SB2025102407 - Anolis OS update for kernel:6.6
Published: October 24, 2025 Updated: February 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 504 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2024-43840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
2) Incorrect calculation (CVE-ID: CVE-2024-46751)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2024-56758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the relocate_one_folio() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2024-58098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_func_call(), mark_subprog_changes_pkt_data(), visit_func_call_insn() and visit_insn() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2024-58100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvfree(), jit_subprogs(), bpf_check_attach_target() and bpf_check() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
6) Resource management error (CVE-ID: CVE-2024-58237)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the subprog_tc() function in tools/testing/selftests/bpf/progs/tc_bpf2bpf.c, within the bpf_helper_changes_pkt_data() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
7) Resource management error (CVE-ID: CVE-2025-21816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the HRTIMER_ACTIVE_SOFT(), DEFINE_PER_CPU(), hrtimer_base_is_online(), lock_hrtimer_base(), raw_spin_unlock(), WRITE_ONCE(), hrtimer_is_hres_enabled() and __hrtimer_start_range_ns() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.
8) Infinite loop (CVE-ID: CVE-2025-21839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vcpu_enter_guest() function in arch/x86/kvm/x86.c, within the vmx_sync_dirty_debug_regs() and vmx_vcpu_run() functions in arch/x86/kvm/vmx/vmx.c, within the new_asid() and svm_vcpu_run() functions in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
9) Buffer overflow (CVE-ID: CVE-2025-21927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvme_tcp_queue_id() and nvme_tcp_recv_pdu() functions in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
10) Improper locking (CVE-ID: CVE-2025-21931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_migrate_range() function in mm/memory_hotplug.c. A local user can perform a denial of service (DoS) attack.
11) Resource management error (CVE-ID: CVE-2025-22028)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vimc_streamer_pipeline_terminate() function in drivers/media/test-drivers/vimc/vimc-streamer.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2025-22062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() and proc_sctp_do_udp_port() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
13) Improper locking (CVE-ID: CVE-2025-22102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nxp_download_firmware() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2025-22119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the INIT_WORK() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.
15) Improper locking (CVE-ID: CVE-2025-22120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_setattr() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
16) Use-after-free (CVE-ID: CVE-2025-37777)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_transport() function in fs/smb/server/transport_tcp.c, within the ksmbd_conn_free() function in fs/smb/server/connection.c. A local user can escalate privileges on the system.
17) Input validation error (CVE-ID: CVE-2025-37797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
18) Memory leak (CVE-ID: CVE-2025-37799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2025-37800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_uevent_name() and dev_uevent() functions in drivers/base/core.c, within the bus_rescan_devices_helper() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
20) NULL pointer dereference (CVE-ID: CVE-2025-37801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the spi_imx_transfer_one() function in drivers/spi/spi-imx.c. A local user can perform a denial of service (DoS) attack.
21) Buffer overflow (CVE-ID: CVE-2025-37803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udmabuf_create() function in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.
22) Improper locking (CVE-ID: CVE-2025-37805)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtsnd_pcm_parse_cfg() function in sound/virtio/virtio_pcm.c. A local user can perform a denial of service (DoS) attack.
23) Resource management error (CVE-ID: CVE-2025-37808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX(), MODULE_ALIAS_CRYPTO() and EXPORT_SYMBOL_GPL() functions in crypto/crypto_null.c. A local user can perform a denial of service (DoS) attack.
24) Out-of-bounds read (CVE-ID: CVE-2025-37810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dwc3_check_event_buf() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2025-37811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpu_latency_qos_remove_request() and ci_hdrc_imx_remove() functions in drivers/usb/chipidea/ci_hdrc_imx.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2025-37812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns3_device_thread_irq_handler() function in drivers/usb/cdns3/cdns3-gadget.c. A local user can perform a denial of service (DoS) attack.
27) Input validation error (CVE-ID: CVE-2025-37813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xhci_queue_ctrl_tx() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
28) Improper locking (CVE-ID: CVE-2025-37815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci1xxxx_gpio_irq_handler() function in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c. A local user can perform a denial of service (DoS) attack.
29) Double free (CVE-ID: CVE-2025-37817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the chameleon_parse_gdd() function in drivers/mcb/mcb-parse.c. A local user can perform a denial of service (DoS) attack.
30) Input validation error (CVE-ID: CVE-2025-37818)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the huge_pte_offset() function in arch/loongarch/mm/hugetlbpage.c. A local user can perform a denial of service (DoS) attack.
31) Double free (CVE-ID: CVE-2025-37819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gicv2m_of_init() function in drivers/irqchip/irq-gic-v2m.c. A local user can perform a denial of service (DoS) attack.
32) Memory leak (CVE-ID: CVE-2025-37820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xennet_run_xdp() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
33) Input validation error (CVE-ID: CVE-2025-37823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
34) NULL pointer dereference (CVE-ID: CVE-2025-37824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_mon_reinit_self() function in net/tipc/monitor.c. A local user can perform a denial of service (DoS) attack.
35) NULL pointer dereference (CVE-ID: CVE-2025-37828)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufshcd_mcq_abort() function in drivers/ufs/core/ufs-mcq.c. A local user can perform a denial of service (DoS) attack.
36) NULL pointer dereference (CVE-ID: CVE-2025-37829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_cpufreq_get_rate() function in drivers/cpufreq/scpi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
37) NULL pointer dereference (CVE-ID: CVE-2025-37830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scmi_cpufreq_get_rate() function in drivers/cpufreq/scmi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
38) NULL pointer dereference (CVE-ID: CVE-2025-37831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_soc_cpufreq_get_rate() function in drivers/cpufreq/apple-soc-cpufreq.c. A local user can perform a denial of service (DoS) attack.
39) Memory leak (CVE-ID: CVE-2025-37836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_register_host_bridge() function in drivers/pci/probe.c. A local user can perform a denial of service (DoS) attack.
40) Resource management error (CVE-ID: CVE-2025-37878)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the inherit_event() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
41) Incorrect calculation (CVE-ID: CVE-2025-37879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the p9_client_read_once(), p9_client_write(), EXPORT_SYMBOL_GPL() and p9_client_readdir() functions in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
42) Improper error handling (CVE-ID: CVE-2025-37881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ast_vhub_init_dev() function in drivers/usb/gadget/udc/aspeed-vhub/dev.c. A local user can perform a denial of service (DoS) attack.
43) Memory leak (CVE-ID: CVE-2025-37883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __sclp_console_free_pages() and sclp_console_init() functions in drivers/s390/char/sclp_con.c. A local user can perform a denial of service (DoS) attack.
44) Improper locking (CVE-ID: CVE-2025-37884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __set_printk_clr_event() and bpf_get_trace_vprintk_proto() functions in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
45) Use-after-free (CVE-ID: CVE-2025-37885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
46) Buffer overflow (CVE-ID: CVE-2025-37886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_q_map() function in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pdsc_adminq_isr(), __pdsc_adminq_post() and pdsc_adminq_post() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.
47) Buffer overflow (CVE-ID: CVE-2025-37887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_dl_info_get() function in drivers/net/ethernet/amd/pds_core/devlink.c. A local user can perform a denial of service (DoS) attack.
48) Use-after-free (CVE-ID: CVE-2025-37890)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
49) Buffer overflow (CVE-ID: CVE-2025-37891)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the include/sound/ump_convert.h. A local user can escalate privileges on the system.
50) Improper locking (CVE-ID: CVE-2025-37897)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the plfxlc_mac_init_hw() function in drivers/net/wireless/purelifi/plfxlc/mac.c. A local user can perform a denial of service (DoS) attack.
51) Input validation error (CVE-ID: CVE-2025-37901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qcom_mpm_alloc() function in drivers/irqchip/irq-qcom-mpm.c. A local user can perform a denial of service (DoS) attack.
52) Use-after-free (CVE-ID: CVE-2025-37903)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_update_display(), hdcp_remove_display(), hdcp_reset_display() and update_config() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
53) Memory leak (CVE-ID: CVE-2025-37905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_child_dev_find() function in drivers/firmware/arm_scmi/bus.c. A local user can perform a denial of service (DoS) attack.
54) Memory leak (CVE-ID: CVE-2025-37909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lan743x_tx_frame_add_lso(), lan743x_tx_frame_add_fragment() and lan743x_tx_frame_end() functions in drivers/net/ethernet/microchip/lan743x_main.c. A local user can perform a denial of service (DoS) attack.
55) Out-of-bounds read (CVE-ID: CVE-2025-37911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.
56) NULL pointer dereference (CVE-ID: CVE-2025-37912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vc_add_fdir_fltr() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.
57) Use-after-free (CVE-ID: CVE-2025-37913)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and qfq_enqueue() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
58) Use-after-free (CVE-ID: CVE-2025-37914)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and ets_qdisc_enqueue() functions in net/sched/sch_ets.c. A local user can escalate privileges on the system.
59) Use-after-free (CVE-ID: CVE-2025-37915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.
60) Use-after-free (CVE-ID: CVE-2025-37916)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pdsc_auxbus_dev_del() function in drivers/net/ethernet/amd/pds_core/auxbus.c. A local user can escalate privileges on the system.
61) Improper locking (CVE-ID: CVE-2025-37917)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_star_tx_poll() and mtk_star_rx_poll() functions in drivers/net/ethernet/mediatek/mtk_star_emac.c. A local user can perform a denial of service (DoS) attack.
62) NULL pointer dereference (CVE-ID: CVE-2025-37918)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btusb_coredump_qca(), handle_dump_pkt_qca() and acl_pkt_is_dump_qca() functions in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.
63) Improper locking (CVE-ID: CVE-2025-37921)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vxlan_vni_delete_group() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.
64) Use-after-free (CVE-ID: CVE-2025-37922)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the radix__vmemmap_populate() function in arch/powerpc/mm/book3s64/radix_pgtable.c. A local user can escalate privileges on the system.
65) Buffer overflow (CVE-ID: CVE-2025-37923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tracing_splice_read_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
66) Use-after-free (CVE-ID: CVE-2025-37924)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the krb5_authenticate() function in fs/smb/server/smb2pdu.c, within the ksmbd_krb5_authenticate() function in fs/smb/server/auth.c. A local user can escalate privileges on the system.
