SB2026033146 - Ubuntu update for linux-azure-6.8
Published: March 31, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1179 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-36331)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper management of cache coherency by the CPU. A local user with hypervisor access can overwrite SEV-SNP guest memory, resulting in loss of data integrity.
2) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36350)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information leak. A local user can obtain sensitive data from previous stores.
3) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36357)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information leak. A local user can obtain sensitive data from the L1D cache.
4) Integer overflow (CVE-ID: CVE-2025-68750)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the usbg_make_tpg() function in drivers/usb/gadget/function/f_tcm.c. A local user can execute arbitrary code.
5) Memory leak (CVE-ID: CVE-2025-68734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the setup_instance() and hfcsusb_probe() functions in drivers/isdn/hardware/mISDN/hfcsusb.c. A local user can perform a denial of service (DoS) attack.
6) NULL pointer dereference (CVE-ID: CVE-2025-68343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gs_usb_receive_bulk_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2025-68342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gs_usb_get_echo_skb() and gs_usb_receive_bulk_callback() functions in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
8) Resource management error (CVE-ID: CVE-2025-68340)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the team_port_add() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2025-68339)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fore200e_open() function in drivers/atm/fore200e.c. A local user can perform a denial of service (DoS) attack.
10) Use-after-free (CVE-ID: CVE-2025-68331)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uas_queuecommand_lck() function in drivers/usb/storage/uas.c. A local user can escalate privileges on the system.
11) NULL pointer dereference (CVE-ID: CVE-2025-68330)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/iio/accel/bmc150-accel.h. A local user can perform a denial of service (DoS) attack.
12) Resource management error (CVE-ID: CVE-2025-68328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stratix10_svc_drv_probe() function in drivers/firmware/stratix10-svc.c. A local user can perform a denial of service (DoS) attack.
13) Resource management error (CVE-ID: CVE-2025-68327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2025-68322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the unwind_special() and unwind_frame_regs() functions in arch/parisc/kernel/unwind.c. A local user can perform a denial of service (DoS) attack.
15) Buffer overflow (CVE-ID: CVE-2025-68321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __page_pool_alloc_pages_slow() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2025-68320)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lan966x_es0_read_esdx_counter() and lan966x_es0_write_esdx_counter() functions in drivers/net/ethernet/microchip/lan966x/lan966x_vcap_impl.c. A local user can perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2025-68315)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/linux/f2fs_fs.h. A local user can perform a denial of service (DoS) attack.
18) Input validation error (CVE-ID: CVE-2025-68313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
19) Resource management error (CVE-ID: CVE-2025-68312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2025-68311)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip22zilog_transmit_chars() and __ip22zilog_reset() functions in drivers/tty/serial/ip22zilog.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-68310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the zpci_event_attempt_error_recovery() function in arch/s390/pci/pci_event.c. A local user can perform a denial of service (DoS) attack.
22) Buffer overflow (CVE-ID: CVE-2025-68308)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvaser_usb_leaf_wait_cmd() and kvaser_usb_leaf_read_bulk_callback() functions in drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c. A local user can escalate privileges on the system.
23) Improper locking (CVE-ID: CVE-2025-68307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gs_usb_xmit_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
24) Use-after-free (CVE-ID: CVE-2025-68305)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_sock_bind() function in net/bluetooth/hci_sock.c. A local user can escalate privileges on the system.
25) Buffer overflow (CVE-ID: CVE-2025-68303)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the intel_punit_ipc_probe() function in drivers/platform/x86/intel/punit_ipc.c. A local user can escalate privileges on the system.
26) NULL pointer dereference (CVE-ID: CVE-2025-68302)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sxgbe_rx() function in drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c. A local user can perform a denial of service (DoS) attack.
27) Out-of-bounds read (CVE-ID: CVE-2025-68301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aq_ring_rx_clean() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c. A local user can perform a denial of service (DoS) attack.
28) Improper locking (CVE-ID: CVE-2025-68297)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the decrypt_control_remainder() and process_v2_sparse_read() functions in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
29) Memory leak (CVE-ID: CVE-2025-68295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_construct_tcon() function in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
30) Use-after-free (CVE-ID: CVE-2025-68290)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdm_probe() function in drivers/most/most_usb.c. A local user can escalate privileges on the system.
31) Memory leak (CVE-ID: CVE-2025-68289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_unwrap() function in drivers/usb/gadget/function/f_eem.c. A local user can perform a denial of service (DoS) attack.
32) Memory leak (CVE-ID: CVE-2025-68288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_stor_Bulk_transport() function in drivers/usb/storage/transport.c. A local user can perform a denial of service (DoS) attack.
33) Use-after-free (CVE-ID: CVE-2025-68287)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dwc3_gadget_giveback() function in drivers/usb/dwc3/gadget.c. A local user can escalate privileges on the system.
34) NULL pointer dereference (CVE-ID: CVE-2025-68286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_scanoutpos() function in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
35) Use-after-free (CVE-ID: CVE-2025-68285)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the monmap_show() and osdmap_show() functions in net/ceph/debugfs.c. A local user can escalate privileges on the system.
36) Out-of-bounds read (CVE-ID: CVE-2025-68284)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_auth_session_key() function in net/ceph/auth_x.c. A local user can perform a denial of service (DoS) attack.
37) Buffer overflow (CVE-ID: CVE-2025-68283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the decode_new_primary_temp(), ceph_get_primary_affinity(), decode_new_primary_affinity() and decode_new_up_state_weight() functions in net/ceph/osdmap.c. A local user can escalate privileges on the system.
38) Use-after-free (CVE-ID: CVE-2025-68282)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/usb/gadget.h. A local user can escalate privileges on the system.
39) Use of uninitialized resource (CVE-ID: CVE-2025-68249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hdm_probe() function in drivers/most/most_usb.c. A local user can perform a denial of service (DoS) attack.
40) Memory leak (CVE-ID: CVE-2025-68246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ksmbd_kthread_fn() function in fs/smb/server/transport_tcp.c. A local user can perform a denial of service (DoS) attack.
41) Memory leak (CVE-ID: CVE-2025-68245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __netpoll_cleanup() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
42) Improper locking (CVE-ID: CVE-2025-68244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i915_vma_pin_ww() function in drivers/gpu/drm/i915/i915_vma.c. A local user can perform a denial of service (DoS) attack.
43) Memory leak (CVE-ID: CVE-2025-68241)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fnhe_remove_oldest() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
44) NULL pointer dereference (CVE-ID: CVE-2025-68238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cadence_nand_irq_cleanup() and cadence_nand_init() functions in drivers/mtd/nand/raw/cadence-nand-controller.c. A local user can perform a denial of service (DoS) attack.
45) Integer overflow (CVE-ID: CVE-2025-68237)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the mtdchar_write_ioctl() and mtdchar_read_ioctl() functions in drivers/mtd/mtdchar.c. A local user can execute arbitrary code.
46) Memory leak (CVE-ID: CVE-2025-68235)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvkm_falcon_fw_dtor() function in drivers/gpu/drm/nouveau/nvkm/falcon/fw.c. A local user can perform a denial of service (DoS) attack.
47) Memory leak (CVE-ID: CVE-2025-68233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tegra_drm_ioctl_channel_open() function in drivers/gpu/drm/tegra/uapi.c. A local user can perform a denial of service (DoS) attack.
48) Infinite loop (CVE-ID: CVE-2025-68231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the check_element() and poison_element() functions in mm/mempool.c. A local user can perform a denial of service (DoS) attack.
49) NULL pointer dereference (CVE-ID: CVE-2025-68229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_loop_tpg_address_show() function in drivers/target/loopback/tcm_loop.c. A local user can perform a denial of service (DoS) attack.
