SB2025111740 - SUSE update for the Linux Kernel
Published: November 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 173 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-43945)
The vulnerability allows a remote attacker to perform a denial of service attacl.
The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2022-50327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_processor_get_lpi_info() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2022-50334)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2022-50470)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xhci_free_virt_device() function in drivers/usb/host/xhci-mem.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2022-50471)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gntdev_put_map(), gntdev_vma_close(), gntdev_invalidate() and gntdev_mmap() functions in drivers/xen/gntdev.c. A local user can perform a denial of service (DoS) attack.
6) Resource management error (CVE-ID: CVE-2022-50472)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/trace/events/ib_mad.h. A local user can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2022-50475)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the setup_port() and destroy_port() functions in drivers/infiniband/core/sysfs.c. A local user can perform a denial of service (DoS) attack.
8) Out-of-bounds read (CVE-ID: CVE-2022-50478)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_valid_sb() function in fs/nilfs2/the_nilfs.c. A local user can perform a denial of service (DoS) attack.
9) Memory leak (CVE-ID: CVE-2022-50480)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pl353_smc_probe() function in drivers/memory/pl353-smc.c. A local user can perform a denial of service (DoS) attack.
10) Memory leak (CVE-ID: CVE-2022-50482)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the si_domain_init() and init_dmars() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
11) Memory leak (CVE-ID: CVE-2022-50484)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sync_ep_set_params() function in sound/usb/endpoint.c. A local user can perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2022-50485)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the swap_inode_boot_loader() function in fs/ext4/ioctl.c. A local user can perform a denial of service (DoS) attack.
13) Buffer overflow (CVE-ID: CVE-2022-50487)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfsd3_init_dirlist_pages() function in fs/nfsd/nfs3proc.c. A local user can escalate privileges on the system.
14) Use-after-free (CVE-ID: CVE-2022-50488)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_put_stable_ref() and bfq_exit_icq_bfqq() functions in block/bfq-iosched.c. A local user can escalate privileges on the system.
15) Memory leak (CVE-ID: CVE-2022-50489)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mipi_dsi_remove_device_fn() function in drivers/gpu/drm/drm_mipi_dsi.c. A local user can perform a denial of service (DoS) attack.
16) Out-of-bounds read (CVE-ID: CVE-2022-50490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __htab_map_lookup_and_delete_batch() function in kernel/bpf/hashtab.c. A local user can perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2022-50492)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the msm_drm_uninit() function in drivers/gpu/drm/msm/msm_drv.c. A local user can escalate privileges on the system.
18) Input validation error (CVE-ID: CVE-2022-50493)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qla24xx_abort_iocb_timeout() function in drivers/scsi/qla2xxx/qla_init.c. A local user can perform a denial of service (DoS) attack.
19) Input validation error (CVE-ID: CVE-2022-50494)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the start_power_clamp() function in drivers/thermal/intel_powerclamp.c. A local user can perform a denial of service (DoS) attack.
20) Use-after-free (CVE-ID: CVE-2022-50496)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the destroy() function in drivers/md/dm-cache-target.c. A local user can escalate privileges on the system.
21) Out-of-bounds read (CVE-ID: CVE-2022-50497)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the LIST_HEAD() function in fs/binfmt_misc.c. A local user can perform a denial of service (DoS) attack.
22) Improper locking (CVE-ID: CVE-2022-50498)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the alx_suspend() and alx_resume() functions in drivers/net/ethernet/atheros/alx/main.c. A local user can perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2022-50499)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_create_media_entity() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
24) NULL pointer dereference (CVE-ID: CVE-2022-50501)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the coda_setup_iram() function in drivers/media/platform/chips-media/coda-bit.c. A local user can perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2022-50503)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpddr2_nvm_probe() function in drivers/mtd/lpddr/lpddr2_nvm.c. A local user can perform a denial of service (DoS) attack.
26) Resource management error (CVE-ID: CVE-2022-50504)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rtas_os_term() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.
27) Memory leak (CVE-ID: CVE-2022-50505)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ppr_notifier() function in drivers/iommu/amd/iommu_v2.c. A local user can perform a denial of service (DoS) attack.
28) NULL pointer dereference (CVE-ID: CVE-2022-50509)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the coda_start_encoding() function in drivers/media/platform/chips-media/coda-bit.c. A local user can perform a denial of service (DoS) attack.
