SB2026032753 - openEuler 24.03 LTS SP1 update for kernel
Published: March 27, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 122 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2024-53232)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the calc_rtx(), s390_domain_free(), s390_iommu_attach_device(), s390_iommu_probe_device(), s390_iommu_unmap_pages() and s390_iommu_init() functions in drivers/iommu/s390-iommu.c, within the pci_fmb_show() function in arch/s390/pci/pci_debug.c, within the zpci_fmb_enable_device() function in arch/s390/pci/pci.c. A local user can escalate privileges on the system.
2) NULL pointer dereference (CVE-ID: CVE-2025-37900)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
3) Memory leak (CVE-ID: CVE-2025-37954)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the find_or_create_cached_dir() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
4) Race condition (CVE-ID: CVE-2025-38083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the prio_tune() function in net/sched/sch_prio.c. A local user can escalate privileges on the system.
5) Improper locking (CVE-ID: CVE-2025-38373)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_ib_revoke_data_direct_mrs(), mlx5_revoke_mr() and __mlx5_ib_dereg_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
6) Out-of-bounds read (CVE-ID: CVE-2025-38556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
7) Resource management error (CVE-ID: CVE-2025-38591)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_skb_is_valid_access(), sock_addr_is_valid_access(), sock_ops_is_valid_access(), sk_msg_is_valid_access() and sk_lookup_is_valid_access() functions in net/core/filter.c, within the cg_sockopt_is_valid_access() function in kernel/bpf/cgroup.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2025-38659)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the signal_our_withdraw() function in fs/gfs2/util.c. A local user can escalate privileges on the system.
9) Improper locking (CVE-ID: CVE-2025-38730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_bundle_nbufs(), io_sendmsg(), io_net_kbuf_recyle(), io_send_zc() and io_sendmsg_zc() functions in io_uring/net.c. A local user can perform a denial of service (DoS) attack.
10) Improper locking (CVE-ID: CVE-2025-39713)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rain_interrupt() function in drivers/media/cec/usb/rainshadow/rainshadow-cec.c. A local user can perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2025-39961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the increase_address_space(), alloc_pte(), fetch_pte() and v1_alloc_pgtable() functions in drivers/iommu/amd/io_pgtable.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2025-40030)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pinmux_func_name_to_selector() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
13) Double free (CVE-ID: CVE-2025-40096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drm_sched_job_add_implicit_dependencies() function in drivers/gpu/drm/scheduler/sched_main.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2025-40215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __xfrm_state_destroy(), __xfrm_state_delete(), xfrm_state_flush(), xfrm_flush_gc() and xfrm_state_fini() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
15) Improper locking (CVE-ID: CVE-2025-40220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fuse_file_release() function in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2025-40237)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
17) Improper locking (CVE-ID: CVE-2025-40242)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gdlm_put_lock() function in fs/gfs2/lock_dlm.c. A local user can perform a denial of service (DoS) attack.
18) Memory leak (CVE-ID: CVE-2025-40251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devl_rate_nodes_destroy() function in net/devlink/rate.c. A local user can perform a denial of service (DoS) attack.
19) Use-after-free (CVE-ID: CVE-2025-40271)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pde_put(), remove_proc_entry() and remove_proc_subtree() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
20) Use-after-free (CVE-ID: CVE-2025-40272)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the secretmem_fault() function in mm/secretmem.c. A local user can escalate privileges on the system.
21) Out-of-bounds read (CVE-ID: CVE-2025-40277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_cmd_check() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2025-40294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_adv_monitor_pattern() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
23) Input validation error (CVE-ID: CVE-2025-40301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_cmd_complete_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
24) NULL pointer dereference (CVE-ID: CVE-2025-40308)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bcsp_recv() function in drivers/bluetooth/hci_bcsp.c. A local user can perform a denial of service (DoS) attack.
25) Use-after-free (CVE-ID: CVE-2025-40318)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_cmd_sync_dequeue_once() function in net/bluetooth/hci_sync.c. A local user can escalate privileges on the system.
26) Memory leak (CVE-ID: CVE-2025-40341)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the SYSCALL_DEFINE2(), SYSCALL_DEFINE3() and COMPAT_SYSCALL_DEFINE3() functions in kernel/futex/syscalls.c. A local user can perform a denial of service (DoS) attack.
27) Improper locking (CVE-ID: CVE-2025-40342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_create_association() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
28) Improper locking (CVE-ID: CVE-2025-40343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_fc_delete_assoc_work() and nvmet_fc_delete_target_assoc() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
29) NULL pointer dereference (CVE-ID: CVE-2025-40346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the topology_parse_cpu_capacity() function in drivers/base/arch_topology.c. A local user can perform a denial of service (DoS) attack.