67) Improper locking (CVE-ID: CVE-2025-37925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the duplicateIXtree() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
68) Buffer overflow (CVE-ID: CVE-2025-37927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
69) Improper error handling (CVE-ID: CVE-2025-37928)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
70) Improper error handling (CVE-ID: CVE-2025-37929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
71) Resource management error (CVE-ID: CVE-2025-37930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.
72) Resource management error (CVE-ID: CVE-2025-37932)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the htb_qlen_notify() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
73) Input validation error (CVE-ID: CVE-2025-37933)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the octep_hb_timeout_task() function in drivers/net/ethernet/marvell/octeon_ep/octep_main.c. A local user can perform a denial of service (DoS) attack.
74) Input validation error (CVE-ID: CVE-2025-37935)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mediatek/mtk_eth_soc.c. A local user can perform a denial of service (DoS) attack.
75) Resource management error (CVE-ID: CVE-2025-37936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the intel_guest_get_msrs() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
76) Use-after-free (CVE-ID: CVE-2025-37938)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the test_event_printk() function in kernel/trace/trace_events.c. A local user can escalate privileges on the system.
77) Out-of-bounds read (CVE-ID: CVE-2025-37947)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ksmbd_vfs_stream_write() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
78) Input validation error (CVE-ID: CVE-2025-37948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
79) Improper locking (CVE-ID: CVE-2025-37949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_suspend_exit(), xs_send(), xs_wait_for_reply(), xenbus_dev_request_and_reply() and xs_talkv() functions in drivers/xen/xenbus/xenbus_xs.c, within the xenbus_dev_queue_reply() function in drivers/xen/xenbus/xenbus_dev_frontend.c, within the process_msg() and process_writes() functions in drivers/xen/xenbus/xenbus_comms.c. A local user can perform a denial of service (DoS) attack.
80) Memory leak (CVE-ID: CVE-2025-37951)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v3d_gpu_reset_for_timeout(), v3d_cl_job_timedout() and v3d_csd_job_timedout() functions in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.
81) Use-after-free (CVE-ID: CVE-2025-37952)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __close_file_table_ids() function in fs/smb/server/vfs_cache.c. A local user can escalate privileges on the system.
82) Memory leak (CVE-ID: CVE-2025-37954)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the find_or_create_cached_dir() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
83) Buffer overflow (CVE-ID: CVE-2025-37956)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the smb2_get_name() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
84) Use-after-free (CVE-ID: CVE-2025-37957)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shutdown_interception() function in arch/x86/kvm/svm/svm.c, within the kvm_smm_changed() function in arch/x86/kvm/smm.c. A local user can escalate privileges on the system.
85) Improper locking (CVE-ID: CVE-2025-37958)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_huge_pmd_locked() and split_huge_pmd_locked() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
86) Input validation error (CVE-ID: CVE-2025-37959)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the skb_do_redirect() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
87) Resource management error (CVE-ID: CVE-2025-37960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the memblock_double_array() function in mm/memblock.c. A local user can perform a denial of service (DoS) attack.
88) Use of uninitialized resource (CVE-ID: CVE-2025-37961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __mtu_check_toobig_v6(), do_output_route4() and __ip_vs_get_out_rt() functions in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
89) Memory leak (CVE-ID: CVE-2025-37962)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_lease_state() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
90) Input validation error (CVE-ID: CVE-2025-37963)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_bhb_mitigation() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
91) Resource management error (CVE-ID: CVE-2025-37964)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the switch_mm_irqs_off() and should_flush_tlb() functions in arch/x86/mm/tlb.c. A local user can perform a denial of service (DoS) attack.
92) Improper locking (CVE-ID: CVE-2025-37967)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ucsi_set_drvdata() function in drivers/usb/typec/ucsi/ucsi.c, within the ucsi_displayport_enter(), ucsi_displayport_exit() and ucsi_displayport_vdm() functions in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
93) Infinite loop (CVE-ID: CVE-2025-37969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the st_lsm6dsx_read_tagged_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
94) Improper locking (CVE-ID: CVE-2025-37970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the st_lsm6dsx_read_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
95) NULL pointer dereference (CVE-ID: CVE-2025-37972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_pmic_keys_lp_reset_setup() function in drivers/input/keyboard/mtk-pmic-keys.c. A local user can perform a denial of service (DoS) attack.
96) Buffer overflow (CVE-ID: CVE-2025-37973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cfg80211_defrag_mle() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
97) Memory leak (CVE-ID: CVE-2025-37983)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qibfs_mknod() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
98) Integer overflow (CVE-ID: CVE-2025-37984)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ecdsa_x962_verify() function in crypto/ecdsa-x962.c, within the ecdsa_p1363_verify() function in crypto/ecdsa-p1363.c, within the EXPORT_SYMBOL() function in crypto/ecc.c. A local user can execute arbitrary code.
99) Race condition (CVE-ID: CVE-2025-37985)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can escalate privileges on the system.
100) Buffer overflow (CVE-ID: CVE-2025-37987)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_core_init() function in drivers/net/ethernet/amd/pds_core/core.c. A local user can perform a denial of service (DoS) attack.
101) Improper locking (CVE-ID: CVE-2025-37988)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_lock_mount() and lock_mount() functions in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
102) Use-after-free (CVE-ID: CVE-2025-37989)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_led_triggers_register() and phy_led_triggers_unregister() functions in drivers/net/phy/phy_led_triggers.c. A local user can escalate privileges on the system.
103) Improper error handling (CVE-ID: CVE-2025-37990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.
104) Improper error handling (CVE-ID: CVE-2025-37991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the handle_fpe() function in arch/parisc/math-emu/driver.c. A local user can perform a denial of service (DoS) attack.
105) NULL pointer dereference (CVE-ID: CVE-2025-37992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_change() function in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
106) NULL pointer dereference (CVE-ID: CVE-2025-37994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_displayport_remove_partner() function in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
107) Improper error handling (CVE-ID: CVE-2025-37995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the module_kobj_release() function in kernel/params.c. A local user can perform a denial of service (DoS) attack.
108) Improper locking (CVE-ID: CVE-2025-37997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/netfilter/ipset/ip_set_hash_gen.h. A local user can perform a denial of service (DoS) attack.
109) Incorrect calculation (CVE-ID: CVE-2025-37998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the output_userspace() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.
110) Use-after-free (CVE-ID: CVE-2025-38000)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
111) Use-after-free (CVE-ID: CVE-2025-38001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_in_el_or_vttree(), hfsc_change_class() and hfsc_enqueue() functions in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
112) Use-after-free (CVE-ID: CVE-2025-38003)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_proc_show(), bcm_delete_rx_op(), bcm_delete_tx_op() and bcm_rx_setup() functions in net/can/bcm.c. A local user can escalate privileges on the system.
113) Improper locking (CVE-ID: CVE-2025-38004)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bcm_can_tx(), bcm_tx_timeout_handler() and bcm_tx_setup() functions in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
114) Improper locking (CVE-ID: CVE-2025-38005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the udma_check_tx_completion() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
115) Input validation error (CVE-ID: CVE-2025-38006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_dump_addrinfo() function in net/mctp/device.c. A local user can perform a denial of service (DoS) attack.
116) NULL pointer dereference (CVE-ID: CVE-2025-38007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uclogic_input_configured() function in drivers/hid/hid-uclogic-core.c. A local user can perform a denial of service (DoS) attack.
117) Input validation error (CVE-ID: CVE-2025-38008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_xen_vcpu_set_attr() function in arch/x86/kvm/xen.c. A local user can perform a denial of service (DoS) attack.
118) Improper resource shutdown or release (CVE-ID: CVE-2025-38009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
119) Race condition (CVE-ID: CVE-2025-38010)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the DATA0_VAL_PD BIT(), DECLARE_BITMAP(), tegra186_utmi_bias_pad_power_on(), tegra186_utmi_bias_pad_power_off(), tegra186_utmi_pad_power_on() and tegra186_utmi_pad_power_down() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can escalate privileges on the system.
120) Out-of-bounds read (CVE-ID: CVE-2025-38013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_register_hw() function in net/mac80211/main.c. A local user can perform a denial of service (DoS) attack.
121) Input validation error (CVE-ID: CVE-2025-38014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_new_node_page() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
122) Memory leak (CVE-ID: CVE-2025-38015)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the idxd_alloc() function in drivers/dma/idxd/init.c. A local user can perform a denial of service (DoS) attack.
123) NULL pointer dereference (CVE-ID: CVE-2025-38018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_strp_read_copy() function in net/tls/tls_strp.c. A local user can perform a denial of service (DoS) attack.
124) Use-after-free (CVE-ID: CVE-2025-38019)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_neigh_rif_made_sync() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c. A local user can escalate privileges on the system.
125) NULL pointer dereference (CVE-ID: CVE-2025-38020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_fix_uplink_rep_features() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
126) Use-after-free (CVE-ID: CVE-2025-38023)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_alloc_unlockdata() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
127) Use-after-free (CVE-ID: CVE-2025-38024)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_cq_from_init() function in drivers/infiniband/sw/rxe/rxe_cq.c. A local user can escalate privileges on the system.
128) Buffer overflow (CVE-ID: CVE-2025-38027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the max20086_regulators_register() and max20086_parse_regulators_dt() functions in drivers/regulator/max20086-regulator.c. A local user can perform a denial of service (DoS) attack.
129) Memory leak (CVE-ID: CVE-2025-38031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the padata_reorder() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
130) NULL pointer dereference (CVE-ID: CVE-2025-38034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.
131) NULL pointer dereference (CVE-ID: CVE-2025-38035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_restore_socket_callbacks() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
132) Race condition within a thread (CVE-ID: CVE-2025-38037)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the vxlan_fdb_info(), vxlan_find_mac(), vxlan_fdb_update_existing(), vxlan_snoop() and vxlan_cleanup() functions in drivers/net/vxlan.c. A local user can corrupt data.