29) Out-of-bounds read (CVE-ID: CVE-2022-50511)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_default_font() function in lib/fonts/fonts.c. A local user can perform a denial of service (DoS) attack.
30) Memory leak (CVE-ID: CVE-2022-50512)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_fc_record_regions() function in fs/ext4/fast_commit.c. A local user can perform a denial of service (DoS) attack.
31) Memory leak (CVE-ID: CVE-2022-50513)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtw_init_cmd_priv() function in drivers/staging/rtl8723bs/core/rtw_cmd.c. A local user can perform a denial of service (DoS) attack.
32) Memory leak (CVE-ID: CVE-2022-50514)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hidg_alloc() function in drivers/usb/gadget/function/f_hid.c. A local user can perform a denial of service (DoS) attack.
33) Use-after-free (CVE-ID: CVE-2022-50516)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the send_args() function in fs/dlm/lock.c. A local user can escalate privileges on the system.
34) Resource management error (CVE-ID: CVE-2022-50519)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nilfs_segctor_create_checkpoint() and nilfs_segctor_fill_in_checkpoint() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
35) Memory leak (CVE-ID: CVE-2022-50520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the radeon_atrm_get_bios() function in drivers/gpu/drm/radeon/radeon_bios.c. A local user can perform a denial of service (DoS) attack.
36) Memory leak (CVE-ID: CVE-2022-50521)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mxm_wmi_call_mxds() and mxm_wmi_call_mxmx() functions in drivers/platform/x86/mxm-wmi.c. A local user can perform a denial of service (DoS) attack.
37) Memory leak (CVE-ID: CVE-2022-50523)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rockchip_clk_register_pll() function in drivers/clk/rockchip/clk-pll.c. A local user can perform a denial of service (DoS) attack.
38) Memory leak (CVE-ID: CVE-2022-50525)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fsl_pamu_probe() function in drivers/iommu/fsl_pamu.c. A local user can perform a denial of service (DoS) attack.
39) Memory leak (CVE-ID: CVE-2022-50528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amdgpu_amdkfd_gpuvm_import_dmabuf() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c. A local user can perform a denial of service (DoS) attack.
40) Memory leak (CVE-ID: CVE-2022-50529)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the test_firmware_init() function in lib/test_firmware.c. A local user can perform a denial of service (DoS) attack.
41) NULL pointer dereference (CVE-ID: CVE-2022-50530)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blk_mq_clear_rq_mapping() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
42) Memory leak (CVE-ID: CVE-2022-50532)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mpt3sas_transport_port_add() function in drivers/scsi/mpt3sas/mpt3sas_transport.c. A local user can perform a denial of service (DoS) attack.
43) Improper locking (CVE-ID: CVE-2022-50534)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __open_metadata() function in drivers/md/dm-thin-metadata.c. A local user can perform a denial of service (DoS) attack.
44) NULL pointer dereference (CVE-ID: CVE-2022-50535)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dm_resume() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
45) Memory leak (CVE-ID: CVE-2022-50537)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rpi_firmware_probe() function in drivers/firmware/raspberrypi.c. A local user can perform a denial of service (DoS) attack.
46) Integer overflow (CVE-ID: CVE-2022-50541)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the udma_reset_rings(), udma_reset_counters(), udma_check_tx_completion(), udma_ring_irq_handler(), udma_udma_irq_handler() and udma_tx_status() functions in drivers/dma/ti/k3-udma.c. A local user can execute arbitrary code.
47) Use-after-free (CVE-ID: CVE-2022-50542)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the si470x_usb_driver_probe() function in drivers/media/radio/si470x/radio-si470x-usb.c. A local user can escalate privileges on the system.
48) Memory leak (CVE-ID: CVE-2022-50544)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xhci_alloc_stream_info() function in drivers/usb/host/xhci-mem.c. A local user can perform a denial of service (DoS) attack.
49) Memory leak (CVE-ID: CVE-2022-50545)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the r6040_init_one() and r6040_remove_one() functions in drivers/net/ethernet/rdc/r6040.c. A local user can perform a denial of service (DoS) attack.
50) Use of uninitialized resource (CVE-ID: CVE-2022-50546)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ext4_alloc_inode() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
51) Improper locking (CVE-ID: CVE-2022-50549)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __create_persistent_data_objects(), dm_pool_metadata_close() and __set_abort_with_changes_flags() functions in drivers/md/dm-thin-metadata.c. A local user can perform a denial of service (DoS) attack.