30) Improper locking (CVE-ID: CVE-2025-40351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_iget() function in fs/hfsplus/super.c. A local user can perform a denial of service (DoS) attack.
31) Out-of-bounds read (CVE-ID: CVE-2025-40358)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the walk_stackframe() function in arch/riscv/kernel/stacktrace.c. A local user can perform a denial of service (DoS) attack.
32) Out-of-bounds read (CVE-ID: CVE-2025-40359)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __grt_latency_data() function in arch/x86/events/intel/ds.c. A local user can perform a denial of service (DoS) attack.
33) Improper locking (CVE-ID: CVE-2025-40361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_xattr_inode_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
34) Resource management error (CVE-ID: CVE-2025-68171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fpu__clear_user_states() function in arch/x86/kernel/fpu/core.c. A local user can perform a denial of service (DoS) attack.
35) Improper locking (CVE-ID: CVE-2025-68173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ftrace_module_enable() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
36) Incorrect calculation (CVE-ID: CVE-2025-68174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the kfd_process_destroy_pdds() and kfd_create_process_device_data() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.
37) NULL pointer dereference (CVE-ID: CVE-2025-68176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/pci/controller/cadence/pcie-cadence.h. A local user can perform a denial of service (DoS) attack.
38) Use-after-free (CVE-ID: CVE-2025-68188)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_fastopen_active_disable_ofo_check() function in net/ipv4/tcp_fastopen.c. A local user can escalate privileges on the system.
39) Resource management error (CVE-ID: CVE-2025-68200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cls_bpf_classify() function in net/sched/cls_bpf.c. A local user can perform a denial of service (DoS) attack.
40) Resource management error (CVE-ID: CVE-2025-68206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_ct_helper_obj_eval() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
41) Out-of-bounds read (CVE-ID: CVE-2025-68208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the widen_imprecise_scalars() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
42) NULL pointer dereference (CVE-ID: CVE-2025-68214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __try_to_del_timer_sync() function in kernel/time/timer.c. A local user can perform a denial of service (DoS) attack.
43) Memory leak (CVE-ID: CVE-2025-68235)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvkm_falcon_fw_dtor() function in drivers/gpu/drm/nouveau/nvkm/falcon/fw.c. A local user can perform a denial of service (DoS) attack.
44) Resource management error (CVE-ID: CVE-2025-68259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the is_vmware_backdoor_opcode() and x86_emulate_instruction() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
45) Reachable assertion (CVE-ID: CVE-2025-68261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ext4_destroy_inline_data_nolock() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
46) Improper locking (CVE-ID: CVE-2025-68264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
47) Use-after-free (CVE-ID: CVE-2025-68265)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_remove_admin_tag_set() and nvme_free_ctrl() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
48) Improper locking (CVE-ID: CVE-2025-68297)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the decrypt_control_remainder() and process_v2_sparse_read() functions in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
49) NULL pointer dereference (CVE-ID: CVE-2025-68309)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_aer_init() function in drivers/pci/pcie/aer.c. A local user can perform a denial of service (DoS) attack.
50) Use-after-free (CVE-ID: CVE-2025-68331)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uas_queuecommand_lck() function in drivers/usb/storage/uas.c. A local user can escalate privileges on the system.
51) Reachable assertion (CVE-ID: CVE-2025-68337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the jbd2_journal_get_create_access() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
52) Buffer overflow (CVE-ID: CVE-2025-68349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pnfs_mark_layout_stateid_invalid() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
53) Use-after-free (CVE-ID: CVE-2025-68354)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the regulator_supply_alias(), regulator_register_supply_alias() and regulator_unregister_supply_alias() functions in drivers/regulator/core.c. A local user can escalate privileges on the system.
54) Improper locking (CVE-ID: CVE-2025-68356)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gfs2_fill_super() function in fs/gfs2/ops_fstype.c. A local user can perform a denial of service (DoS) attack.
55) Integer underflow (CVE-ID: CVE-2025-68362)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the rtl8187_rx_cb() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can execute arbitrary code.
56) Resource management error (CVE-ID: CVE-2025-68363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_5() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
57) Use-after-free (CVE-ID: CVE-2025-68376)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tmc_etr_get_sysfs_buffer() function in drivers/hwtracing/coresight/coresight-tmc-etr.c. A local user can escalate privileges on the system.
58) Out-of-bounds read (CVE-ID: CVE-2025-68378)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __bpf_get_stackid() and BPF_CALL_3() functions in kernel/bpf/stackmap.c. A local user can perform a denial of service (DoS) attack.
59) Integer overflow (CVE-ID: CVE-2025-68724)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the asymmetric_key_generate_id() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can execute arbitrary code.
60) Infinite loop (CVE-ID: CVE-2025-68725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
61) Memory leak (CVE-ID: CVE-2025-68734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the setup_instance() and hfcsusb_probe() functions in drivers/isdn/hardware/mISDN/hfcsusb.c. A local user can perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2025-68741)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla2xxx_process_purls_iocb() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can escalate privileges on the system.