133) Input validation error (CVE-ID: CVE-2025-38039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_setup_tc_mqprio() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
134) Improper locking (CVE-ID: CVE-2025-38040)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32_usart_enable_ms() function in drivers/tty/serial/stm32-usart.c, within the sci_shutdown() function in drivers/tty/serial/sh-sci.c, within the mctrl_gpio_enable_ms() and mctrl_gpio_disable_ms() functions in drivers/tty/serial/serial_mctrl_gpio.c, within the imx_uart_shutdown() function in drivers/tty/serial/imx.c, within the atmel_disable_ms() function in drivers/tty/serial/atmel_serial.c, within the serial8250_disable_ms() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
135) Resource management error (CVE-ID: CVE-2025-38043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
136) Input validation error (CVE-ID: CVE-2025-38044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_setup_tc_mqprio() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
137) Input validation error (CVE-ID: CVE-2025-38045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the _iwl_dbg_tlv_time_point() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
138) Race condition within a thread (CVE-ID: CVE-2025-38048)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the virtqueue_enable_cb_delayed() function in drivers/virtio/virtio_ring.c. A local user can corrupt data.
139) Use-after-free (CVE-ID: CVE-2025-38051)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the find_cifs_entry() function in fs/cifs/readdir.c. A local user can escalate privileges on the system.
140) Use-after-free (CVE-ID: CVE-2025-38052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_aead_encrypt() and tipc_aead_encrypt_done() functions in net/tipc/crypto.c. A local user can escalate privileges on the system.
141) Incorrect calculation (CVE-ID: CVE-2025-38058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __legitimize_mnt() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
142) NULL pointer dereference (CVE-ID: CVE-2025-38059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scrub_find_fill_first_stripe() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.
143) Out-of-bounds read (CVE-ID: CVE-2025-38061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pktgen_thread_write() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
144) Use-after-free (CVE-ID: CVE-2025-38062)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iommu_dma_prepare_msi() function in drivers/iommu/dma-iommu.c. A local user can escalate privileges on the system.
145) Improper locking (CVE-ID: CVE-2025-38063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
146) Input validation error (CVE-ID: CVE-2025-38065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the orangefs_writepage_locked() and orangefs_writepages_work() functions in fs/orangefs/inode.c. A local user can perform a denial of service (DoS) attack.
147) Improper locking (CVE-ID: CVE-2025-38066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
148) Input validation error (CVE-ID: CVE-2025-38067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rseq_get_rseq_cs_ptr_val(), rseq_get_rseq_cs(), rseq_need_restart(), clear_rseq_cs(), rseq_ip_fixup() and SYSCALL_DEFINE4() functions in kernel/rseq.c. A local user can perform a denial of service (DoS) attack.
149) Buffer overflow (CVE-ID: CVE-2025-38068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lzo1x_1_do_compress() and lzogeneric1x_1_compress() functions in lib/lzo/lzo1x_compress.c, within the obj-$() function in lib/lzo/Makefile, within the __lzo_compress() function in crypto/lzo.c, within the __lzorle_compress() function in crypto/lzo-rle.c. A local user can perform a denial of service (DoS) attack.
150) Use-after-free (CVE-ID: CVE-2025-38071)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
151) Division by zero (CVE-ID: CVE-2025-38072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the nd_label_data_init() function in drivers/nvdimm/label.c. A local user can perform a denial of service (DoS) attack.
152) Use-after-free (CVE-ID: CVE-2025-38074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
153) NULL pointer dereference (CVE-ID: CVE-2025-38075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.
154) Buffer overflow (CVE-ID: CVE-2025-38077)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the current_password_store() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c. A local user can escalate privileges on the system.
155) Use-after-free (CVE-ID: CVE-2025-38078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_pcm_buffer_access_unlock() function in sound/core/pcm_native.c, within the snd_pcm_oss_change_params_locked() function in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
156) Use-after-free (CVE-ID: CVE-2025-38079)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.
157) Buffer overflow (CVE-ID: CVE-2025-38080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/amd/display/dc/inc/core_types.h. A local user can perform a denial of service (DoS) attack.
158) Out-of-bounds read (CVE-ID: CVE-2025-38081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rockchip_spi_config() function in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.
159) Race condition (CVE-ID: CVE-2025-38083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the prio_tune() function in net/sched/sch_prio.c. A local user can escalate privileges on the system.
160) Improper locking (CVE-ID: CVE-2025-38084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_vma() function in mm/vma.c, within the hugetlb_vma_lock_free(), hugetlb_vm_op_split(), move_hugetlb_state() and hugetlb_unshare_pmds() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
161) Buffer overflow (CVE-ID: CVE-2025-38085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the huge_pmd_unshare() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
162) Use of uninitialized resource (CVE-ID: CVE-2025-38086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ch9200_mdio_read() function in drivers/net/usb/ch9200.c. A local user can perform a denial of service (DoS) attack.
163) Use-after-free (CVE-ID: CVE-2025-38087)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_dev_notifier() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
164) Out-of-bounds read (CVE-ID: CVE-2025-38088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the memtrace_read() function in arch/powerpc/platforms/powernv/memtrace.c. A local user can perform a denial of service (DoS) attack.
165) NULL pointer dereference (CVE-ID: CVE-2025-38089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svc_process_common() function in net/sunrpc/svc.c. A local user can perform a denial of service (DoS) attack.
166) Buffer overflow (CVE-ID: CVE-2025-38090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riocm_ch_send() function in drivers/rapidio/rio_cm.c. A local user can perform a denial of service (DoS) attack.
167) NULL pointer dereference (CVE-ID: CVE-2025-38092)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opinfo_get_list() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
168) Improper locking (CVE-ID: CVE-2025-38094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the macb_update_stats() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.
169) NULL pointer dereference (CVE-ID: CVE-2025-38095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dma_resv_add_fence() function in drivers/dma-buf/dma-resv.c. A local user can perform a denial of service (DoS) attack.
170) Memory leak (CVE-ID: CVE-2025-38097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __xfrm_state_delete() function in net/xfrm/xfrm_state.c, within the esp_ssg_unref(), esp6_find_tcp_sk(), esp_output_tcp_finish() and esp6_output_tcp_encap() functions in net/ipv6/esp6.c, within the esp_ssg_unref(), esp_find_tcp_sk(), esp_output_tcp_finish() and esp_output_tcp_encap() functions in net/ipv4/esp4.c. A local user can perform a denial of service (DoS) attack.
171) Memory leak (CVE-ID: CVE-2025-38100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the copy_thread() and native_tss_update_io_bitmap() functions in arch/x86/kernel/process.c, within the io_bitmap_share(), io_bitmap_exit() and SYSCALL_DEFINE1() functions in arch/x86/kernel/ioport.c. A local user can perform a denial of service (DoS) attack.
172) Double free (CVE-ID: CVE-2025-38102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drv_cp_harray_to_user() and vmci_host_setup_notify() functions in drivers/misc/vmw_vmci/vmci_host.c. A local user can perform a denial of service (DoS) attack.
173) Out-of-bounds read (CVE-ID: CVE-2025-38103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
174) Integer underflow (CVE-ID: CVE-2025-38107)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can execute arbitrary code.
175) Improper locking (CVE-ID: CVE-2025-38108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __red_change() function in net/sched/sch_red.c. A local user can perform a denial of service (DoS) attack.
176) Use-after-free (CVE-ID: CVE-2025-38109)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_eswitch_enable_pf_vf_vports() and mlx5_eswitch_disable_pf_vf_vports() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can escalate privileges on the system.
177) Out-of-bounds write (CVE-ID: CVE-2025-38110)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the __mdiobus_c45_read() and __mdiobus_c45_write() functions in drivers/net/phy/mdio_bus.c. A local user can execute arbitrary code.
178) Out-of-bounds read (CVE-ID: CVE-2025-38111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __mdiobus_read() and __mdiobus_write() functions in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
179) NULL pointer dereference (CVE-ID: CVE-2025-38112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.
180) NULL pointer dereference (CVE-ID: CVE-2025-38113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_allow_fast_switch() function in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
181) Input validation error (CVE-ID: CVE-2025-38115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
182) Improper locking (CVE-ID: CVE-2025-38117)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mgmt_cmd_complete(), mgmt_pending_new(), mgmt_pending_add() and mgmt_pending_free() functions in net/bluetooth/mgmt_util.c, within the settings_rsp(), cmd_complete_rsp(), mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_le_complete(), set_mesh_complete(), mgmt_class_complete(), pairing_complete(), mgmt_add_adv_patterns_monitor_complete(), mgmt_remove_adv_monitor_complete(), start_discovery_complete(), stop_discovery_complete(), set_advertising_complete(), set_bredr_complete(), set_secure_conn_complete(), get_conn_info_complete(), get_clock_info_complete(), add_advertising_complete(), add_ext_adv_params_complete(), add_ext_adv_data_complete(), remove_advertising_complete(), mgmt_index_removed(), mgmt_power_on(), __mgmt_power_off(), unpair_device_rsp(), mgmt_disconnect_failed(), mgmt_auth_enable_complete() and mgmt_set_class_of_dev_complete() functions in net/bluetooth/mgmt.c, within the hci_alloc_dev_priv() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
183) Use-after-free (CVE-ID: CVE-2025-38118)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_adv_monitor_added(), __add_adv_patterns_monitor(), mgmt_remove_adv_monitor_complete() and remove_adv_monitor() functions in net/bluetooth/mgmt.c, within the hci_free_adv_monitor() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
184) Improper locking (CVE-ID: CVE-2025-38119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_err_handler() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
185) Memory leak (CVE-ID: CVE-2025-38120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_pipapo_avx2_estimate() and nft_pipapo_avx2_lookup() functions in net/netfilter/nft_set_pipapo_avx2.c. A local user can perform a denial of service (DoS) attack.
186) NULL pointer dereference (CVE-ID: CVE-2025-38122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_tx_add_skb_dqo() function in drivers/net/ethernet/google/gve/gve_tx_dqo.c. A local user can perform a denial of service (DoS) attack.