52) Out-of-bounds read (CVE-ID: CVE-2022-50551)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the brcmf_fw_alloc_request() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c. A local user can perform a denial of service (DoS) attack.
53) Out-of-bounds read (CVE-ID: CVE-2022-50553)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the create_var_ref() and trace_action_create() functions in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
54) NULL pointer dereference (CVE-ID: CVE-2022-50556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drm_mode_config_init_release() and drmm_mode_config_init() functions in drivers/gpu/drm/drm_mode_config.c. A local user can perform a denial of service (DoS) attack.
55) Memory leak (CVE-ID: CVE-2022-50559)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the imx_clk_scu_alloc_dev() function in drivers/clk/imx/clk-scu.c. A local user can perform a denial of service (DoS) attack.
56) Use-after-free (CVE-ID: CVE-2022-50560)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the meson_drv_probe() function in drivers/gpu/drm/meson/meson_drv.c. A local user can escalate privileges on the system.
57) Memory leak (CVE-ID: CVE-2022-50561)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_device_register_eventset() function in drivers/iio/industrialio-event.c. A local user can perform a denial of service (DoS) attack.
58) Memory leak (CVE-ID: CVE-2022-50562)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm_read_log_acpi() function in drivers/char/tpm/eventlog/acpi.c. A local user can perform a denial of service (DoS) attack.
59) Use-after-free (CVE-ID: CVE-2022-50563)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __pool_destroy() function in drivers/md/dm-thin.c. A local user can escalate privileges on the system.
60) Improper Initialization (CVE-ID: CVE-2022-50564)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the netiucv_close() function in drivers/s390/net/netiucv.c. A local user can perform a denial of service (DoS) attack.
61) Memory leak (CVE-ID: CVE-2022-50566)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the add_mtd_device() function in drivers/mtd/mtdcore.c. A local user can perform a denial of service (DoS) attack.
62) Out-of-bounds read (CVE-ID: CVE-2022-50567)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
63) Use-after-free (CVE-ID: CVE-2022-50568)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the func_to_hidg(), hidg_bind(), hidg_free(), hidg_unbind() and hidg_alloc() functions in drivers/usb/gadget/function/f_hid.c. A local user can escalate privileges on the system.
64) Buffer overflow (CVE-ID: CVE-2022-50570)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the cros_ec_chardev_ioctl_readmem() function in drivers/platform/chrome/cros_ec_chardev.c. A local user can escalate privileges on the system.
65) Memory leak (CVE-ID: CVE-2022-50572)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the graph_for_each_link() function in sound/soc/generic/audio-graph-card.c. A local user can perform a denial of service (DoS) attack.
66) Memory leak (CVE-ID: CVE-2022-50574)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __dss_uninit_ports() and dss_init_ports() functions in drivers/gpu/drm/omapdrm/dss/dss.c. A local user can perform a denial of service (DoS) attack.
67) Buffer overflow (CVE-ID: CVE-2022-50575)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the privcmd_ioctl_mmap_resource() function in drivers/xen/privcmd.c. A local user can perform a denial of service (DoS) attack.
68) Memory leak (CVE-ID: CVE-2022-50576)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pch_request_dma() function in drivers/tty/serial/pch_uart.c. A local user can perform a denial of service (DoS) attack.
69) Memory leak (CVE-ID: CVE-2022-50578)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __class_register() function in drivers/base/class.c. A local user can perform a denial of service (DoS) attack.
70) Use-after-free (CVE-ID: CVE-2022-50579)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_make_nop() function in arch/arm64/kernel/ftrace.c. A local user can escalate privileges on the system.
71) Buffer overflow (CVE-ID: CVE-2022-50580)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tg_with_in_bps_limit() function in block/blk-throttle.c. A local user can perform a denial of service (DoS) attack.
72) Out-of-bounds read (CVE-ID: CVE-2022-50581)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfs_write_inode() function in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.
73) Integer underflow (CVE-ID: CVE-2022-50582)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the _regulator_do_enable() function in drivers/regulator/core.c. A local user can execute arbitrary code.