50) Resource management error (CVE-ID: CVE-2025-68227)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_wnd_end() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
51) Improper locking (CVE-ID: CVE-2025-68223)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the radeon_fence_is_signaled() function in drivers/gpu/drm/radeon/radeon_fence.c. A local user can perform a denial of service (DoS) attack.
52) Use of uninitialized resource (CVE-ID: CVE-2025-68222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the s32_pinctrl_probe() function in drivers/pinctrl/nxp/pinctrl-s32cc.c. A local user can perform a denial of service (DoS) attack.
53) Improper error handling (CVE-ID: CVE-2025-68220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the of_channel_match_helper() and knav_dma_open_channel() functions in drivers/soc/ti/knav_dma.c. A local user can perform a denial of service (DoS) attack.
54) Memory leak (CVE-ID: CVE-2025-68219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
55) Improper locking (CVE-ID: CVE-2025-68218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_mpath_set_live() function in drivers/nvme/host/multipath.c. A local user can perform a denial of service (DoS) attack.
56) Out-of-bounds read (CVE-ID: CVE-2025-68217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pegasus_probe() function in drivers/input/tablet/pegasus_notetaker.c. A local user can perform a denial of service (DoS) attack.
57) NULL pointer dereference (CVE-ID: CVE-2025-68214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __try_to_del_timer_sync() function in kernel/time/timer.c. A local user can perform a denial of service (DoS) attack.
58) NULL pointer dereference (CVE-ID: CVE-2025-68213)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_remove() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
59) Out-of-bounds read (CVE-ID: CVE-2025-68208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the widen_imprecise_scalars() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
60) Memory leak (CVE-ID: CVE-2025-68204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_pd_power_off() and scmi_pm_domain_probe() functions in drivers/firmware/arm_scmi/scmi_pm_domain.c. A local user can perform a denial of service (DoS) attack.
61) Input validation error (CVE-ID: CVE-2025-68201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gfx_v12_0_ring_emit_ib_gfx() function in drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c. A local user can perform a denial of service (DoS) attack.
62) Resource management error (CVE-ID: CVE-2025-68200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cls_bpf_classify() function in net/sched/cls_bpf.c. A local user can perform a denial of service (DoS) attack.
63) NULL pointer dereference (CVE-ID: CVE-2025-68198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __crash_shrink_memory() function in kernel/crash_core.c. A local user can perform a denial of service (DoS) attack.
64) Improper locking (CVE-ID: CVE-2025-68194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the send_packet(), usb_rx_callback_intf0() and usb_rx_callback_intf1() functions in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.
65) Input validation error (CVE-ID: CVE-2025-68192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
66) Improper error handling (CVE-ID: CVE-2025-68191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the udp_tunnel_nic_netdevice_event() function in net/ipv4/udp_tunnel_nic.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2025-68190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atom_execute_table_locked() function in drivers/gpu/drm/amd/amdgpu/atom.c. A local user can perform a denial of service (DoS) attack.
68) Improper locking (CVE-ID: CVE-2025-68185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs4_setup_readdir() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
69) Improper locking (CVE-ID: CVE-2025-68184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_plane_format_mod_supported() function in drivers/gpu/drm/mediatek/mtk_plane.c. A local user can perform a denial of service (DoS) attack.
70) Buffer overflow (CVE-ID: CVE-2025-68183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ima_protect_xattr(), ima_reset_appraise_flags(), ima_inode_setxattr() and ima_inode_set_acl() functions in security/integrity/ima/ima_appraise.c. A local user can perform a denial of service (DoS) attack.
71) NULL pointer dereference (CVE-ID: CVE-2025-68180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the odm_combine_segments_show() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.
72) Buffer overflow (CVE-ID: CVE-2025-68179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the function in arch/s390/Kconfig. A local user can perform a denial of service (DoS) attack.
73) Improper locking (CVE-ID: CVE-2025-68178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blkg_conf_prep() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
74) NULL pointer dereference (CVE-ID: CVE-2025-68177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the longhaul_exit() function in drivers/cpufreq/longhaul.c. A local user can perform a denial of service (DoS) attack.
75) NULL pointer dereference (CVE-ID: CVE-2025-68176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/pci/controller/cadence/pcie-cadence.h. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-68173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ftrace_module_enable() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
77) Double free (CVE-ID: CVE-2025-68172)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the aspeed_acry_probe() and aspeed_acry_remove() functions in drivers/crypto/aspeed/aspeed-acry.c. A local user can perform a denial of service (DoS) attack.
78) Resource management error (CVE-ID: CVE-2025-68171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fpu__clear_user_states() function in arch/x86/kernel/fpu/core.c. A local user can perform a denial of service (DoS) attack.
79) Improper locking (CVE-ID: CVE-2025-68168)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the txInit() function in fs/jfs/jfs_txnmgr.c. A local user can perform a denial of service (DoS) attack.
80) Resource management error (CVE-ID: CVE-2025-40363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ah6_output_done() and ah6_output() functions in net/ipv6/ah6.c. A local user can perform a denial of service (DoS) attack.
81) NULL pointer dereference (CVE-ID: CVE-2025-40360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL() function in drivers/gpu/drm/drm_gem_atomic_helper.c. A local user can perform a denial of service (DoS) attack.
82) Out-of-bounds read (CVE-ID: CVE-2025-40358)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the walk_stackframe() function in arch/riscv/kernel/stacktrace.c. A local user can perform a denial of service (DoS) attack.
83) Buffer overflow (CVE-ID: CVE-2025-40353)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the copy_highpage() function in arch/arm64/mm/copypage.c. A local user can perform a denial of service (DoS) attack.
84) Improper locking (CVE-ID: CVE-2025-40351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_iget() function in fs/hfsplus/super.c. A local user can perform a denial of service (DoS) attack.
85) Resource management error (CVE-ID: CVE-2025-40350)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlx5e_skb_from_cqe_mpwrq_nonlinear() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
86) Out-of-bounds read (CVE-ID: CVE-2025-40349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/hfsplus/hfsplus_fs.h. A local user can perform a denial of service (DoS) attack.
87) Improper locking (CVE-ID: CVE-2025-40347)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enetc_clean_rx_ring(), enetc_clean_rx_ring_xdp() and enetc_poll() functions in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.
88) NULL pointer dereference (CVE-ID: CVE-2025-40346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the topology_parse_cpu_capacity() function in drivers/base/arch_topology.c. A local user can perform a denial of service (DoS) attack.
89) Out-of-bounds read (CVE-ID: CVE-2025-40345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sddr55_write_data() function in drivers/usb/storage/sddr55.c. A local user can perform a denial of service (DoS) attack.
90) Improper locking (CVE-ID: CVE-2025-40343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_fc_delete_assoc_work() and nvmet_fc_delete_target_assoc() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
91) Improper locking (CVE-ID: CVE-2025-40342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_create_association() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
92) Memory leak (CVE-ID: CVE-2025-40341)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the SYSCALL_DEFINE2(), SYSCALL_DEFINE3() and COMPAT_SYSCALL_DEFINE3() functions in kernel/futex/syscalls.c. A local user can perform a denial of service (DoS) attack.
93) Input validation error (CVE-ID: CVE-2025-40339)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the amdgpu_amdkfd_gpuvm_restore_process_bos() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c. A local user can perform a denial of service (DoS) attack.
94) Input validation error (CVE-ID: CVE-2025-40337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the stmmac_rx() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
95) Improper error handling (CVE-ID: CVE-2025-40333)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __insert_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
96) Out-of-bounds read (CVE-ID: CVE-2025-40331)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the inet_diag_msg_sctpladdrs_fill() function in net/sctp/diag.c. A local user can perform a denial of service (DoS) attack.