187) NULL pointer dereference (CVE-ID: CVE-2025-38123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the t7xx_ccmni_wwan_newlink(), t7xx_ccmni_wwan_dellink(), t7xx_ccmni_recv_skb(), t7xx_ccmni_queue_tx_irq_notify() and t7xx_ccmni_queue_state_notify() functions in drivers/net/wwan/t7xx/t7xx_netdev.c. A local user can perform a denial of service (DoS) attack.
188) Improper locking (CVE-ID: CVE-2025-38124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
189) Improper error handling (CVE-ID: CVE-2025-38126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the stmmac_ptp_register() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c, within the stmmac_init_tstamp_counter() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
190) Improper locking (CVE-ID: CVE-2025-38127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_map_xdp_rings(), ice_prepare_xdp_rings(), mutex_unlock(), ice_destroy_xdp_rings() and ice_xdp_setup_prog() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
191) Use-after-free (CVE-ID: CVE-2025-38131)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), _cscfg_activate_config(), _cscfg_deactivate_config(), cscfg_csdev_enable_active_config() and cscfg_csdev_disable_active_config() functions in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can escalate privileges on the system.
192) NULL pointer dereference (CVE-ID: CVE-2025-38135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlb_usio_probe() function in drivers/tty/serial/milbeaut_usio.c. A local user can perform a denial of service (DoS) attack.
193) Use of uninitialized resource (CVE-ID: CVE-2025-38136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the usbhs_probe() and usbhs_fifo_remove() functions in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
194) NULL pointer dereference (CVE-ID: CVE-2025-38138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udma_probe() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
195) Input validation error (CVE-ID: CVE-2025-38142)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the asus_ec_hwmon_read_string() function in drivers/hwmon/asus-ec-sensors.c. A local user can perform a denial of service (DoS) attack.
196) NULL pointer dereference (CVE-ID: CVE-2025-38143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wled_configure() function in drivers/video/backlight/qcom-wled.c. A local user can perform a denial of service (DoS) attack.
197) NULL pointer dereference (CVE-ID: CVE-2025-38145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() function in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
198) Out-of-bounds read (CVE-ID: CVE-2025-38146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.
199) Memory leak (CVE-ID: CVE-2025-38147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_conn_setattr() function in net/netlabel/netlabel_kapi.c. A local user can perform a denial of service (DoS) attack.
200) Memory leak (CVE-ID: CVE-2025-38148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vsc85xx_txtstamp() function in drivers/net/phy/mscc/mscc_ptp.c. A local user can perform a denial of service (DoS) attack.
201) NULL pointer dereference (CVE-ID: CVE-2025-38149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
202) Improper locking (CVE-ID: CVE-2025-38151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cma_netevent_callback() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
203) Improper error handling (CVE-ID: CVE-2025-38153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the aqc111_read_cmd_nopm() and aqc111_read_cmd() functions in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
204) Improper locking (CVE-ID: CVE-2025-38154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_backlog() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
205) NULL pointer dereference (CVE-ID: CVE-2025-38155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7915_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7915/mmio.c. A local user can perform a denial of service (DoS) attack.
206) Out-of-bounds read (CVE-ID: CVE-2025-38157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_swba() function in drivers/net/wireless/ath/ath9k/htc_drv_beacon.c. A local user can perform a denial of service (DoS) attack.
207) Input validation error (CVE-ID: CVE-2025-38158)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_func_stop(), vf_qm_check_match(), vf_qm_get_match_data() and vf_qm_read_data() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
208) Out-of-bounds read (CVE-ID: CVE-2025-38159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_coex_tdma_timer_base() function in drivers/net/wireless/realtek/rtw88/coex.c. A local user can perform a denial of service (DoS) attack.
209) Improper error handling (CVE-ID: CVE-2025-38160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the raspberrypi_clk_register() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
210) Use-after-free (CVE-ID: CVE-2025-38161)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_get_rsc(), create_resource_common() and mlx5_core_destroy_rq_tracked() functions in drivers/infiniband/hw/mlx5/qpc.c. A local user can escalate privileges on the system.
211) Input validation error (CVE-ID: CVE-2025-38163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
212) Improper locking (CVE-ID: CVE-2025-38165)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_skb_ingress_enqueue(), sk_psock_skb_ingress(), sk_psock_skb_ingress_self() and sk_psock_verdict_apply() functions in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
213) Improper locking (CVE-ID: CVE-2025-38166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
214) NULL pointer dereference (CVE-ID: CVE-2025-38167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the indx_get_entry_to_replace() function in fs/ntfs3/index.c. A local user can perform a denial of service (DoS) attack.
215) Resource management error (CVE-ID: CVE-2025-38170)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_sme_acc() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
216) Input validation error (CVE-ID: CVE-2025-38173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv_cesa_skcipher_queue_req() function in drivers/crypto/marvell/cipher.c. A local user can perform a denial of service (DoS) attack.
217) Race condition (CVE-ID: CVE-2025-38174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tb_cfg_request_dequeue() function in drivers/thunderbolt/ctl.c. A local user can perform a denial of service (DoS) attack.
218) Input validation error (CVE-ID: CVE-2025-38177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the eltree_insert() and hfsc_qlen_notify() functions in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
219) Use-after-free (CVE-ID: CVE-2025-38180)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lec_itf_walk(), lec_seq_start() and lec_seq_stop() functions in net/atm/lec.c. A local user can escalate privileges on the system.
220) Improper error handling (CVE-ID: CVE-2025-38181)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the calipso_req_setattr() and calipso_req_delattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
221) Input validation error (CVE-ID: CVE-2025-38182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
222) Out-of-bounds read (CVE-ID: CVE-2025-38183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/microchip/lan743x_ptp.h. A local user can perform a denial of service (DoS) attack.
223) NULL pointer dereference (CVE-ID: CVE-2025-38184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
224) Memory leak (CVE-ID: CVE-2025-38185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atmtcp_c_send() function in drivers/atm/atmtcp.c. A local user can perform a denial of service (DoS) attack.
225) Memory leak (CVE-ID: CVE-2025-38190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_pop_raw() function in net/atm/raw.c, within the vcc_sendmsg() function in net/atm/common.c. A local user can perform a denial of service (DoS) attack.
226) NULL pointer dereference (CVE-ID: CVE-2025-38191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
227) NULL pointer dereference (CVE-ID: CVE-2025-38192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_skb_change_protocol(), bpf_skb_proto_4_to_6(), bpf_skb_proto_6_to_4(), bpf_skb_net_grow() and bpf_skb_net_shrink() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
228) Race condition (CVE-ID: CVE-2025-38193)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the sfq_change() function in net/sched/sch_sfq.c. A local user can escalate privileges on the system.
229) Input validation error (CVE-ID: CVE-2025-38194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
230) NULL pointer dereference (CVE-ID: CVE-2025-38197)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the packet_read_list() and packet_empty_list() functions in drivers/platform/x86/dell/dell_rbu.c. A local user can perform a denial of service (DoS) attack.
231) NULL pointer dereference (CVE-ID: CVE-2025-38198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fbcon_info_from_console() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
232) Integer underflow (CVE-ID: CVE-2025-38200)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the i40e_pf_reset() function in drivers/net/ethernet/intel/i40e/i40e_common.c. A local user can execute arbitrary code.
233) Resource management error (CVE-ID: CVE-2025-38202)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_3() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
234) NULL pointer dereference (CVE-ID: CVE-2025-38208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the automount_fullpath() function in fs/smb/client/namespace.c. A local user can perform a denial of service (DoS) attack.
235) Use-after-free (CVE-ID: CVE-2025-38211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
236) Use-after-free (CVE-ID: CVE-2025-38212)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shm_try_destroy_orphaned() function in ipc/shm.c. A local user can escalate privileges on the system.
237) Improper error handling (CVE-ID: CVE-2025-38214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fb_set_var() function in drivers/video/fbdev/core/fbmem.c. A local user can perform a denial of service (DoS) attack.
238) NULL pointer dereference (CVE-ID: CVE-2025-38215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fb_check_foreignness() and do_register_framebuffer() functions in drivers/video/fbdev/core/fbmem.c. A local user can perform a denial of service (DoS) attack.
239) Improper locking (CVE-ID: CVE-2025-38217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fts_read() function in drivers/hwmon/ftsteutates.c. A local user can perform a denial of service (DoS) attack.
240) Out-of-bounds read (CVE-ID: CVE-2025-38218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_sanity_check_ckpt() and DIV_ROUND_UP() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
241) Resource management error (CVE-ID: CVE-2025-38219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the f2fs_unlink() function in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
242) NULL pointer dereference (CVE-ID: CVE-2025-38220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_walk_page_buffers() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
243) Improper error handling (CVE-ID: CVE-2025-38222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
244) NULL pointer dereference (CVE-ID: CVE-2025-38225)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_err() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
245) Out-of-bounds read (CVE-ID: CVE-2025-38226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vivid_vid_cap_s_selection() function in drivers/media/test-drivers/vivid/vivid-vid-cap.c. A local user can perform a denial of service (DoS) attack.
246) Use-after-free (CVE-ID: CVE-2025-38227)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vidtv_psi_sdt_table_destroy() function in drivers/media/test-drivers/vidtv/vidtv_channel.c. A local user can escalate privileges on the system.
247) Use of uninitialized resource (CVE-ID: CVE-2025-38229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cxusb_gpio_tuner() function in drivers/media/usb/dvb-usb/cxusb.c. A local user can perform a denial of service (DoS) attack.
248) Out-of-bounds read (CVE-ID: CVE-2025-38230)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
249) NULL pointer dereference (CVE-ID: CVE-2025-38231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd_startup_net() function in fs/nfsd/nfssvc.c. A local user can perform a denial of service (DoS) attack.
250) Use-after-free (CVE-ID: CVE-2025-38236)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() and unix_stream_recv_urg() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.
251) Out-of-bounds read (CVE-ID: CVE-2025-38239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the megasas_set_high_iops_queue_affinity_and_hint() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
252) Improper locking (CVE-ID: CVE-2025-38244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_query_server_interfaces() and cifs_signal_cifsd_for_reconnect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
253) Incorrect calculation (CVE-ID: CVE-2025-38245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the atm_dev_deregister() function in net/atm/resources.c. A local user can perform a denial of service (DoS) attack.