74) Improper locking (CVE-ID: CVE-2023-52923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nft_rbtree_cmp(), __nft_rbtree_lookup(), nft_rbtree_get(), nft_rbtree_gc_elem(), nft_rbtree_activate(), nft_rbtree_flush() and nft_rbtree_gc() functions in net/netfilter/nft_set_rbtree.c, within the pipapo_drop(), pipapo_gc() and nft_pipapo_activate() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_cmp(), nft_rhash_activate(), nft_rhash_flush(), nft_rhash_deactivate(), nft_rhash_gc() and nft_rhash_destroy() functions in net/netfilter/nft_set_hash.c. A local user can perform a denial of service (DoS) attack.
75) Improper locking (CVE-ID: CVE-2023-53365)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6mr_cache_report() function in net/ipv6/ip6mr.c. A local user can perform a denial of service (DoS) attack.
76) Buffer overflow (CVE-ID: CVE-2023-53500)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the xfrmi_xmit() function in net/xfrm/xfrm_interface_core.c. A local user can perform a denial of service (DoS) attack.
77) Memory leak (CVE-ID: CVE-2023-53533)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rpi_ts_probe() function in drivers/input/touchscreen/raspberrypi-ts.c. A local user can perform a denial of service (DoS) attack.
78) NULL pointer dereference (CVE-ID: CVE-2023-53534)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_create() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.
79) Out-of-bounds read (CVE-ID: CVE-2023-53541)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_oob_to_regs() function in drivers/mtd/nand/raw/brcmnand/brcmnand.c. A local user can perform a denial of service (DoS) attack.
80) Input validation error (CVE-ID: CVE-2023-53542)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in arch/arm/boot/dts/exynos5420.dtsi. A local user can perform a denial of service (DoS) attack.
81) Resource management error (CVE-ID: CVE-2023-53548)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
82) NULL pointer dereference (CVE-ID: CVE-2023-53551)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gserial_disconnect() and EXPORT_SYMBOL_GPL() functions in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
83) Memory leak (CVE-ID: CVE-2023-53552)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the i915_fence_release() function in drivers/gpu/drm/i915/i915_request.c. A local user can perform a denial of service (DoS) attack.
84) Buffer overflow (CVE-ID: CVE-2023-53553)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mousevsc_on_receive() function in drivers/hid/hid-hyperv.c. A local user can escalate privileges on the system.
85) Buffer overflow (CVE-ID: CVE-2023-53554)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ks_wlan_set_encode_ext() function in drivers/staging/ks7010/ks_wlan_net.c. A local user can escalate privileges on the system.
86) Use-after-free (CVE-ID: CVE-2023-53556)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iavf_alloc_q_vectors() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can escalate privileges on the system.
87) Use-after-free (CVE-ID: CVE-2023-53559)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vti_tunnel_xmit() function in net/ipv4/ip_vti.c. A local user can escalate privileges on the system.
88) Use-after-free (CVE-ID: CVE-2023-53560)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the event_hist_trigger_func() function in kernel/trace/trace_events_hist.c. A local user can escalate privileges on the system.
89) Reachable assertion (CVE-ID: CVE-2023-53564)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __ocfs2_move_extent() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
90) Use-after-free (CVE-ID: CVE-2023-53566)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_rbtree_gc_elem() and __nft_rbtree_insert() functions in net/netfilter/nft_set_rbtree.c. A local user can escalate privileges on the system.
91) Memory leak (CVE-ID: CVE-2023-53567)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spi_qup_remove() function in drivers/spi/spi-qup.c. A local user can perform a denial of service (DoS) attack.
92) Memory leak (CVE-ID: CVE-2023-53568)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zcdn_create() function in drivers/s390/crypto/zcrypt_api.c. A local user can perform a denial of service (DoS) attack.
93) NULL pointer dereference (CVE-ID: CVE-2023-53571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_get_crtc_new_encoder() function in drivers/gpu/drm/i915/display/intel_display.c. A local user can perform a denial of service (DoS) attack.
94) Use-after-free (CVE-ID: CVE-2023-53572)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the imx_clk_scu_alloc_dev() function in drivers/clk/imx/clk-scu.c. A local user can escalate privileges on the system.
95) Memory leak (CVE-ID: CVE-2023-53574)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtw_core_deinit() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can perform a denial of service (DoS) attack.
96) Improper error handling (CVE-ID: CVE-2023-53576)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the null_init_tag_set() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
97) Memory leak (CVE-ID: CVE-2023-53579)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mvebu_gpio_probe_syscon() and mvebu_gpio_probe() functions in drivers/gpio/gpio-mvebu.c. A local user can perform a denial of service (DoS) attack.