97) Improper locking (CVE-ID: CVE-2025-40329)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_sched_entity_error() and drm_sched_entity_kill_jobs_cb() functions in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
98) Use-after-free (CVE-ID: CVE-2025-40328)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the open_cached_dir(), open_cached_dir_by_dentry(), drop_cached_dir_by_name(), cached_dir_offload_close() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.
99) Race condition (CVE-ID: CVE-2025-40324)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the nfsd4_read() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
100) Use-after-free (CVE-ID: CVE-2025-40323)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/fbcon.h. A local user can escalate privileges on the system.
101) Out-of-bounds read (CVE-ID: CVE-2025-40322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bit_putcs_aligned() and bit_putcs_unaligned() functions in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.
102) NULL pointer dereference (CVE-ID: CVE-2025-40321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h. A local user can perform a denial of service (DoS) attack.
103) Use-after-free (CVE-ID: CVE-2025-40320)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_query_info_compound() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
104) Use-after-free (CVE-ID: CVE-2025-40319)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ringbuf_map_alloc() function in kernel/bpf/ringbuf.c. A local user can escalate privileges on the system.
105) Use-after-free (CVE-ID: CVE-2025-40318)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_cmd_sync_dequeue_once() function in net/bluetooth/hci_sync.c. A local user can escalate privileges on the system.
106) Improper error handling (CVE-ID: CVE-2025-40317)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __regmap_init_slimbus() and __devm_regmap_init_slimbus() functions in drivers/base/regmap/regmap-slimbus.c. A local user can perform a denial of service (DoS) attack.
107) NULL pointer dereference (CVE-ID: CVE-2025-40315)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ffs_func_eps_enable() function in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
108) Use-after-free (CVE-ID: CVE-2025-40314)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions in drivers/usb/cdns3/cdnsp-gadget.c. A local user can escalate privileges on the system.
109) Input validation error (CVE-ID: CVE-2025-40313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_read_mft() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
110) Input validation error (CVE-ID: CVE-2025-40312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_iget() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
111) Input validation error (CVE-ID: CVE-2025-40311)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gaudi2_mmap() function in drivers/accel/habanalabs/gaudi2/gaudi2.c. A local user can perform a denial of service (DoS) attack.
112) NULL pointer dereference (CVE-ID: CVE-2025-40310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kgd2kfd_interrupt() function in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
113) Use-after-free (CVE-ID: CVE-2025-40309)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sco_sock_kill() function in net/bluetooth/sco.c. A local user can escalate privileges on the system.
114) NULL pointer dereference (CVE-ID: CVE-2025-40308)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bcsp_recv() function in drivers/bluetooth/hci_bcsp.c. A local user can perform a denial of service (DoS) attack.
115) Buffer overflow (CVE-ID: CVE-2025-40307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the exfat_allocate_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.
116) Memory leak (CVE-ID: CVE-2025-40306)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the convert_to_internal_xattr_flags() and orangefs_inode_getxattr() functions in fs/orangefs/xattr.c. A local user can perform a denial of service (DoS) attack.
117) Resource management error (CVE-ID: CVE-2025-40305)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the p9_poll_mux() and p9_fd_request() functions in net/9p/trans_fd.c. A local user can perform a denial of service (DoS) attack.
118) Out-of-bounds read (CVE-ID: CVE-2025-40304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bit_putcs() function in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.
119) Use-after-free (CVE-ID: CVE-2025-40303)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the write_one_eb() function in fs/btrfs/extent_io.c. A local user can escalate privileges on the system.
120) Input validation error (CVE-ID: CVE-2025-40301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_cmd_complete_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
121) Use-after-free (CVE-ID: CVE-2025-40297)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/bridge/br_private.h. A local user can escalate privileges on the system.
122) Out-of-bounds read (CVE-ID: CVE-2025-40294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_adv_monitor_pattern() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
123) Division by zero (CVE-ID: CVE-2025-40293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.
124) NULL pointer dereference (CVE-ID: CVE-2025-40292)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the page_to_skb() and receive_big() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
125) Input validation error (CVE-ID: CVE-2025-40289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the amdgpu_vram_attrs_is_visible() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c. A local user can perform a denial of service (DoS) attack.
126) NULL pointer dereference (CVE-ID: CVE-2025-40288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_virt_write_vf2pf_data() function in drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c. A local user can perform a denial of service (DoS) attack.
127) Input validation error (CVE-ID: CVE-2025-40287)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.
128) Memory leak (CVE-ID: CVE-2025-40286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
129) Memory leak (CVE-ID: CVE-2025-40285)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb2_sess_setup() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
130) Use-after-free (CVE-ID: CVE-2025-40284)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_index_removed() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.
131) Use-after-free (CVE-ID: CVE-2025-40283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btusb_disconnect() function in drivers/bluetooth/btusb.c. A local user can escalate privileges on the system.
132) Improper error handling (CVE-ID: CVE-2025-40282)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the recv_pkt() function in net/bluetooth/6lowpan.c. A local user can perform a denial of service (DoS) attack.
133) Out-of-bounds read (CVE-ID: CVE-2025-40281)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sctp_transport_update_rto() function in net/sctp/transport.c. A local user can perform a denial of service (DoS) attack.
134) Use-after-free (CVE-ID: CVE-2025-40280)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_net_finalize_work() function in net/tipc/net.c. A local user can escalate privileges on the system.
135) Memory leak (CVE-ID: CVE-2025-40279)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_connmark_dump() function in net/sched/act_connmark.c. A local user can perform a denial of service (DoS) attack.
136) Memory leak (CVE-ID: CVE-2025-40278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_ife_dump() function in net/sched/act_ife.c. A local user can perform a denial of service (DoS) attack.
137) Out-of-bounds read (CVE-ID: CVE-2025-40277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_cmd_check() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
138) NULL pointer dereference (CVE-ID: CVE-2025-40275)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_usb_mixer_controls_badd() function in sound/usb/mixer.c. A local user can perform a denial of service (DoS) attack.
139) Improper locking (CVE-ID: CVE-2025-40273)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs4_free_ol_stateid() function in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
140) Use-after-free (CVE-ID: CVE-2025-40272)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the secretmem_fault() function in mm/secretmem.c. A local user can escalate privileges on the system.
141) Use-after-free (CVE-ID: CVE-2025-40271)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pde_put(), remove_proc_entry() and remove_proc_subtree() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
142) Input validation error (CVE-ID: CVE-2025-40269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_usb_endpoint_set_params() function in sound/usb/endpoint.c. A local user can perform a denial of service (DoS) attack.
143) Memory leak (CVE-ID: CVE-2025-40268)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
144) Out-of-bounds read (CVE-ID: CVE-2025-40266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __do_ffa_mem_xfer() function in arch/arm64/kvm/hyp/nvhe/ffa.c. A local user can perform a denial of service (DoS) attack.
145) NULL pointer dereference (CVE-ID: CVE-2025-40264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_xmit_flush(), be_send_pkt_to_bmc() and be_xmit() functions in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
146) Improper locking (CVE-ID: CVE-2025-40263)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cros_ec_keyb_work() function in drivers/input/keyboard/cros_ec_keyb.c. A local user can perform a denial of service (DoS) attack.
147) Buffer overflow (CVE-ID: CVE-2025-40262)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the imx_sc_key_probe() function in drivers/input/keyboard/imx_sc_key.c. A local user can escalate privileges on the system.
148) Improper locking (CVE-ID: CVE-2025-40261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_delete_ctrl() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
149) Input validation error (CVE-ID: CVE-2025-40259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sg_remove_sfp_usercontext() function in drivers/scsi/sg.c. A local user can perform a denial of service (DoS) attack.
150) Use-after-free (CVE-ID: CVE-2025-40258)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_reset_rtx_timer() function in net/mptcp/protocol.c. A local user can escalate privileges on the system.