254) Improper error handling (CVE-ID: CVE-2025-38246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __bnxt_poll_work() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
255) Out-of-bounds read (CVE-ID: CVE-2025-38249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_usb_get_audioformat_uac3() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
256) Use-after-free (CVE-ID: CVE-2025-38250)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_IDA(), hci_dev_get(), hci_dev_do_reset(), hci_dev_reset(), hci_alloc_dev_priv() and hci_unregister_dev() functions in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
257) Input validation error (CVE-ID: CVE-2025-38251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clip_push() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
258) NULL pointer dereference (CVE-ID: CVE-2025-38255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the group_cpus_evenly() function in lib/group_cpus.c. A local user can perform a denial of service (DoS) attack.
259) Buffer overflow (CVE-ID: CVE-2025-38257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the _copy_apqns_from_user() function in drivers/s390/crypto/pkey_api.c. A local user can escalate privileges on the system.
260) Memory leak (CVE-ID: CVE-2025-38258)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the memcg_path_store() function in mm/damon/sysfs-schemes.c. A local user can perform a denial of service (DoS) attack.
261) Memory leak (CVE-ID: CVE-2025-38259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WCD9335_SLIM_TX_CH() and wcd9335_parse_dt() functions in sound/soc/codecs/wcd9335.c. A local user can perform a denial of service (DoS) attack.
262) NULL pointer dereference (CVE-ID: CVE-2025-38260)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_global_roots_objectid() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
263) Improper Initialization (CVE-ID: CVE-2025-38262)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the pm_runtime_set_active() and ulite_init() functions in drivers/tty/serial/uartlite.c. A local user can perform a denial of service (DoS) attack.
264) Use-after-free (CVE-ID: CVE-2025-38263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the CLOSURE_CALLBACK() function in drivers/md/bcache/super.c. A local user can escalate privileges on the system.
265) Infinite loop (CVE-ID: CVE-2025-38264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the nvme_tcp_fetch_request(), nvme_tcp_init_request(), nvme_tcp_handle_r2t() and nvme_tcp_submit_async_event() functions in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.
266) NULL pointer dereference (CVE-ID: CVE-2025-38265)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jsm_uart_port_init() function in drivers/tty/serial/jsm/jsm_tty.c. A local user can perform a denial of service (DoS) attack.
267) NULL pointer dereference (CVE-ID: CVE-2025-38274)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_mgr_test_img_load_sgt() function in drivers/fpga/tests/fpga-mgr-test.c. A local user can perform a denial of service (DoS) attack.
268) NULL pointer dereference (CVE-ID: CVE-2025-38275)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usb_iomap() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.
269) Input validation error (CVE-ID: CVE-2025-38277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mxic_ecc_finish_io_req_external() function in drivers/mtd/nand/ecc-mxic.c. A local user can perform a denial of service (DoS) attack.
270) Resource management error (CVE-ID: CVE-2025-38278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the otx2_qos_leaf_del_last() function in drivers/net/ethernet/marvell/octeontx2/nic/qos.c. A local user can perform a denial of service (DoS) attack.
271) Resource management error (CVE-ID: CVE-2025-38280)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
272) Improper locking (CVE-ID: CVE-2025-38282)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernfs_should_drain_open_files() function in fs/kernfs/file.c, within the kernfs_break_active_protection() function in fs/kernfs/dir.c. A local user can perform a denial of service (DoS) attack.
273) Input validation error (CVE-ID: CVE-2025-38283)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_check_match(), vf_qm_load_data() and hisi_acc_vfio_pci_migrn_init_dev() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
274) Resource management error (CVE-ID: CVE-2025-38285)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_bpf_raw_tp_regs() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
275) Out-of-bounds read (CVE-ID: CVE-2025-38286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the at91_gpio_probe() function in drivers/pinctrl/pinctrl-at91.c. A local user can perform a denial of service (DoS) attack.
276) Improper locking (CVE-ID: CVE-2025-38290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath12k_rfkill_work() and ath12k_core_halt() functions in drivers/net/wireless/ath/ath12k/core.c. A local user can perform a denial of service (DoS) attack.
277) Improper locking (CVE-ID: CVE-2025-38293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath11k_core_halt() function in drivers/net/wireless/ath/ath11k/core.c. A local user can perform a denial of service (DoS) attack.
278) Input validation error (CVE-ID: CVE-2025-38295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the meson_ddr_pmu_create() function in drivers/perf/amlogic/meson_ddr_pmu_core.c. A local user can perform a denial of service (DoS) attack.
279) Out-of-bounds read (CVE-ID: CVE-2025-38298)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL_GPL() function in drivers/edac/skx_common.c. A local user can perform a denial of service (DoS) attack.
280) Use-after-free (CVE-ID: CVE-2025-38300)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c. A local user can escalate privileges on the system.
281) NULL pointer dereference (CVE-ID: CVE-2025-38304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eir_create_scan_rsp() function in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
282) Improper locking (CVE-ID: CVE-2025-38305)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/ptp/ptp_private.h. A local user can perform a denial of service (DoS) attack.
283) NULL pointer dereference (CVE-ID: CVE-2025-38307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_control_write() function in sound/soc/intel/avs/debugfs.c. A local user can perform a denial of service (DoS) attack.
284) Input validation error (CVE-ID: CVE-2025-38310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.
285) Input validation error (CVE-ID: CVE-2025-38312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fb_find_mode_cvt() function in drivers/video/fbdev/core/fbcvt.c. A local user can perform a denial of service (DoS) attack.
286) Double free (CVE-ID: CVE-2025-38313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fsl_mc_device_add() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
287) NULL pointer dereference (CVE-ID: CVE-2025-38319)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
288) Incorrect calculation (CVE-ID: CVE-2025-38320)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the regs_get_kernel_stack_nth() function in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
289) Improper locking (CVE-ID: CVE-2025-38321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the close_all_cached_dirs() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
290) Improper locking (CVE-ID: CVE-2025-38322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_pmu_read_event() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
291) Use-after-free (CVE-ID: CVE-2025-38323)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX(), lec_vcc_attach(), lecd_attach() and lane_ioctl() functions in net/atm/lec.c. A local user can escalate privileges on the system.
292) Improper locking (CVE-ID: CVE-2025-38324)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpls_route_input_rcu() function in net/mpls/af_mpls.c. A local user can perform a denial of service (DoS) attack.
293) Improper locking (CVE-ID: CVE-2025-38326)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aoedev_downdev() function in drivers/block/aoe/aoedev.c. A local user can perform a denial of service (DoS) attack.
294) NULL pointer dereference (CVE-ID: CVE-2025-38328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jffs2_scan_medium() function in fs/jffs2/scan.c, within the jffs2_mark_erased_block() function in fs/jffs2/erase.c. A local user can perform a denial of service (DoS) attack.
295) Input validation error (CVE-ID: CVE-2025-38331)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gmac_map_tx_bufs() function in drivers/net/ethernet/cortina/gemini.c. A local user can perform a denial of service (DoS) attack.
296) Buffer overflow (CVE-ID: CVE-2025-38332)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lpfc_sli4_get_ctl_attr() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can escalate privileges on the system.
297) Use-after-free (CVE-ID: CVE-2025-38334)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arch_memory_failure() function in arch/x86/kernel/cpu/sgx/main.c. A local user can escalate privileges on the system.
298) Improper locking (CVE-ID: CVE-2025-38335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gpio_keys_irq_isr() and gpio_keys_setup_key() functions in drivers/input/keyboard/gpio_keys.c. A local user can perform a denial of service (DoS) attack.
299) Resource management error (CVE-ID: CVE-2025-38336)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the via_mode_filter() function in drivers/ata/pata_via.c. A local user can perform a denial of service (DoS) attack.
300) NULL pointer dereference (CVE-ID: CVE-2025-38337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jbd2_journal_dirty_metadata() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
301) Improper locking (CVE-ID: CVE-2025-38338)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_return_empty_folio() function in fs/nfs/read.c. A local user can perform a denial of service (DoS) attack.
302) Buffer overflow (CVE-ID: CVE-2025-38342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the software_node_get_reference_args() function in drivers/base/swnode.c. A local user can perform a denial of service (DoS) attack.
303) Input validation error (CVE-ID: CVE-2025-38343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt7996_mac_fill_rx() function in drivers/net/wireless/mediatek/mt76/mt7996/mac.c. A local user can perform a denial of service (DoS) attack.
304) Input validation error (CVE-ID: CVE-2020-26145)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. A remote attacker on the local network can inject arbitrary network packets independent of the network configuration.
305) Memory leak (CVE-ID: CVE-2025-38344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c. A local user can perform a denial of service (DoS) attack.
306) Memory leak (CVE-ID: CVE-2025-38345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c. A local user can perform a denial of service (DoS) attack.
307) Use-after-free (CVE-ID: CVE-2025-38346)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_release_mod() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
308) Improper locking (CVE-ID: CVE-2025-38347)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
309) Input validation error (CVE-ID: CVE-2025-38348)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the p54_rx_eeprom_readback() function in drivers/net/wireless/intersil/p54/txrx.c, within the p54_download_eeprom() function in drivers/net/wireless/intersil/p54/fwio.c. A local user can perform a denial of service (DoS) attack.
310) Use-after-free (CVE-ID: CVE-2025-38349)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ep_remove() and ep_clear_and_put() functions in fs/eventpoll.c. A local user can escalate privileges on the system.
311) Race condition (CVE-ID: CVE-2025-38352)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android devices.
312) Improper locking (CVE-ID: CVE-2025-38354)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the msm_devfreq_init() function in drivers/gpu/drm/msm/msm_gpu_devfreq.c. A local user can perform a denial of service (DoS) attack.
313) NULL pointer dereference (CVE-ID: CVE-2025-38362)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_enable_encryption() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.
314) NULL pointer dereference (CVE-ID: CVE-2025-38363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_crtc_reset() function in drivers/gpu/drm/tegra/dc.c. A local user can perform a denial of service (DoS) attack.
315) NULL pointer dereference (CVE-ID: CVE-2025-38364)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mas_preallocate() function in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
316) Race condition (CVE-ID: CVE-2025-38365)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the btrfs_rename_exchange() and btrfs_rename() functions in fs/btrfs/inode.c. A local user can escalate privileges on the system.