98) Out-of-bounds read (CVE-ID: CVE-2023-53582)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the brcmf_c_preinit_dcmds() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c. A local user can perform a denial of service (DoS) attack.
99) Use-after-free (CVE-ID: CVE-2023-53587)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rb_free_cpu_buffer() and ring_buffer_free() functions in kernel/trace/ring_buffer.c. A local user can escalate privileges on the system.
100) Input validation error (CVE-ID: CVE-2023-53589)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_update_mcc() function in drivers/net/wireless/intel/iwlwifi/mvm/nvm.c. A local user can perform a denial of service (DoS) attack.
101) Memory leak (CVE-ID: CVE-2023-53592)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sifive_gpio_probe() function in drivers/gpio/gpio-sifive.c. A local user can perform a denial of service (DoS) attack.
102) Memory leak (CVE-ID: CVE-2023-53594)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the device_add() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
103) Memory leak (CVE-ID: CVE-2023-53597)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_demultiplex_thread() function in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
104) NULL pointer dereference (CVE-ID: CVE-2023-53603)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_issue_sa_replace_iocb() function in drivers/scsi/qla2xxx/qla_edif.c. A local user can perform a denial of service (DoS) attack.
105) Memory leak (CVE-ID: CVE-2023-53604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dm_integrity_init() function in drivers/md/dm-integrity.c. A local user can perform a denial of service (DoS) attack.
106) Memory leak (CVE-ID: CVE-2023-53605)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dc_construct_ctx() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
107) Infinite loop (CVE-ID: CVE-2023-53607)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the snd_ymfpci_memalloc() function in sound/pci/ymfpci/ymfpci_main.c. A local user can perform a denial of service (DoS) attack.
108) Use-after-free (CVE-ID: CVE-2023-53608)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_thread() function in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
109) Memory leak (CVE-ID: CVE-2023-53611)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the try_smi_init() function in drivers/char/ipmi/ipmi_si_intf.c. A local user can perform a denial of service (DoS) attack.
110) NULL pointer dereference (CVE-ID: CVE-2023-53612)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the coretemp_remove_core(), coretemp_cpu_online(), coretemp_cpu_offline() and coretemp_init() functions in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
111) Improper locking (CVE-ID: CVE-2023-53615)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qlt_free_session_done() and qlt_unreg_sess() functions in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
112) Double free (CVE-ID: CVE-2023-53616)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the diUnmount() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
113) Memory leak (CVE-ID: CVE-2023-53617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the aspeed_socinfo_init() function in drivers/soc/aspeed/aspeed-socinfo.c. A local user can perform a denial of service (DoS) attack.
114) Use-after-free (CVE-ID: CVE-2023-53619)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_conntrack_helper_register() and nf_conntrack_helper_fini() functions in net/netfilter/nf_conntrack_helper.c. A local user can escalate privileges on the system.
115) Improper locking (CVE-ID: CVE-2023-53622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gfs2_show_options() function in fs/gfs2/super.c. A local user can perform a denial of service (DoS) attack.
116) NULL pointer dereference (CVE-ID: CVE-2023-53625)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_gvt_debugfs_add_vgpu() function in drivers/gpu/drm/i915/gvt/debugfs.c. A local user can perform a denial of service (DoS) attack.
117) Input validation error (CVE-ID: CVE-2023-53626)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_rename() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
118) Memory leak (CVE-ID: CVE-2023-53631)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the init_bios_attributes() function in drivers/platform/x86/dell/dell-wmi-sysman/sysman.c. A local user can perform a denial of service (DoS) attack.
119) Memory leak (CVE-ID: CVE-2023-53637)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ov772x_probe() function in drivers/media/i2c/ov772x.c. A local user can perform a denial of service (DoS) attack.
120) Race condition (CVE-ID: CVE-2023-53639)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ath6kl_htc_pipe_rx_complete() function in drivers/net/wireless/ath/ath6kl/htc_pipe.c. A local user can escalate privileges on the system.
121) Out-of-bounds read (CVE-ID: CVE-2023-53640)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tx_macro_put_dec_enum() function in sound/soc/codecs/lpass-tx-macro.c. A local user can perform a denial of service (DoS) attack.