151) Use-after-free (CVE-ID: CVE-2025-40257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_remove_anno_list_by_saddr(), mptcp_pm_del_add_timer() and mptcp_pm_free_anno_list() functions in net/mptcp/pm.c. A local user can escalate privileges on the system.
152) NULL pointer dereference (CVE-ID: CVE-2025-40254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the net/openvswitch/flow_netlink.h. A local user can perform a denial of service (DoS) attack.
153) Input validation error (CVE-ID: CVE-2025-40253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mpc_rcvd_sweep_req() function in drivers/s390/net/ctcm_mpc.c. A local user can perform a denial of service (DoS) attack.
154) Out-of-bounds read (CVE-ID: CVE-2025-40252)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qede_tpa_cont() and qede_tpa_end() functions in drivers/net/ethernet/qlogic/qede/qede_fp.c. A local user can perform a denial of service (DoS) attack.
155) Memory leak (CVE-ID: CVE-2025-40251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devl_rate_nodes_destroy() function in net/devlink/rate.c. A local user can perform a denial of service (DoS) attack.
156) Input validation error (CVE-ID: CVE-2025-40250)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_irq_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c. A local user can perform a denial of service (DoS) attack.
157) Use-after-free (CVE-ID: CVE-2025-40248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vsock_connect() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
158) Improper Initialization (CVE-ID: CVE-2025-40245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the find_limits() and setup_arch() functions in arch/nios2/kernel/setup.c. A local user can perform a denial of service (DoS) attack.
159) Improper locking (CVE-ID: CVE-2025-40244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfs_find_init() and hfs_brec_find() functions in fs/hfsplus/bfind.c. A local user can perform a denial of service (DoS) attack.
160) Use-after-free (CVE-ID: CVE-2025-40243)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfs_mdb_get() function in fs/hfs/mdb.c. A local user can escalate privileges on the system.
161) Improper locking (CVE-ID: CVE-2025-40242)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gdlm_put_lock() function in fs/gfs2/lock_dlm.c. A local user can perform a denial of service (DoS) attack.
162) NULL pointer dereference (CVE-ID: CVE-2025-40240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_inq_pop() function in net/sctp/inqueue.c. A local user can perform a denial of service (DoS) attack.
163) NULL pointer dereference (CVE-ID: CVE-2025-40238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_devcom_cleanup_mpv() and mlx5e_nic_disable() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2025-40237)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
165) NULL pointer dereference (CVE-ID: CVE-2025-40235)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_get_tree_subvol() function in fs/btrfs/super.c. A local user can perform a denial of service (DoS) attack.
166) Incorrect calculation (CVE-ID: CVE-2025-40233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __ocfs2_move_extents_range() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
167) Improper locking (CVE-ID: CVE-2025-40231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_assign_transport() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
168) Incorrect calculation (CVE-ID: CVE-2025-40226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the scmi_xfer_command_acquire(), scmi_handle_notification(), scmi_handle_response(), scmi_wait_for_reply() and do_xfer() functions in drivers/firmware/arm_scmi/driver.c. A local user can perform a denial of service (DoS) attack.
169) Use-after-free (CVE-ID: CVE-2025-40223)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the release_mdev() and hdm_disconnect() functions in drivers/most/most_usb.c. A local user can escalate privileges on the system.
170) Memory leak (CVE-ID: CVE-2025-40221)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the trigger_handler() function in drivers/media/pci/mgb4/mgb4_trigger.c. A local user can perform a denial of service (DoS) attack.
171) Improper locking (CVE-ID: CVE-2025-40220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fuse_file_release() function in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.
172) Improper locking (CVE-ID: CVE-2025-40219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sriov_add_vfs() and sriov_del_vfs() functions in drivers/pci/iov.c. A local user can perform a denial of service (DoS) attack.
173) Improper locking (CVE-ID: CVE-2025-40218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the damon_mkold_pmd_entry() and damon_young_pmd_entry() functions in mm/damon/vaddr.c. A local user can perform a denial of service (DoS) attack.
174) Improper locking (CVE-ID: CVE-2025-40215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __xfrm_state_destroy(), __xfrm_state_delete(), xfrm_state_flush(), xfrm_flush_gc() and xfrm_state_fini() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
175) Use-after-free (CVE-ID: CVE-2025-40211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_video_bus_remove_notify_handler() function in drivers/acpi/acpi_video.c. A local user can escalate privileges on the system.
176) Input validation error (CVE-ID: CVE-2025-40207)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/media/v4l2-subdev.h. A local user can perform a denial of service (DoS) attack.
177) Input validation error (CVE-ID: CVE-2025-40206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_objref_eval() and nft_objref_map_destroy() functions in net/netfilter/nft_objref.c. A local user can perform a denial of service (DoS) attack.
178) Out-of-bounds read (CVE-ID: CVE-2025-40205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_encode_fh() function in fs/btrfs/export.c. A local user can perform a denial of service (DoS) attack.
179) Resource management error (CVE-ID: CVE-2025-40204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
180) Use-after-free (CVE-ID: CVE-2025-40202)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the deliver_response(), ipmi_set_gets_events(), i_ipmi_request(), handle_ipmb_get_msg_cmd(), handle_ipmb_direct_rcv_cmd(), handle_lan_get_msg_cmd(), handle_oem_get_msg_cmd(), handle_read_event_rsp(), smi_work() and free_recv_msg() functions in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
181) Improper locking (CVE-ID: CVE-2025-40201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SYSCALL_DEFINE4() function in kernel/sys.c. A local user can perform a denial of service (DoS) attack.
182) Resource management error (CVE-ID: CVE-2025-40200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
183) Out-of-bounds read (CVE-ID: CVE-2025-40198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_apply_sb_mount_options() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
184) Resource management error (CVE-ID: CVE-2025-40196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dqput() and dquot_init() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
185) Resource management error (CVE-ID: CVE-2025-40194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the update_qos_request() function in drivers/cpufreq/intel_pstate.c. A local user can perform a denial of service (DoS) attack.
186) Input validation error (CVE-ID: CVE-2025-40193)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_read_simdisk() function in arch/xtensa/platforms/iss/simdisk.c. A local user can perform a denial of service (DoS) attack.
187) Infinite loop (CVE-ID: CVE-2025-40192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the init_kcs_data_with_state(), start_kcs_transaction() and kcs_event() functions in drivers/char/ipmi/ipmi_kcs_sm.c. A local user can perform a denial of service (DoS) attack.
188) Input validation error (CVE-ID: CVE-2025-40188)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the berlin_pwm_suspend() and berlin_pwm_resume() functions in drivers/pwm/pwm-berlin.c. A local user can perform a denial of service (DoS) attack.
189) NULL pointer dereference (CVE-ID: CVE-2025-40187)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_sf_do_5_1D_ce() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
190) Memory leak (CVE-ID: CVE-2025-40183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __bpf_redirect_neigh_v6() and __bpf_redirect_neigh_v4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
191) Out-of-bounds read (CVE-ID: CVE-2025-40180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zynqmp_ipi_free_mboxes() function in drivers/mailbox/zynqmp-ipi-mailbox.c. A local user can perform a denial of service (DoS) attack.
192) Resource management error (CVE-ID: CVE-2025-40179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ext4_init_orphan_info() function in fs/ext4/orphan.c. A local user can perform a denial of service (DoS) attack.
193) NULL pointer dereference (CVE-ID: CVE-2025-40178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pid_nr_ns() function in kernel/pid.c. A local user can perform a denial of service (DoS) attack.
194) Use-after-free (CVE-ID: CVE-2025-40176)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_decrypt_sg() function in net/tls/tls_sw.c. A local user can escalate privileges on the system.
