025-39847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pad_compress_skb() and ppp_send_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
177) NULL pointer dereference (CVE-ID: CVE-2025-39853)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_client_add_instance() function in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.
178) Use-after-free (CVE-ID: CVE-2025-39860)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
179) Use-after-free (CVE-ID: CVE-2025-39863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_btcoex_detach() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/btcoex.c. A local user can escalate privileges on the system.
180) NULL pointer dereference (CVE-ID: CVE-2025-39865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
181) Out-of-bounds read (CVE-ID: CVE-2025-39869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the edma_setup_from_hw() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.
182) Improper locking (CVE-ID: CVE-2025-39885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_extent_map_get_blocks(), ocfs2_fiemap_inline() and ocfs2_fiemap() functions in fs/ocfs2/extent_map.c. A local user can perform a denial of service (DoS) attack.
183) Input validation error (CVE-ID: CVE-2025-40300)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vcpu_enter_guest() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.