317) NULL pointer dereference (CVE-ID: CVE-2025-38368)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tps6594_pfsm_probe() function in drivers/misc/tps6594-pfsm.c. A local user can perform a denial of service (DoS) attack.
318) Resource management error (CVE-ID: CVE-2025-38369)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idxd_cdev_evl_drain_pasid() function in drivers/dma/idxd/cdev.c. A local user can perform a denial of service (DoS) attack.
319) NULL pointer dereference (CVE-ID: CVE-2025-38371)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_hub_irq(), v3d_irq_init() and v3d_irq_disable() functions in drivers/gpu/drm/v3d/v3d_irq.c, within the v3d_reset() function in drivers/gpu/drm/v3d/v3d_gem.c. A local user can perform a denial of service (DoS) attack.
320) Out-of-bounds read (CVE-ID: CVE-2025-38375)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mergeable_ctx_to_truesize(), virtnet_get_headroom(), xdp_linearize_page(), receive_small_xdp() and mergeable_xdp_get_buf() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
321) Resource management error (CVE-ID: CVE-2025-38376)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the udc_suspend() and udc_resume() functions in drivers/usb/chipidea/udc.c. A local user can perform a denial of service (DoS) attack.
322) Use-after-free (CVE-ID: CVE-2025-38377)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_rt_device_down() function in net/rose/rose_route.c. A local user can escalate privileges on the system.
323) Infinite loop (CVE-ID: CVE-2025-38382)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
324) Memory leak (CVE-ID: CVE-2025-38384)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spinand_cleanup() function in drivers/mtd/nand/spi/core.c. A local user can perform a denial of service (DoS) attack.
325) Improper locking (CVE-ID: CVE-2025-38385)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.
326) Use-after-free (CVE-ID: CVE-2025-38386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.
327) NULL pointer dereference (CVE-ID: CVE-2025-38387)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subscribe_event_xa_alloc() function in drivers/infiniband/hw/mlx5/devx.c. A local user can perform a denial of service (DoS) attack.
328) Resource management error (CVE-ID: CVE-2025-38389)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ring_context_alloc() function in drivers/gpu/drm/i915/gt/intel_ring_submission.c. A local user can perform a denial of service (DoS) attack.
329) Out-of-bounds read (CVE-ID: CVE-2025-38391)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pin_assignment_show() function in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
330) Improper locking (CVE-ID: CVE-2025-38393)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_layoutget_begin() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
331) Out-of-bounds read (CVE-ID: CVE-2025-38395)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gpio_regulator_probe() function in drivers/regulator/gpio-regulator.c. A local user can perform a denial of service (DoS) attack.
332) Buffer overflow (CVE-ID: CVE-2025-38396)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the secretmem_file_create() function in mm/secretmem.c, within the anon_inode_make_secure_inode() and __anon_inode_getfile() functions in fs/anon_inodes.c. A local user can perform a denial of service (DoS) attack.
333) NULL pointer dereference (CVE-ID: CVE-2025-38399)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kmem_cache_free() function in drivers/target/target_core_pr.c. A local user can perform a denial of service (DoS) attack.
334) Memory leak (CVE-ID: CVE-2025-38400)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
335) Buffer overflow (CVE-ID: CVE-2025-38401)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the msdc_prepare_data() and msdc_ops_request() functions in drivers/mmc/host/mtk-sd.c. A local user can escalate privileges on the system.
336) Use of uninitialized resource (CVE-ID: CVE-2025-38403)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the vmci_transport_packet_init() function in net/vmw_vsock/vmci_transport.c. A local user can perform a denial of service (DoS) attack.
337) Input validation error (CVE-ID: CVE-2025-38406)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath6kl_bmi_get_target_info() function in drivers/net/wireless/ath/ath6kl/bmi.c. A local user can perform a denial of service (DoS) attack.
338) Memory leak (CVE-ID: CVE-2025-38409)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the msm_ioctl_gem_submit() and mutex_unlock() functions in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
339) Memory leak (CVE-ID: CVE-2025-38410)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __msm_gem_submit_destroy() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
340) Input validation error (CVE-ID: CVE-2025-38412)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_bios_attributes() function in drivers/platform/x86/dell/dell-wmi-sysman/sysman.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c, within the is_enabled_show() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c. A local user can perform a denial of service (DoS) attack.
341) Out-of-bounds read (CVE-ID: CVE-2025-38415)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the squashfs_fill_super() function in fs/squashfs/super.c. A local user can perform a denial of service (DoS) attack.
342) Input validation error (CVE-ID: CVE-2025-38416)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_uart_set_driver() function in net/nfc/nci/uart.c. A local user can perform a denial of service (DoS) attack.
343) Memory leak (CVE-ID: CVE-2025-38418)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_resource_cleanup() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
344) Memory leak (CVE-ID: CVE-2025-38419)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_attach() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
345) NULL pointer dereference (CVE-ID: CVE-2025-38420)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the carl9170_usb_rx_complete() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
346) Out-of-bounds read (CVE-ID: CVE-2025-38422)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the lan743x_hs_otp_read(), lan743x_hs_otp_write(), lan743x_hs_eeprom_read(), lan743x_hs_eeprom_write() and lan743x_ethtool_get_eeprom_len() functions in drivers/net/ethernet/microchip/lan743x_ethtool.c. A local user can perform a denial of service (DoS) attack.
347) Buffer overflow (CVE-ID: CVE-2025-38424)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the do_exit() function in kernel/exit.c, within the perf_sample_ustack_size() and perf_callchain() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
348) Input validation error (CVE-ID: CVE-2025-38425)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_i2c_xfer() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.
349) Resource management error (CVE-ID: CVE-2025-38427)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_RES_MEM() and screen_info_apply_fixups() functions in drivers/video/screen_info_pci.c. A local user can perform a denial of service (DoS) attack.
350) Buffer overflow (CVE-ID: CVE-2025-38428)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ims_pcu_flash_firmware() function in drivers/input/misc/ims-pcu.c. A local user can escalate privileges on the system.
351) Use of uninitialized resource (CVE-ID: CVE-2025-38429)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mhi_ep_ring_add_element() function in drivers/bus/mhi/ep/ring.c. A local user can perform a denial of service (DoS) attack.
352) Input validation error (CVE-ID: CVE-2025-38430)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_spo_must_allow() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
353) Input validation error (CVE-ID: CVE-2025-38436)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drm_sched_entity_kill_jobs_work() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
354) Use-after-free (CVE-ID: CVE-2025-38437)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb20_oplock_break_ack() and smb21_lease_break_ack() functions in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
355) Resource management error (CVE-ID: CVE-2025-38439)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
356) Use of uninitialized resource (CVE-ID: CVE-2025-38441)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the include/net/netfilter/nf_flow_table.h. A local user can perform a denial of service (DoS) attack.
357) Use-after-free (CVE-ID: CVE-2025-38443)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_start_device() and set_bit() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
358) Memory leak (CVE-ID: CVE-2025-38444)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid10_read_request() and raid10_write_request() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
359) Use-after-free (CVE-ID: CVE-2025-38445)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_reshape() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
360) Improper locking (CVE-ID: CVE-2025-38448)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __acquires() and gs_start_io() functions in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
361) Improper locking (CVE-ID: CVE-2025-38449)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_gem_fb_destroy() and drm_gem_fb_init_with_funcs() functions in drivers/gpu/drm/drm_gem_framebuffer_helper.c, within the drm_gem_private_object_fini(), drm_gem_object_exported_dma_buf_free(), drm_gem_object_handle_put_unlocked() and drm_gem_handle_create_tail() functions in drivers/gpu/drm/drm_gem.c. A local user can perform a denial of service (DoS) attack.
362) Buffer overflow (CVE-ID: CVE-2025-38451)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the md_bitmap_get_stats() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
363) Input validation error (CVE-ID: CVE-2025-38455)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sev_check_source_vcpus() function in arch/x86/kvm/svm/sev.c. A local user can perform a denial of service (DoS) attack.
364) Buffer overflow (CVE-ID: CVE-2025-38456)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ipmi_create_user() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
365) Improper error handling (CVE-ID: CVE-2025-38457)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qdisc_leaf(), tc_get_qdisc() and NL_SET_ERR_MSG() functions in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
366) NULL pointer dereference (CVE-ID: CVE-2025-38458)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atmarpd_close() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
367) Improper locking (CVE-ID: CVE-2025-38459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clip_mkip() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
368) NULL pointer dereference (CVE-ID: CVE-2025-38460)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the DEFINE_MUTEX(), to_atmarpd(), atmarpd_close() and atm_init_atmarp() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
369) Improper locking (CVE-ID: CVE-2025-38461)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL() and vsock_assign_transport() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
370) NULL pointer dereference (CVE-ID: CVE-2025-38462)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vsock_assign_transport() and vsock_dev_do_ioctl() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
371) Buffer overflow (CVE-ID: CVE-2025-38463)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the net/ipv4/tcp.c. A local user can escalate privileges on the system.
372) Use-after-free (CVE-ID: CVE-2025-38464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_topsrv_stop() function in net/tipc/topsrv.c. A local user can escalate privileges on the system.
373) Buffer overflow (CVE-ID: CVE-2025-38465)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netlink_skb_set_owner_r(), netlink_alloc_large_skb(), netlink_unicast_kernel(), EXPORT_SYMBOL_GPL() and netlink_dump() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
374) Buffer overflow (CVE-ID: CVE-2025-38466)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the perf_uprobe_event_init() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
375) NULL pointer dereference (CVE-ID: CVE-2025-38467)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the decon_irq_handler() function in drivers/gpu/drm/exynos/exynos7_drm_decon.c. A local user can perform a denial of service (DoS) attack.
376) NULL pointer dereference (CVE-ID: CVE-2025-38468)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the htb_lookup_leaf() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
377) Resource management error (CVE-ID: CVE-2025-38469)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_xen_schedop_poll() function in arch/x86/kvm/xen.c. A local user can perform a denial of service (DoS) attack.