63) Use-after-free (CVE-ID: CVE-2025-68744)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the free_htab_elem() function in kernel/bpf/hashtab.c. A local user can escalate privileges on the system.
64) Double free (CVE-ID: CVE-2025-68745)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drivers/scsi/qla2xxx/qla_target.h. A local user can perform a denial of service (DoS) attack.
65) Improper locking (CVE-ID: CVE-2025-68756)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blk_mq_quiesce_tagset(), blk_mq_unquiesce_tagset(), blk_mq_del_queue_tag_set() and blk_mq_add_queue_tag_set() functions in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
66) Improper locking (CVE-ID: CVE-2025-68780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dec_dl_deadline(), rq_online_dl() and rq_offline_dl() functions in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2025-68782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the target_cmd_init_cdb() function in drivers/target/target_core_transport.c. A local user can perform a denial of service (DoS) attack.
68) Integer underflow (CVE-ID: CVE-2025-68794)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the iomap_adjust_read_range() function in fs/iomap/buffered-io.c. A local user can execute arbitrary code.
69) Input validation error (CVE-ID: CVE-2025-68803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/nfsd/vfs.h. A local user can perform a denial of service (DoS) attack.
70) Memory leak (CVE-ID: CVE-2025-68814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __io_openat_prep() function in io_uring/openclose.c. A local user can perform a denial of service (DoS) attack.
71) Input validation error (CVE-ID: CVE-2025-68816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.h. A local user can perform a denial of service (DoS) attack.
72) Use-after-free (CVE-ID: CVE-2025-68817)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_tree_disconnect() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
73) Input validation error (CVE-ID: CVE-2025-68818)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
74) Input validation error (CVE-ID: CVE-2025-71072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the shmem_rename2() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
75) Out-of-bounds read (CVE-ID: CVE-2025-71077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/tpm.h. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-71104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the advance_periodic_target_expiration() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
77) Out-of-bounds read (CVE-ID: CVE-2025-71116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_pool() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
78) Double free (CVE-ID: CVE-2025-71131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the seqiv_aead_encrypt() function in crypto/seqiv.c. A local user can perform a denial of service (DoS) attack.
79) Infinite loop (CVE-ID: CVE-2025-71134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the buddy_merge_likely(), __free_one_page() and pageblock_unisolate_and_move_free_pages() functions in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
80) Memory leak (CVE-ID: CVE-2025-71147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_load_cmd() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
81) Resource management error (CVE-ID: CVE-2025-71149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_poll_remove() function in io_uring/poll.c. A local user can perform a denial of service (DoS) attack.
82) Memory leak (CVE-ID: CVE-2025-71150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ksmbd_session_lookup_all() function in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2025-71152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dsa_port_parse_of(), dev_find_class(), dsa_switch_release_ports() and dsa_switch_shutdown() functions in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.
84) Memory leak (CVE-ID: CVE-2025-71154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the async_set_registers() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
85) Double free (CVE-ID: CVE-2025-71238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the qla2x00_update_optrom() function in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.
86) Buffer overflow (CVE-ID: CVE-2026-22978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the compat_private_call() function in net/wireless/wext-priv.c. A local user can perform a denial of service (DoS) attack.
87) Use-after-free (CVE-ID: CVE-2026-22980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/nfsd/state.h. A local user can escalate privileges on the system.
88) Input validation error (CVE-ID: CVE-2026-22990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the osdmap_apply_incremental() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
89) NULL pointer dereference (CVE-ID: CVE-2026-22992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mon_handle_auth_done() function in net/ceph/mon_client.c. A local user can perform a denial of service (DoS) attack.
90) NULL pointer dereference (CVE-ID: CVE-2026-22996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the _mlx5e_resume(), mlx5e_resume(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
91) NULL pointer dereference (CVE-ID: CVE-2026-22998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_handle_h2c_data_pdu() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
92) NULL pointer dereference (CVE-ID: CVE-2026-23000)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_vport_uplink_rep_load() and mlx5e_vport_uplink_rep_unload() functions in drivers/net/ethernet/mellanox/mlx5/core/en_rep.c. A local user can perform a denial of service (DoS) attack.
93) Resource management error (CVE-ID: CVE-2026-23005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_vcpu_ioctl_x86_get_xsave() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
94) NULL pointer dereference (CVE-ID: CVE-2026-23035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_vport_vf_rep_load() and mlx5e_vport_rep_unload() functions in drivers/net/ethernet/mellanox/mlx5/core/en_rep.c. A local user can perform a denial of service (DoS) attack.
95) NULL pointer dereference (CVE-ID: CVE-2026-23060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.