195) Input validation error (CVE-ID: CVE-2025-40173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip6_tnl_xmit() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.
196) Buffer overflow (CVE-ID: CVE-2025-40172)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the find_and_map_user_pages() function in drivers/accel/qaic/qaic_control.c. A local user can perform a denial of service (DoS) attack.
197) Memory leak (CVE-ID: CVE-2025-40171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req(), __nvmet_fc_send_ls_req(), nvmet_fc_disconnect_assoc_done() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
198) Input validation error (CVE-ID: CVE-2025-40169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the check_alu_op() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
199) Input validation error (CVE-ID: CVE-2025-40167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __ext4_iget() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
200) Improper locking (CVE-ID: CVE-2025-40166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __guc_exec_queue_process_msg_cleanup() function in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
201) Resource management error (CVE-ID: CVE-2025-40165)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mxc_isi_m2m_vb2_buffer_queue(), mxc_isi_m2m_vb2_stop_streaming() and mxc_isi_m2m_s_fmt_vid() functions in drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c. A local user can perform a denial of service (DoS) attack.
202) Resource management error (CVE-ID: CVE-2025-40160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bind_interdomain_evtchn_to_irq_lateeoi(), find_virq() and bind_virq_to_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
203) Input validation error (CVE-ID: CVE-2025-40159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/xdp/xsk_queue.h. A local user can perform a denial of service (DoS) attack.
204) NULL pointer dereference (CVE-ID: CVE-2025-40156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_ccifreq_probe() function in drivers/devfreq/mtk-cci-devfreq.c. A local user can perform a denial of service (DoS) attack.
205) Use of uninitialized resource (CVE-ID: CVE-2025-40155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the domain_translation_struct_show() function in drivers/iommu/intel/debugfs.c. A local user can perform a denial of service (DoS) attack.
206) Out-of-bounds read (CVE-ID: CVE-2025-40154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the log_quirks() function in sound/soc/intel/boards/bytcr_rt5640.c. A local user can perform a denial of service (DoS) attack.
207) Improper locking (CVE-ID: CVE-2025-40153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hugetlb_change_protection() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
208) Use-after-free (CVE-ID: CVE-2025-40141)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iso_sock_kill() function in net/bluetooth/iso.c. A local user can escalate privileges on the system.
209) Improper locking (CVE-ID: CVE-2025-40140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtl8150_set_multicast() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
210) Input validation error (CVE-ID: CVE-2025-40137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_truncate() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
211) NULL pointer dereference (CVE-ID: CVE-2025-40134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __dm_suspend() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
212) NULL pointer dereference (CVE-ID: CVE-2025-40129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svcauth_gss_verify_header() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
213) Use of uninitialized resource (CVE-ID: CVE-2025-40127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ks_sa_rng_probe() function in drivers/char/hw_random/ks-sa-rng.c. A local user can perform a denial of service (DoS) attack.
214) Input validation error (CVE-ID: CVE-2025-40126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ENTRY() function in arch/sparc/lib/U1memcpy.S. A local user can perform a denial of service (DoS) attack.
215) Improper locking (CVE-ID: CVE-2025-40125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blk_mq_unregister_hctx() function in block/blk-mq-sysfs.c. A local user can perform a denial of service (DoS) attack.
216) Infinite loop (CVE-ID: CVE-2025-40124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the function in arch/sparc/lib/U3memcpy.S. A local user can perform a denial of service (DoS) attack.
217) NULL pointer dereference (CVE-ID: CVE-2025-40123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
218) Out-of-bounds read (CVE-ID: CVE-2025-40121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.
219) Improper locking (CVE-ID: CVE-2025-40120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ax88772_suspend(), ax88772_bind() and ax88772_unbind() functions in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.
220) Out-of-bounds read (CVE-ID: CVE-2025-40118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pm8001_dev_gone_notify() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.
221) NULL pointer dereference (CVE-ID: CVE-2025-40116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3421_probe() function in drivers/usb/host/max3421-hcd.c. A local user can perform a denial of service (DoS) attack.
222) Double free (CVE-ID: CVE-2025-40115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mpt3sas_transport_port_remove() function in drivers/scsi/mpt3sas/mpt3sas_transport.c. A local user can perform a denial of service (DoS) attack.
223) Buffer overflow (CVE-ID: CVE-2025-40112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ENTRY() function in arch/sparc/lib/NGmemcpy.S. A local user can perform a denial of service (DoS) attack.
224) Use-after-free (CVE-ID: CVE-2025-40111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_validation_add_resource() function in drivers/gpu/drm/vmwgfx/vmwgfx_validation.c. A local user can escalate privileges on the system.
225) Input validation error (CVE-ID: CVE-2025-40110)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vmw_cmd_dma() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
226) Input validation error (CVE-ID: CVE-2025-40109)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the crypto_del_default_rng() and crypto_register_rng() functions in crypto/rng.c. A local user can perform a denial of service (DoS) attack.
227) Memory leak (CVE-ID: CVE-2025-40107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hi3110_stop(), hi3110_open(), hi3110_can_probe() and hi3110_can_remove() functions in drivers/net/can/spi/hi311x.c. A local user can perform a denial of service (DoS) attack.
228) Improper error handling (CVE-ID: CVE-2025-40106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the comedi_buf_munge() function in drivers/comedi/comedi_buf.c. A local user can perform a denial of service (DoS) attack.
229) Memory leak (CVE-ID: CVE-2025-40105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the d_alloc() function in fs/dcache.c. A local user can perform a denial of service (DoS) attack.
230) Input validation error (CVE-ID: CVE-2025-40104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/ixgbevf/vf.h. A local user can perform a denial of service (DoS) attack.
231) Memory leak (CVE-ID: CVE-2025-40103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_smb2_acl_by_path() and set_smb2_acl() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
232) Memory leak (CVE-ID: CVE-2025-40101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_load_block_group_zone_info() function in fs/btrfs/zoned.c. A local user can perform a denial of service (DoS) attack.
233) Reachable assertion (CVE-ID: CVE-2025-40100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
234) Out-of-bounds read (CVE-ID: CVE-2025-40099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_dfs_referrals() function in fs/smb/client/misc.c. A local user can perform a denial of service (DoS) attack.
235) Double free (CVE-ID: CVE-2025-40096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drm_sched_job_add_implicit_dependencies() function in drivers/gpu/drm/scheduler/sched_main.c. A local user can perform a denial of service (DoS) attack.
236) NULL pointer dereference (CVE-ID: CVE-2025-40095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rndis_bind() function in drivers/usb/gadget/function/f_rndis.c. A local user can perform a denial of service (DoS) attack.
237) NULL pointer dereference (CVE-ID: CVE-2025-40094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acm_bind() function in drivers/usb/gadget/function/f_acm.c. A local user can perform a denial of service (DoS) attack.
238) NULL pointer dereference (CVE-ID: CVE-2025-40093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ecm_bind() function in drivers/usb/gadget/function/f_ecm.c. A local user can perform a denial of service (DoS) attack.
239) NULL pointer dereference (CVE-ID: CVE-2025-40092)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ncm_bind() function in drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.
240) Out-of-bounds read (CVE-ID: CVE-2025-40088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_strcasecmp() and hfsplus_strcmp() functions in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
241) Resource management error (CVE-ID: CVE-2025-40087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nfsd4_ff_proc_getdeviceinfo() function in fs/nfsd/flexfilelayout.c. A local user can perform a denial of service (DoS) attack.
242) NULL pointer dereference (CVE-ID: CVE-2025-40085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_alias_quirk() function in sound/usb/card.c. A local user can perform a denial of service (DoS) attack.
243) Input validation error (CVE-ID: CVE-2025-40084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipc_msg_handle_free() function in fs/smb/server/transport_ipc.c. A local user can perform a denial of service (DoS) attack.