122) Memory leak (CVE-ID: CVE-2023-53641)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath9k_hif_usb_alloc_tx_urbs() function in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.
123) Improper locking (CVE-ID: CVE-2023-53644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_shark_probe() function in drivers/media/radio/radio-shark2.c. A local user can perform a denial of service (DoS) attack.
124) NULL pointer dereference (CVE-ID: CVE-2023-53648)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_ac97_mixer() function in sound/pci/ac97/ac97_codec.c. A local user can perform a denial of service (DoS) attack.
125) Memory leak (CVE-ID: CVE-2023-53650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mipid_spi_probe() function in drivers/video/fbdev/omap/lcd_mipid.c. A local user can perform a denial of service (DoS) attack.
126) Use-after-free (CVE-ID: CVE-2023-53651)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the exc3000_schedule_timer() and exc3000_probe() functions in drivers/input/touchscreen/exc3000.c. A local user can escalate privileges on the system.
127) Use-after-free (CVE-ID: CVE-2023-53658)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_qspi_probe() function in drivers/spi/spi-bcm-qspi.c. A local user can escalate privileges on the system.
128) Out-of-bounds read (CVE-ID: CVE-2023-53659)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iavf_set_channels() function in drivers/net/ethernet/intel/iavf/iavf_ethtool.c. A local user can perform a denial of service (DoS) attack.
129) Memory leak (CVE-ID: CVE-2023-53662)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_fname_setup_filename() and ext4_fname_prepare_lookup() functions in fs/ext4/crypto.c. A local user can perform a denial of service (DoS) attack.
130) Improper locking (CVE-ID: CVE-2023-53667)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdc_ncm_check_tx_max() and cdc_ncm_fill_tx_frame() functions in drivers/net/usb/cdc_ncm.c. A local user can perform a denial of service (DoS) attack.
131) Improper locking (CVE-ID: CVE-2023-53668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_size() function in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
132) Memory leak (CVE-ID: CVE-2023-53670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvme_init_ctrl() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
133) Use-after-free (CVE-ID: CVE-2023-53673)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_cs_disconnect() function in net/bluetooth/hci_event.c. A local user can escalate privileges on the system.
134) Memory leak (CVE-ID: CVE-2023-53674)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devm_clk_notifier_register() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
135) Out-of-bounds read (CVE-ID: CVE-2023-53675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ses_enclosure_data_process() function in drivers/scsi/ses.c. A local user can perform a denial of service (DoS) attack.
136) NULL pointer dereference (CVE-ID: CVE-2023-53679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7601u_rx_next_seg_len() function in drivers/net/wireless/mediatek/mt7601u/dma.c. A local user can perform a denial of service (DoS) attack.
137) Out-of-bounds read (CVE-ID: CVE-2023-53680)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfsd4_decode_compound() function in fs/nfsd/nfs4xdr.c. A local user can perform a denial of service (DoS) attack.
138) NULL pointer dereference (CVE-ID: CVE-2023-53681)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __bch_btree_node_alloc() function in drivers/md/bcache/btree.c. A local user can perform a denial of service (DoS) attack.
139) Improper error handling (CVE-ID: CVE-2023-53683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the hfsplus_cat_read_inode() and hfsplus_cat_write_inode() functions in fs/hfsplus/inode.c. A local user can perform a denial of service (DoS) attack.
140) Memory leak (CVE-ID: CVE-2023-53687)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the s3c24xx_serial_getclk() function in drivers/tty/serial/samsung.c. A local user can perform a denial of service (DoS) attack.
141) Use-after-free (CVE-ID: CVE-2023-53692)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_clu_mapped() function in fs/ext4/extents.c. A local user can escalate privileges on the system.
142) Memory leak (CVE-ID: CVE-2023-53693)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gadget_bind() function in drivers/usb/gadget/legacy/raw_gadget.c. A local user can perform a denial of service (DoS) attack.
143) Input validation error (CVE-ID: CVE-2023-53695)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __udf_iget() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
144) Memory leak (CVE-ID: CVE-2023-53696)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qla2x00_probe_one() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
145) Memory leak (CVE-ID: CVE-2023-53700)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the max9286_v4l2_register() function in drivers/media/i2c/max9286.c. A local user can perform a denial of service (DoS) attack.
146) Memory leak (CVE-ID: CVE-2023-53704)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the imx8mp_clocks_probe() function in drivers/clk/imx/clk-imx8mp.c. A local user can perform a denial of service (DoS) attack.