96) Integer underflow (CVE-ID: CVE-2026-23069)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the virtio_transport_get_credit(), virtio_transport_seqpacket_has_data(), virtio_transport_stream_has_space() and virtio_transport_space_update() functions in net/vmw_vsock/virtio_transport_common.c. A local user can execute arbitrary code.
97) Improper locking (CVE-ID: CVE-2026-23071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the regmap_lock_hwlock_irq() function in drivers/base/regmap/regmap.c. A local user can perform a denial of service (DoS) attack.
98) Use-after-free (CVE-ID: CVE-2026-23086)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_seqpacket_dequeue(), virtio_transport_seqpacket_enqueue() and virtio_transport_has_space() functions in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
99) Out-of-bounds read (CVE-ID: CVE-2026-23099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_enslave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
100) Improper locking (CVE-ID: CVE-2026-23103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_port_create(), ipvlan_uninit(), ipvlan_open(), ipvlan_stop(), ipvlan_link_new(), ipvlan_link_delete(), ipvlan_add_addr(), ipvlan_del_addr(), ipvlan_add_addr6(), ipvlan_addr6_validator_event() and ipvlan_addr4_validator_event() functions in drivers/net/ipvlan/ipvlan_main.c. A local user can perform a denial of service (DoS) attack.
101) Input validation error (CVE-ID: CVE-2026-23105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qfq_rm_from_agg() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
102) Use-after-free (CVE-ID: CVE-2026-23111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_map_catchall_activate() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
103) Race condition within a thread (CVE-ID: CVE-2026-23120)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the l2tp_tunnel_del_work() function in net/l2tp/l2tp_core.c. A local user can corrupt data.
104) Improper locking (CVE-ID: CVE-2026-23124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ndisc_router_discovery() function in net/ipv6/ndisc.c. A local user can perform a denial of service (DoS) attack.
105) Improper locking (CVE-ID: CVE-2026-23126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/net/netdevsim/netdevsim.h. A local user can perform a denial of service (DoS) attack.
106) Buffer overflow (CVE-ID: CVE-2026-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the _ath10k_ce_free_pipe() and _ath10k_ce_free_pipe_64() functions in drivers/net/wireless/ath/ath10k/ce.c. A local user can perform a denial of service (DoS) attack.
107) Infinite loop (CVE-ID: CVE-2026-23136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the osd_fault() function in net/ceph/osd_client.c. A local user can perform a denial of service (DoS) attack.
108) Memory leak (CVE-ID: CVE-2026-23137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the attach_node_and_children() and unittest_data_add() functions in drivers/of/unittest.c. A local user can perform a denial of service (DoS) attack.
109) Infinite loop (CVE-ID: CVE-2026-23138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __ftrace_trace_stack() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
110) Incorrect calculation (CVE-ID: CVE-2026-23139)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __nf_conncount_add() function in net/netfilter/nf_conncount.c. A local user can perform a denial of service (DoS) attack.
111) Memory leak (CVE-ID: CVE-2026-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_inode_update_ref() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
112) Input validation error (CVE-ID: CVE-2026-23154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tcp6_gso_segment() function in net/ipv6/tcpv6_offload.c. A local user can perform a denial of service (DoS) attack.
113) Use of uninitialized resource (CVE-ID: CVE-2026-23156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the efivar_entry_get() function in fs/efivarfs/vars.c. A local user can perform a denial of service (DoS) attack.
114) Improper locking (CVE-ID: CVE-2026-23169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __reset_counters() function in net/mptcp/pm_kernel.c. A local user can perform a denial of service (DoS) attack.
115) NULL pointer dereference (CVE-ID: CVE-2026-23173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tc_del_fdb_peer_flow() and mlx5e_tc_num_filters() functions in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can perform a denial of service (DoS) attack.
116) Use-after-free (CVE-ID: CVE-2026-23191)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.
117) Memory leak (CVE-ID: CVE-2026-23198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the irqfd_shutdown(), irqfd_wakeup() and kvm_irqfd_deassign() functions in virt/kvm/eventfd.c. A local user can perform a denial of service (DoS) attack.
118) Out-of-bounds read (CVE-ID: CVE-2026-23204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the u32_classify() function in net/sched/cls_u32.c. A local user can perform a denial of service (DoS) attack.
119) Out-of-bounds read (CVE-ID: CVE-2026-23208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the prepare_playback_urb() function in sound/usb/pcm.c. A local user can perform a denial of service (DoS) attack.
120) Input validation error (CVE-ID: CVE-2026-23212)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/net/bonding.h. A local user can perform a denial of service (DoS) attack.
121) Use-after-free (CVE-ID: CVE-2026-23221)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the driver_override_show() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can escalate privileges on the system.
122) Input validation error (CVE-ID: CVE-2026-23230)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/smb/client/cached_dir.h. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.