244) NULL pointer dereference (CVE-ID: CVE-2025-40083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the agg_dequeue() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
245) Buffer overflow (CVE-ID: CVE-2025-40081)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/perf/arm_spe_pmu.c. A local user can escalate privileges on the system.
246) Input validation error (CVE-ID: CVE-2025-40080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nbd_get_socket() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
247) Resource management error (CVE-ID: CVE-2025-40079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the emit_atomic_rmw() and __arch_prepare_bpf_trampoline() functions in arch/riscv/net/bpf_jit_comp64.c. A local user can perform a denial of service (DoS) attack.
248) Resource management error (CVE-ID: CVE-2025-40078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_addr_is_valid_access() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
249) Buffer overflow (CVE-ID: CVE-2025-40077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_truncate_partial_cluster() function in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
250) Improper locking (CVE-ID: CVE-2025-40071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gsm_send_packet(), gsm_dlci_open() and gsm_modem_upd_via_msc() functions in drivers/tty/n_gsm.c. A local user can perform a denial of service (DoS) attack.
251) Use-after-free (CVE-ID: CVE-2025-40070)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pps_register_cdev() function in drivers/pps/pps.c. A local user can escalate privileges on the system.
252) Input validation error (CVE-ID: CVE-2025-40068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the run_unpack() and run_get_highest_vcn() functions in fs/ntfs3/run.c. A local user can perform a denial of service (DoS) attack.
253) Buffer overflow (CVE-ID: CVE-2025-40067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the indx_add_allocate() function in fs/ntfs3/index.c. A local user can perform a denial of service (DoS) attack.
254) Double free (CVE-ID: CVE-2025-40062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the qm_diff_regs_init() function in drivers/crypto/hisilicon/debugfs.c. A local user can perform a denial of service (DoS) attack.
255) Use-after-free (CVE-ID: CVE-2025-40061)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_task() function in drivers/infiniband/sw/rxe/rxe_task.c. A local user can escalate privileges on the system.
256) NULL pointer dereference (CVE-ID: CVE-2025-40060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_trbe_alloc_buffer() function in drivers/hwtracing/coresight/coresight-trbe.c. A local user can perform a denial of service (DoS) attack.
257) NULL pointer dereference (CVE-ID: CVE-2025-40059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_trbe_register_coresight_cpu() function in drivers/hwtracing/coresight/coresight-trbe.c. A local user can perform a denial of service (DoS) attack.
258) Incorrect calculation (CVE-ID: CVE-2025-40058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the drivers/iommu/intel/iommu.h. A local user can perform a denial of service (DoS) attack.
259) Resource management error (CVE-ID: CVE-2025-40057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can perform a denial of service (DoS) attack.
260) Input validation error (CVE-ID: CVE-2025-40056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the copy_to_iotlb() function in drivers/vhost/vringh.c. A local user can perform a denial of service (DoS) attack.
261) Double free (CVE-ID: CVE-2025-40055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the user_cluster_connect() function in fs/ocfs2/stack_user.c. A local user can perform a denial of service (DoS) attack.
262) NULL pointer dereference (CVE-ID: CVE-2025-40053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the function in drivers/net/ethernet/dlink/dl2k.c. A local user can perform a denial of service (DoS) attack.
263) Use-after-free (CVE-ID: CVE-2025-40052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fill_transform_hdr(), smb2_aead_req_alloc() and crypt_message() functions in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
264) Input validation error (CVE-ID: CVE-2025-40051)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the copy_from_iotlb() function in drivers/vhost/vringh.c. A local user can perform a denial of service (DoS) attack.
265) Use of uninitialized resource (CVE-ID: CVE-2025-40049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the fs/squashfs/squashfs_fs_i.h. A local user can perform a denial of service (DoS) attack.
266) Memory leak (CVE-ID: CVE-2025-40048)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_channel_cb(), hv_uio_new_channel() and hv_uio_open() functions in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
267) Improper locking (CVE-ID: CVE-2025-40047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_waitid_wait() function in io_uring/waitid.c. A local user can perform a denial of service (DoS) attack.
268) Use-after-free (CVE-ID: CVE-2025-40044)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.
269) Input validation error (CVE-ID: CVE-2025-40043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_core_reset_ntf_packet(), nci_core_conn_credits_ntf_packet(), nci_core_generic_error_ntf_packet(), nci_core_conn_intf_error_ntf_packet(), nci_clear_target_list(), nci_rf_discover_ntf_packet(), nci_store_general_bytes_nfc_dep(), nci_rf_intf_activated_ntf_packet(), nci_rf_deactivate_ntf_packet(), nci_nfcee_discover_ntf_packet() and nci_ntf_packet() functions in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
270) NULL pointer dereference (CVE-ID: CVE-2025-40042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uprobe_dispatcher() and uretprobe_dispatcher() functions in kernel/trace/trace_uprobe.c. A local user can perform a denial of service (DoS) attack.
271) Improper locking (CVE-ID: CVE-2025-40038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the svm_vcpu_pre_run() function in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
272) Use-after-free (CVE-ID: CVE-2025-40037)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the simplefb_destroy(), simplefb_detach_genpds(), simplefb_attach_genpds() and simplefb_probe() functions in drivers/video/fbdev/simplefb.c. A local user can escalate privileges on the system.
273) Memory leak (CVE-ID: CVE-2025-40036)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fastrpc_put_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
274) Memory leak (CVE-ID: CVE-2025-40035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uinput_ff_upload_to_user() function in drivers/input/misc/uinput.c. A local user can perform a denial of service (DoS) attack.
275) NULL pointer dereference (CVE-ID: CVE-2025-40033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and pru_rproc_set_ctable() functions in drivers/remoteproc/pru_rproc.c. A local user can perform a denial of service (DoS) attack.
276) NULL pointer dereference (CVE-ID: CVE-2025-40032)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_clean_dma_chan() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
277) NULL pointer dereference (CVE-ID: CVE-2025-40031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the register_shm_helper() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
278) NULL pointer dereference (CVE-ID: CVE-2025-40030)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pinmux_func_name_to_selector() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
279) NULL pointer dereference (CVE-ID: CVE-2025-40029)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fsl_mc_bus_probe() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
280) Improper locking (CVE-ID: CVE-2025-40027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the p9_fd_cancelled() function in net/9p/trans_fd.c. A local user can perform a denial of service (DoS) attack.
281) Resource management error (CVE-ID: CVE-2025-40026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the emulator_is_smm() and x86_emulate_instruction() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
282) Resource management error (CVE-ID: CVE-2025-40024)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vhost_task_stop() and vhost_task_create() functions in kernel/vhost_task.c. A local user can perform a denial of service (DoS) attack.
283) Improper locking (CVE-ID: CVE-2025-40021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dyn_event_open() function in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.
284) Out-of-bounds read (CVE-ID: CVE-2025-40020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the peak_usb_update_ts_now() function in drivers/net/can/usb/peak_usb/pcan_usb_core.c. A local user can perform a denial of service (DoS) attack.
285) Input validation error (CVE-ID: CVE-2025-40019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the essiv_aead_crypt() function in crypto/essiv.c. A local user can perform a denial of service (DoS) attack.
286) Resource management error (CVE-ID: CVE-2025-40016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/media/usb/uvc/uvcvideo.h. A local user can perform a denial of service (DoS) attack.
287) NULL pointer dereference (CVE-ID: CVE-2025-40013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the audioreach_widget_load_module_common() function in sound/soc/qcom/qdsp6/topology.c. A local user can perform a denial of service (DoS) attack.