378) Memory leak (CVE-ID: CVE-2025-38470)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __vlan_device_event() and vlan_device_event() functions in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
379) Use-after-free (CVE-ID: CVE-2025-38471)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_strp_read_sock() function in net/tls/tls_strp.c. A local user can escalate privileges on the system.
380) Use-after-free (CVE-ID: CVE-2025-38472)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_ct_resolve_clash_harder(), __nf_conntrack_confirm() and __nf_conntrack_insert_prepare() functions in net/netfilter/nf_conntrack_core.c. A local user can escalate privileges on the system.
381) Use-after-free (CVE-ID: CVE-2025-38473)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_resume_cb() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
382) Input validation error (CVE-ID: CVE-2025-38474)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sierra_net_bind() function in drivers/net/usb/sierra_net.c. A local user can perform a denial of service (DoS) attack.
383) Use-after-free (CVE-ID: CVE-2025-38476)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpl_do_srh_inline() function in net/ipv6/rpl_iptunnel.c. A local user can escalate privileges on the system.
384) Use-after-free (CVE-ID: CVE-2025-38477)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qfq_change_class(), qfq_delete_class(), qfq_dump_class() and qfq_dump_class_stats() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
385) Use of uninitialized resource (CVE-ID: CVE-2025-38478)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_insnlist_ioctl() and do_insn_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
386) Use of uninitialized resource (CVE-ID: CVE-2025-38480)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the insn_rw_emulate_bits() function in drivers/comedi/drivers.c. A local user can perform a denial of service (DoS) attack.
387) Resource management error (CVE-ID: CVE-2025-38481)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_insnlist_len(), comedi_unlocked_ioctl() and compat_insnlist() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
388) Out-of-bounds read (CVE-ID: CVE-2025-38482)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das6402_attach() function in drivers/comedi/drivers/das6402.c. A local user can perform a denial of service (DoS) attack.
389) Out-of-bounds read (CVE-ID: CVE-2025-38483)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das16m1_attach() function in drivers/comedi/drivers/das16m1.c. A local user can perform a denial of service (DoS) attack.
390) Use-after-free (CVE-ID: CVE-2025-38485)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fxls8962af_buffer_predisable() function in drivers/iio/accel/fxls8962af-core.c. A local user can escalate privileges on the system.
391) NULL pointer dereference (CVE-ID: CVE-2025-38487)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() and aspeed_lpc_disable_snoop() functions in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
392) Use-after-free (CVE-ID: CVE-2025-38488)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the crypt_message() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
393) Improper locking (CVE-ID: CVE-2024-50047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
394) NULL pointer dereference (CVE-ID: CVE-2025-38489)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_jit_plt() function in arch/s390/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
395) Double free (CVE-ID: CVE-2025-38490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the wx_dma_sync_frag(), wx_put_rx_buffer() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
396) Input validation error (CVE-ID: CVE-2025-38491)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
397) Out-of-bounds read (CVE-ID: CVE-2025-38493)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __timerlat_dump_stack() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
398) Buffer overflow (CVE-ID: CVE-2025-38494)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __hid_request() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
399) Incorrect calculation (CVE-ID: CVE-2025-38495)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
400) Improper locking (CVE-ID: CVE-2025-38496)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __evict_many() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
401) Out-of-bounds read (CVE-ID: CVE-2025-38497)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the webusb_landingPage_store() and os_desc_qw_sign_store() functions in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
402) Improper privilege management (CVE-ID: CVE-2025-38498)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.
403) Input validation error (CVE-ID: CVE-2025-38499)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
404) Use-after-free (CVE-ID: CVE-2025-38500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrmi_changelink() function in net/xfrm/xfrm_interface_core.c. A local user can escalate privileges on the system.
405) Input validation error (CVE-ID: CVE-2025-38501)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the alloc_transport() and ksmbd_kthread_fn() functions in fs/smb/server/transport_tcp.c. A remote attacker can perform a denial of service (DoS) attack.
406) Reachable assertion (CVE-ID: CVE-2025-38503)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
407) Improper locking (CVE-ID: CVE-2025-38510)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_task_stack_addr() and print_address_description() functions in mm/kasan/report.c. A local user can perform a denial of service (DoS) attack.
408) Input validation error (CVE-ID: CVE-2025-38512)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
409) Insufficient verification of data authenticity (CVE-ID: CVE-2025-27558)
The vulnerability allows an attacker to perform spoofing attack.
The vulnerability exists due to insufficient verification of data authenticity in mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP). A remote attacker on the local network can inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames and perform spoofing attack.
410) Spoofing attack (CVE-ID: CVE-2020-24588)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
411) NULL pointer dereference (CVE-ID: CVE-2025-38513)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
412) Improper error handling (CVE-ID: CVE-2025-38514)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rxrpc_alloc_incoming_call() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
413) Improper locking (CVE-ID: CVE-2025-38515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/drm/spsc_queue.h. A local user can perform a denial of service (DoS) attack.
414) Input validation error (CVE-ID: CVE-2025-38516)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msm_gpio_needs_dual_edge_parent_workaround() and msm_gpio_init() functions in drivers/pinctrl/qcom/pinctrl-msm.c. A local user can perform a denial of service (DoS) attack.
415) Memory leak (CVE-ID: CVE-2025-38520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svm_range_split_head(), svm_range_split_by_granularity(), svm_range_add_list_work(), schedule_deferred_list_work(), svm_range_unmap_split(), svm_range_unmap_from_cpu() and svm_range_cpu_invalidate_pagetables() functions in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
416) Improper locking (CVE-ID: CVE-2025-38524)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_see_call() and release_sock() functions in net/rxrpc/recvmsg.c, within the rxrpc_discard_prealloc() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
417) NULL pointer dereference (CVE-ID: CVE-2025-38526)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_lag_is_switchdev_running() function in drivers/net/ethernet/intel/ice/ice_lag.c. A local user can perform a denial of service (DoS) attack.
418) Use-after-free (CVE-ID: CVE-2025-38527)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.
419) Resource management error (CVE-ID: CVE-2025-38528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_bprintf_prepare() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
420) Out-of-bounds read (CVE-ID: CVE-2025-38529)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aio_iiro_16_attach() function in drivers/comedi/drivers/aio_iiro_16.c. A local user can perform a denial of service (DoS) attack.
421) Out-of-bounds read (CVE-ID: CVE-2025-38530)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl812_attach() function in drivers/comedi/drivers/pcl812.c. A local user can perform a denial of service (DoS) attack.
422) Improper locking (CVE-ID: CVE-2025-38532)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wx_alloc_rx_buffers() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c, within the wx_configure_rx_ring() function in drivers/net/ethernet/wangxun/libwx/wx_hw.c. A local user can perform a denial of service (DoS) attack.
423) Use-after-free (CVE-ID: CVE-2025-38533)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wx_alloc_mapped_page() and wx_alloc_rx_buffers() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can escalate privileges on the system.
424) Resource management error (CVE-ID: CVE-2025-38535)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tegra186_xusb_padctl_vbus_override(), tegra186_xusb_padctl_id_override() and tegra186_utmi_phy_set_mode() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can perform a denial of service (DoS) attack.
425) Improper locking (CVE-ID: CVE-2025-38537)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the phy_probe() and phy_remove() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
426) Buffer overflow (CVE-ID: CVE-2025-38538)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nbpf_probe() function in drivers/dma/nbpfaxi.c. A local user can escalate privileges on the system.
427) Improper locking (CVE-ID: CVE-2025-38539)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __register_event() and __trace_add_event_dirs() functions in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
428) Input validation error (CVE-ID: CVE-2025-38540)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
429) Memory leak (CVE-ID: CVE-2025-38542)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atrtr_create() function in net/appletalk/ddp.c. A local user can perform a denial of service (DoS) attack.
430) Improper error handling (CVE-ID: CVE-2025-38543)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvdec_load_falcon_firmware() function in drivers/gpu/drm/tegra/nvdec.c. A local user can perform a denial of service (DoS) attack.
431) Reachable assertion (CVE-ID: CVE-2025-38544)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rxrpc_service_prealloc_one() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
432) Memory leak (CVE-ID: CVE-2025-38546)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
433) Input validation error (CVE-ID: CVE-2025-38548)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_BITMAP(), send_usb_cmd() and ccp_raw_event() functions in drivers/hwmon/corsair-cpro.c. A local user can perform a denial of service (DoS) attack.
434) Input validation error (CVE-ID: CVE-2025-38550)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mld_del_delrec() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
435) Improper locking (CVE-ID: CVE-2025-38552)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the subflow_sched_work_if_closed() and mptcp_subflow_fail() functions in net/mptcp/subflow.c, within the mptcp_data_ready(), __mptcp_finish_join(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the mptcp_pm_mp_fail_received() function in net/mptcp/pm.c. A local user can perform a denial of service (DoS) attack.
436) Improper locking (CVE-ID: CVE-2025-38553)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
437) Use-after-free (CVE-ID: CVE-2025-38555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the composite_os_desc_req_prepare() function in drivers/usb/gadget/composite.c. A local user can escalate privileges on the system.
438) Input validation error (CVE-ID: CVE-2025-38560)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the early_set_pages_state() function in arch/x86/kernel/sev.c, within the setup_cpuid_table() and pvalidate_pages() functions in arch/x86/kernel/sev-shared.c, within the get_cpuflags() function in arch/x86/boot/cpuflags.c, within the __page_state_change() function in arch/x86/boot/compressed/sev.c. A local user can perform a denial of service (DoS) attack.
439) Race condition (CVE-ID: CVE-2025-38561)
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to a race condition within the smb2_sess_setup() function in fs/smb/server/smb2pdu.c when handling the Preauth_HashValue field. A remote user can execute arbitrary code in the context of the kernel.
440) NULL pointer dereference (CVE-ID: CVE-2025-38562)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A remote user can perform a denial of service (DoS) attack.
441) Memory leak (CVE-ID: CVE-2025-38563)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
442) Memory leak (CVE-ID: CVE-2025-38565)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() and vm_flags_set() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
443) Resource management error (CVE-ID: CVE-2025-38566)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
444) Out-of-bounds read (CVE-ID: CVE-2025-38568)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mqprio_parse_opt() function in net/sched/sch_mqprio.c. A local user can perform a denial of service (DoS) attack.