147) Out-of-bounds read (CVE-ID: CVE-2023-53705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipv6_find_tlv() function in net/ipv6/exthdrs_core.c. A local user can perform a denial of service (DoS) attack.
148) Memory leak (CVE-ID: CVE-2023-53708)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpi_device_get_constraints_amd() function in drivers/acpi/x86/s2idle.c. A local user can perform a denial of service (DoS) attack.
149) Input validation error (CVE-ID: CVE-2023-53709)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rb_check_bpage() and rb_check_list() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
150) Buffer overflow (CVE-ID: CVE-2023-53711)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfs_file_direct_read() function in fs/nfs/direct.c. A local user can perform a denial of service (DoS) attack.
151) Memory leak (CVE-ID: CVE-2023-53715)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the brcmf_map_fw_linkdown_reason() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.
152) Out-of-bounds read (CVE-ID: CVE-2023-53717)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c. A local user can perform a denial of service (DoS) attack.
153) NULL pointer dereference (CVE-ID: CVE-2023-53718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the update_max_tr_single() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
154) Memory leak (CVE-ID: CVE-2023-53719)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the arc_serial_probe() function in drivers/tty/serial/arc_uart.c. A local user can perform a denial of service (DoS) attack.
155) Out-of-bounds read (CVE-ID: CVE-2023-53722)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the raid1_remove_disk() function in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.
156) Resource management error (CVE-ID: CVE-2023-53723)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sdma_v4_0_hw_fini() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
157) Memory leak (CVE-ID: CVE-2023-53724)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pcf50633_adc_async_read() function in drivers/mfd/pcf50633-adc.c. A local user can perform a denial of service (DoS) attack.
158) Memory leak (CVE-ID: CVE-2023-53725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ttc_timer_probe() function in drivers/clocksource/timer-cadence-ttc.c. A local user can perform a denial of service (DoS) attack.
159) Out-of-bounds read (CVE-ID: CVE-2023-53726)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_csum() function in arch/arm64/lib/csum.c. A local user can perform a denial of service (DoS) attack.
160) Improper locking (CVE-ID: CVE-2023-53730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the adjust_inuse_and_calc_cost() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
161) Out-of-bounds read (CVE-ID: CVE-2023-7324)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ses_match_host(), ses_process_descriptor() and ses_enclosure_data_process() functions in drivers/scsi/ses.c. A local user can perform a denial of service (DoS) attack.
162) Division by zero (CVE-ID: CVE-2025-39742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the find_hw_thread_mask() function in drivers/infiniband/hw/hfi1/affinity.c. A local user can perform a denial of service (DoS) attack.
163) Improper error handling (CVE-ID: CVE-2025-39797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the xfrm_state_lookup_byspi() and xfrm_alloc_spi() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
164) Use-after-free (CVE-ID: CVE-2025-39945)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cnic_cm_stop_bnx2x_hw() function in drivers/net/ethernet/broadcom/cnic.c. A local user can escalate privileges on the system.
165) Use-after-free (CVE-ID: CVE-2025-39965)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrm_alloc_spi() function in net/xfrm/xfrm_state.c. A local user can escalate privileges on the system.
166) Integer overflow (CVE-ID: CVE-2025-39967)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fbcon_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can execute arbitrary code.
167) Buffer overflow (CVE-ID: CVE-2025-39968)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the i40e_vc_del_cloud_filter() and i40e_vc_add_cloud_filter() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can escalate privileges on the system.
168) Input validation error (CVE-ID: CVE-2025-39973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_config_vsi_tx_queue() and i40e_config_vsi_rx_queue() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
169) Use-after-free (CVE-ID: CVE-2025-39978)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the otx2_tc_add_flow() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c. A local user can escalate privileges on the system.
170) Use-after-free (CVE-ID: CVE-2025-40018)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ip_vs_ftp_exit() and ip_vs_ftp_init() functions in net/netfilter/ipvs/ip_vs_ftp.c. A local user can escalate privileges on the system.
171) Use-after-free (CVE-ID: CVE-2025-40044)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.
172) Out-of-bounds read (CVE-ID: CVE-2025-40088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_strcasecmp() and hfsplus_strcmp() functions in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
173) Improper error handling (CVE-ID: CVE-2025-40102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_arch_vcpu_ioctl() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.