288) NULL pointer dereference (CVE-ID: CVE-2025-40011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the oaktrail_hdmi_teardown() function in drivers/gpu/drm/gma500/oaktrail_hdmi.c. A local user can perform a denial of service (DoS) attack.
289) NULL pointer dereference (CVE-ID: CVE-2025-40010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the afs_use_server() function in fs/afs/server.c. A local user can perform a denial of service (DoS) attack.
290) NULL pointer dereference (CVE-ID: CVE-2025-40009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pagemap_scan_backout_range() function in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
291) Out-of-bounds read (CVE-ID: CVE-2025-40008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEFINE_TEST_MEMSETXX() function in mm/kmsan/kmsan_test.c. A local user can perform a denial of service (DoS) attack.
292) Improper locking (CVE-ID: CVE-2025-40006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the remove_inode_single_folio() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
293) Use-after-free (CVE-ID: CVE-2025-40001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvs_free() function in drivers/scsi/mvsas/mv_init.c. A local user can escalate privileges on the system.
294) Use-after-free (CVE-ID: CVE-2025-40000)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ser_reset_trx_st_hdl() function in drivers/net/wireless/realtek/rtw89/ser.c. A local user can escalate privileges on the system.
295) Buffer overflow (CVE-ID: CVE-2025-39998)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the target_lu_gp_members_show() function in drivers/target/target_core_configfs.c. A local user can escalate privileges on the system.
296) Use-after-free (CVE-ID: CVE-2025-39996)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the flexcop_pci_remove() function in drivers/media/pci/b2c2/flexcop-pci.c. A local user can escalate privileges on the system.
297) Use-after-free (CVE-ID: CVE-2025-39995)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can escalate privileges on the system.
298) Use-after-free (CVE-ID: CVE-2025-39994)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xc5000_release() function in drivers/media/tuners/xc5000.c. A local user can escalate privileges on the system.
299) NULL pointer dereference (CVE-ID: CVE-2025-39992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the unuse_mm() function in mm/swapfile.c. A local user can perform a denial of service (DoS) attack.
300) NULL pointer dereference (CVE-ID: CVE-2025-39991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath11k_qmi_m3_load() function in drivers/net/wireless/ath/ath11k/qmi.c. A local user can perform a denial of service (DoS) attack.
301) Memory leak (CVE-ID: CVE-2025-39989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the error_context() function in arch/x86/kernel/cpu/mce/severity.c. A local user can perform a denial of service (DoS) attack.
302) Buffer overflow (CVE-ID: CVE-2025-39988)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/usb/etas_es58x/es58x_core.c. A local user can escalate privileges on the system.
303) Buffer overflow (CVE-ID: CVE-2025-39987)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.
304) Buffer overflow (CVE-ID: CVE-2025-39986)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/sun4i_can.c. A local user can escalate privileges on the system.
305) Buffer overflow (CVE-ID: CVE-2025-39985)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/usb/mcba_usb.c. A local user can escalate privileges on the system.
306) Use-after-free (CVE-ID: CVE-2025-39982)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_conn_complete_evt() and le_conn_complete_evt() functions in net/bluetooth/hci_event.c. A local user can escalate privileges on the system.
307) Use-after-free (CVE-ID: CVE-2025-39981)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/bluetooth/mgmt_util.h. A local user can escalate privileges on the system.
308) NULL pointer dereference (CVE-ID: CVE-2025-39980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the replace_nexthop_single() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
309) Use-after-free (CVE-ID: CVE-2025-39978)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the otx2_tc_add_flow() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c. A local user can escalate privileges on the system.
310) Use-after-free (CVE-ID: CVE-2025-39977)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the function in kernel/futex/requeue.c. A local user can escalate privileges on the system.
311) Input validation error (CVE-ID: CVE-2025-39973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_config_vsi_tx_queue() and i40e_config_vsi_rx_queue() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
312) Input validation error (CVE-ID: CVE-2025-39972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_validate_queue_map() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
313) Input validation error (CVE-ID: CVE-2025-39971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_vc_config_queues_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
314) Out-of-bounds read (CVE-ID: CVE-2025-39970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the i40e_validate_cloud_filter() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
315) Input validation error (CVE-ID: CVE-2025-39969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h. A local user can perform a denial of service (DoS) attack.
316) Buffer overflow (CVE-ID: CVE-2025-39968)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the i40e_vc_del_cloud_filter() and i40e_vc_add_cloud_filter() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can escalate privileges on the system.
317) Integer overflow (CVE-ID: CVE-2025-39967)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fbcon_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can execute arbitrary code.
318) Use-after-free (CVE-ID: CVE-2025-39965)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrm_alloc_spi() function in net/xfrm/xfrm_state.c. A local user can escalate privileges on the system.
319) NULL pointer dereference (CVE-ID: CVE-2025-39961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the increase_address_space(), alloc_pte(), fetch_pte() and v1_alloc_pgtable() functions in drivers/iommu/amd/io_pgtable.c. A local user can perform a denial of service (DoS) attack.
320) Input validation error (CVE-ID: CVE-2025-39957)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_register_hw() function in net/mac80211/main.c. A local user can perform a denial of service (DoS) attack.
321) Resource management error (CVE-ID: CVE-2025-39955)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_disconnect() function in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
322) Use-after-free (CVE-ID: CVE-2025-39953)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_PERCPU_RWSEM(), css_release_work_fn(), css_release(), css_create(), css_killed_ref_fn() and cgroup_wq_init() functions in kernel/cgroup/cgroup.c. A local user can escalate privileges on the system.
323) Buffer overflow (CVE-ID: CVE-2025-39952)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/net/wireless/microchip/wilc1000/wlan_cfg.h. A local user can escalate privileges on the system.
324) Use-after-free (CVE-ID: CVE-2025-39951)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_uml_probe() function in arch/um/drivers/virtio_uml.c. A local user can escalate privileges on the system.
325) NULL pointer dereference (CVE-ID: CVE-2025-39950)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcp_ao_finish_connect() function in net/ipv4/tcp_ao.c. A local user can perform a denial of service (DoS) attack.
326) Improper error handling (CVE-ID: CVE-2025-39949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qed_protection_override_dump() function in drivers/net/ethernet/qlogic/qed/qed_debug.c. A local user can perform a denial of service (DoS) attack.
327) Memory leak (CVE-ID: CVE-2025-39948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/net/ethernet/intel/ice/ice_txrx.h. A local user can perform a denial of service (DoS) attack.
328) NULL pointer dereference (CVE-ID: CVE-2025-39947)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mlx5/driver.h. A local user can perform a denial of service (DoS) attack.
329) Out-of-bounds read (CVE-ID: CVE-2025-39946)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tls_rx_msg_size() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
330) Use-after-free (CVE-ID: CVE-2025-39945)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cnic_cm_stop_bnx2x_hw() function in drivers/net/ethernet/broadcom/cnic.c. A local user can escalate privileges on the system.
331) Use-after-free (CVE-ID: CVE-2025-39944)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the otx2_ptp_destroy() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp.c. A local user can escalate privileges on the system.
332) Out-of-bounds read (CVE-ID: CVE-2025-39943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the recv_done() function in fs/smb/server/transport_rdma.c. A local user can perform a denial of service (DoS) attack.
333) Buffer overflow (CVE-ID: CVE-2025-39942)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the recv_done() function in fs/smb/server/transport_rdma.c. A local user can perform a denial of service (DoS) attack.
334) Integer overflow (CVE-ID: CVE-2025-39940)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the stripe_io_hints() function in drivers/md/dm-stripe.c. A local user can execute arbitrary code.
335) NULL pointer dereference (CVE-ID: CVE-2025-39938)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the q6apm_lpass_dai_prepare() function in sound/soc/qcom/qdsp6/q6apm-lpass-dais.c. A local user can perform a denial of service (DoS) attack.