445) Improper locking (CVE-ID: CVE-2025-38569)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the be_cmd_set_mac_list() function in drivers/net/ethernet/emulex/benet/be_cmds.c. A local user can perform a denial of service (DoS) attack.
446) Incorrect calculation (CVE-ID: CVE-2025-38571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the xs_alloc_sparse_pages(), xs_sock_process_cmsg(), xs_sock_recvmsg() and xs_read_discard() functions in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
447) Integer overflow (CVE-ID: CVE-2025-38572)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
448) Use of uninitialized resource (CVE-ID: CVE-2025-38574)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the pptp_xmit() function in drivers/net/ppp/pptp.c. A local user can perform a denial of service (DoS) attack.
449) Infinite loop (CVE-ID: CVE-2025-38576)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the eeh_bridge_check_link() function in arch/powerpc/kernel/eeh_pe.c, within the eeh_pe_report_edev(), eeh_pe_report(), eeh_dev_restore_state(), eeh_reset_device(), eeh_handle_normal_event(), eeh_pe_state_clear(), eeh_clear_slot_attention() and eeh_handle_special_event() functions in arch/powerpc/kernel/eeh_driver.c. A local user can perform a denial of service (DoS) attack.
450) Use-after-free (CVE-ID: CVE-2025-38577)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_update_inode_page() function in fs/f2fs/inode.c. A local user can escalate privileges on the system.
451) Use-after-free (CVE-ID: CVE-2025-38578)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/f2fs/inode.c. A local user can escalate privileges on the system.
452) Use of uninitialized resource (CVE-ID: CVE-2025-38579)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the f2fs_init_read_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
453) NULL pointer dereference (CVE-ID: CVE-2025-38581)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ccp5_debugfs_setup() function in drivers/crypto/ccp/ccp-debugfs.c. A local user can perform a denial of service (DoS) attack.
454) NULL pointer dereference (CVE-ID: CVE-2025-38583)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xvcu_unregister_clock_provider() function in drivers/clk/xilinx/xlnx_vcu.c. A local user can perform a denial of service (DoS) attack.
455) Infinite loop (CVE-ID: CVE-2025-38587)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fib6_info_uses_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
456) Infinite loop (CVE-ID: CVE-2025-38588)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rt6_nh_nlmsg_size() function in net/ipv6/route.c, within the WRITE_ONCE() and fib6_del_route() functions in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
457) NULL pointer dereference (CVE-ID: CVE-2025-38590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_ipsec_offload_handle_rx_skb() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c. A local user can perform a denial of service (DoS) attack.
458) Improper locking (CVE-ID: CVE-2025-38601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in drivers/net/wireless/ath/ath11k/hal.c. A local user can perform a denial of service (DoS) attack.
459) NULL pointer dereference (CVE-ID: CVE-2025-38602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
460) NULL pointer dereference (CVE-ID: CVE-2025-38604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl8187_stop() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can perform a denial of service (DoS) attack.
461) Use of uninitialized resource (CVE-ID: CVE-2025-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
462) NULL pointer dereference (CVE-ID: CVE-2025-38609)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devfreq_remove_governor() function in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
463) NULL pointer dereference (CVE-ID: CVE-2025-38610)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_pd_power_uw() function in drivers/powercap/dtpm_cpu.c. A local user can perform a denial of service (DoS) attack.
464) Memory leak (CVE-ID: CVE-2025-38612)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fbtft_framebuffer_alloc() function in drivers/staging/fbtft/fbtft-core.c. A local user can perform a denial of service (DoS) attack.
465) Input validation error (CVE-ID: CVE-2025-38615)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_rename() function in fs/ntfs3/namei.c, within the ni_add_name() and ni_rename() functions in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.
466) Improper locking (CVE-ID: CVE-2025-38617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the packet_set_ring() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
467) Use-after-free (CVE-ID: CVE-2025-38618)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
468) Improper error handling (CVE-ID: CVE-2025-38622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/net/udp.h. A local user can perform a denial of service (DoS) attack.
469) Improper error handling (CVE-ID: CVE-2025-38623)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pnv_php_set_attention_state(), pnv_php_enable() and pnv_php_enable_msix() functions in drivers/pci/hotplug/pnv_php.c, within the pci_hp_add_devices() function in arch/powerpc/kernel/pci-hotplug.c. A local user can perform a denial of service (DoS) attack.
470) Memory leak (CVE-ID: CVE-2025-38624)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
471) Resource management error (CVE-ID: CVE-2025-38625)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pds_vfio_ops_info() function in drivers/vfio/pci/pds/vfio_dev.c. A local user can perform a denial of service (DoS) attack.
472) Improper error handling (CVE-ID: CVE-2025-38626)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_map_blocks() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
473) NULL pointer dereference (CVE-ID: CVE-2025-38630)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imxfb_probe() function in drivers/video/fbdev/imxfb.c. A local user can perform a denial of service (DoS) attack.
474) NULL pointer dereference (CVE-ID: CVE-2025-38632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pin_free() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
475) NULL pointer dereference (CVE-ID: CVE-2025-38634)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpcap_usb_detect() function in drivers/power/supply/cpcap-charger.c. A local user can perform a denial of service (DoS) attack.
476) NULL pointer dereference (CVE-ID: CVE-2025-38635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the davinci_lpsc_clk_register() function in drivers/clk/davinci/psc.c. A local user can perform a denial of service (DoS) attack.
477) Out-of-bounds read (CVE-ID: CVE-2025-38639)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfacct_mt_checkentry() function in net/netfilter/xt_nfacct.c. A local user can perform a denial of service (DoS) attack.
478) Improper locking (CVE-ID: CVE-2025-38640)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_hook_run_bpf() function in net/netfilter/nf_bpf_link.c. A local user can perform a denial of service (DoS) attack.
479) Use of uninitialized resource (CVE-ID: CVE-2025-38644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.
480) NULL pointer dereference (CVE-ID: CVE-2025-38645)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_init_once() function in drivers/net/ethernet/mellanox/mlx5/core/main.c, within the mlx5_dm_create() and kfree() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c, within the handle_alloc_dm_memic() function in drivers/infiniband/hw/mlx5/dm.c. A local user can perform a denial of service (DoS) attack.
481) NULL pointer dereference (CVE-ID: CVE-2025-38646)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_core_cancel_6ghz_probe_tx() function in drivers/net/wireless/realtek/rtw89/core.c. A local user can perform a denial of service (DoS) attack.
482) NULL pointer dereference (CVE-ID: CVE-2025-38648)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_spi_probe() function in drivers/spi/spi-stm32.c. A local user can perform a denial of service (DoS) attack.
483) Improper locking (CVE-ID: CVE-2025-38650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_free_extents() function in fs/hfsplus/extents.c. A local user can perform a denial of service (DoS) attack.
484) Out-of-bounds read (CVE-ID: CVE-2025-38652)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
485) Use-after-free (CVE-ID: CVE-2025-38653)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_reg_open() function in fs/proc/inode.c, within the pde_set_flags() function in fs/proc/generic.c. A local user can escalate privileges on the system.
486) Use-after-free (CVE-ID: CVE-2025-38659)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the signal_our_withdraw() function in fs/gfs2/util.c. A local user can escalate privileges on the system.
487) Input validation error (CVE-ID: CVE-2025-38663)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nilfs_read_inode() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
488) NULL pointer dereference (CVE-ID: CVE-2025-38664)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_copy_and_init_pkg() function in drivers/net/ethernet/intel/ice/ice_ddp.c. A local user can perform a denial of service (DoS) attack.
489) NULL pointer dereference (CVE-ID: CVE-2025-38665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_changelink() function in drivers/net/can/dev/netlink.c, within the can_change_state(), can_restart() and can_restart_now() functions in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
490) Use-after-free (CVE-ID: CVE-2025-38666)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_RWLOCK(), __aarp_expire(), aarp_purge() and aarp_proxy_probe_network() functions in net/appletalk/aarp.c. A local user can escalate privileges on the system.
491) NULL pointer dereference (CVE-ID: CVE-2025-38668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the regulator_remove_coupling() function in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
492) Improper error handling (CVE-ID: CVE-2025-38670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_END(), SYM_FUNC_START() and NOKPROBE() functions in arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
493) Infinite loop (CVE-ID: CVE-2025-38671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the qup_i2c_bus_active() function in drivers/i2c/busses/i2c-qup.c. A local user can perform a denial of service (DoS) attack.
494) Resource management error (CVE-ID: CVE-2025-39702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the seg6_hmac_validate_skb() function in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
495) Use-after-free (CVE-ID: CVE-2025-39711)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mei_csi_remove() function in drivers/media/pci/intel/ivsc/mei_csi.c, within the mei_ace_remove() function in drivers/media/pci/intel/ivsc/mei_ace.c. A local user can escalate privileges on the system.
496) Buffer overflow (CVE-ID: CVE-2025-39726)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ism_cmd() and ism_probe() functions in drivers/s390/net/ism_drv.c. A local user can perform a denial of service (DoS) attack.
497) Input validation error (CVE-ID: CVE-2025-39730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_fh_to_dentry() function in fs/nfs/export.c. A local user can perform a denial of service (DoS) attack.
498) Improper error handling (CVE-ID: CVE-2025-39731)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_read_end_io() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
499) Improper locking (CVE-ID: CVE-2025-39734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_file_mmap() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.
500) Input validation error (CVE-ID: CVE-2025-39746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath10k_wmi_cmd_send() function in drivers/net/wireless/ath/ath10k/wmi.c. A local user can perform a denial of service (DoS) attack.
501) Double free (CVE-ID: CVE-2025-39790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
502) Improper locking (CVE-ID: CVE-2025-39833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfcpci_softirq() and HFC_init() functions in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can perform a denial of service (DoS) attack.
503) Use-after-free (CVE-ID: CVE-2025-39866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.
504) Memory leak (CVE-ID: CVE-2025-39989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the error_context() function in arch/x86/kernel/cpu/mce/severity.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.