336) NULL pointer dereference (CVE-ID: CVE-2025-39937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfkill_gpio_acpi_probe() function in net/rfkill/rfkill-gpio.c. A local user can perform a denial of service (DoS) attack.
337) NULL pointer dereference (CVE-ID: CVE-2025-39934)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the anx7625_i2c_probe() function in drivers/gpu/drm/bridge/analogix/anx7625.c. A local user can perform a denial of service (DoS) attack.
338) Improper locking (CVE-ID: CVE-2025-39932)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smbd_destroy() function in fs/smb/client/smbdirect.c. A local user can perform a denial of service (DoS) attack.
339) Infinite loop (CVE-ID: CVE-2025-39931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the af_alg_sendmsg() function in crypto/af_alg.c. A local user can perform a denial of service (DoS) attack.
340) Memory leak (CVE-ID: CVE-2025-39929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smbd_negotiate() function in fs/smb/client/smbdirect.c. A local user can perform a denial of service (DoS) attack.
341) Memory leak (CVE-ID: CVE-2025-39927)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fs/ceph/mds_client.h. A local user can perform a denial of service (DoS) attack.
342) Improper error handling (CVE-ID: CVE-2025-39923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bam_dma_probe() function in drivers/dma/qcom/bam_dma.c. A local user can perform a denial of service (DoS) attack.
343) NULL pointer dereference (CVE-ID: CVE-2025-39920)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_validate_mem() function in drivers/pcmcia/rsrc_nonstatic.c. A local user can perform a denial of service (DoS) attack.
344) Division by zero (CVE-ID: CVE-2025-39916)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the damon_reclaim_apply_parameters() function in mm/damon/reclaim.c. A local user can perform a denial of service (DoS) attack.
345) Resource management error (CVE-ID: CVE-2025-39914)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the trace_pid_write() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
346) Resource management error (CVE-ID: CVE-2025-39913)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_bpf_send_verdict() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
347) Resource management error (CVE-ID: CVE-2025-39911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_vsi_request_irq_msix() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
348) Input validation error (CVE-ID: CVE-2025-39909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the damon_lru_sort_apply_parameters() function in mm/damon/lru_sort.c. A local user can perform a denial of service (DoS) attack.
349) Out-of-bounds read (CVE-ID: CVE-2025-39907)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stm32_fmc2_nfc_xfer() and stm32_fmc2_nfc_dma_setup() functions in drivers/mtd/nand/raw/stm32_fmc2_nand.c. A local user can perform a denial of service (DoS) attack.
350) NULL pointer dereference (CVE-ID: CVE-2025-39902)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the object_err() function in mm/slub.c. A local user can perform a denial of service (DoS) attack.
351) Use-after-free (CVE-ID: CVE-2025-39901)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i40e_dbg_find_vsi(), i40e_dbg_command_write() and i40e_dbg_netdev_ops_write() functions in drivers/net/ethernet/intel/i40e/i40e_debugfs.c. A local user can escalate privileges on the system.
352) Resource management error (CVE-ID: CVE-2025-39899)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the move_pages_pte() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
353) Input validation error (CVE-ID: CVE-2025-39897)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the axienet_dma_rx_cb() function in drivers/net/ethernet/xilinx/xilinx_axienet_main.c. A local user can perform a denial of service (DoS) attack.
354) NULL pointer dereference (CVE-ID: CVE-2025-39895)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sched_numa_find_nth_cpu() function in kernel/sched/topology.c. A local user can perform a denial of service (DoS) attack.
355) Resource management error (CVE-ID: CVE-2025-39894)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the br_nf_local_in() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
356) Memory leak (CVE-ID: CVE-2025-39891)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the _mwifiex_fw_dpc() and mwifiex_uninit_sw() functions in drivers/net/wireless/marvell/mwifiex/main.c. A local user can perform a denial of service (DoS) attack.
357) Memory leak (CVE-ID: CVE-2025-39890)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_service_ready_ext_event() function in drivers/net/wireless/ath/ath12k/wmi.c. A local user can perform a denial of service (DoS) attack.
358) Buffer overflow (CVE-ID: CVE-2025-39889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the l2cap_connect() function in net/bluetooth/l2cap_core.c. A local user can perform a denial of service (DoS) attack.
359) Improper locking (CVE-ID: CVE-2025-39886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __bpf_async_init() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
360) Improper locking (CVE-ID: CVE-2025-39885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_extent_map_get_blocks(), ocfs2_fiemap_inline() and ocfs2_fiemap() functions in fs/ocfs2/extent_map.c. A local user can perform a denial of service (DoS) attack.
361) Improper error handling (CVE-ID: CVE-2025-39883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
362) Use-after-free (CVE-ID: CVE-2025-39881)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the of_on(), kernfs_seq_stop_active(), kernfs_seq_start(), kernfs_file_read_iter(), kernfs_fop_write_iter(), kernfs_vma_open(), kernfs_vma_fault(), kernfs_vma_page_mkwrite(), kernfs_vma_access(), kernfs_fop_mmap() and kernfs_fop_poll() functions in fs/kernfs/file.c. A local user can escalate privileges on the system.
363) Input validation error (CVE-ID: CVE-2025-39880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the con_fault_finish() and clear_standby() functions in net/ceph/messenger.c. A local user can perform a denial of service (DoS) attack.
364) Use-after-free (CVE-ID: CVE-2025-39877)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the state_show() function in mm/damon/sysfs.c. A local user can escalate privileges on the system.
365) NULL pointer dereference (CVE-ID: CVE-2025-39876)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fec_enet_phy_reset_after_clk_enable() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
366) Use-after-free (CVE-ID: CVE-2025-39873)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xcan_write_frame() function in drivers/net/can/xilinx_can.c. A local user can escalate privileges on the system.
367) Use-after-free (CVE-ID: CVE-2025-39871)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the idxd_remove() function in drivers/dma/idxd/init.c. A local user can escalate privileges on the system.
368) Double free (CVE-ID: CVE-2025-39870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the idxd_setup_wqs() function in drivers/dma/idxd/init.c. A local user can perform a denial of service (DoS) attack.
369) Out-of-bounds read (CVE-ID: CVE-2025-39869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the edma_setup_from_hw() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.
370) Use-after-free (CVE-ID: CVE-2025-39866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.
371) NULL pointer dereference (CVE-ID: CVE-2025-39865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
372) Use-after-free (CVE-ID: CVE-2025-39864)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cfg80211_update_known_bss() function in net/wireless/scan.c. A local user can escalate privileges on the system.
373) Use-after-free (CVE-ID: CVE-2025-39863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_btcoex_detach() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/btcoex.c. A local user can escalate privileges on the system.
374) Use-after-free (CVE-ID: CVE-2025-39861)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vhci_create_device(), vhci_open() and vhci_release() functions in drivers/bluetooth/hci_vhci.c. A local user can escalate privileges on the system.
375) Use-after-free (CVE-ID: CVE-2025-39860)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
376) NULL pointer dereference (CVE-ID: CVE-2025-39857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_ib_is_sg_need_sync() function in net/smc/smc_ib.c. A local user can perform a denial of service (DoS) attack.
377) Use-after-free (CVE-ID: CVE-2025-39854)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ice_ll_ts_intr() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can escalate privileges on the system.
378) NULL pointer dereference (CVE-ID: CVE-2025-39853)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_client_add_instance() function in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.
379) Memory leak (CVE-ID: CVE-2025-39852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_v6_syn_recv_sock() function in net/ipv6/tcp_ipv6.c. A local user can perform a denial of service (DoS) attack.
380) NULL pointer dereference (CVE-ID: CVE-2025-39851)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/vxlan/vxlan_private.h. A local user can perform a denial of service (DoS) attack.
381) NULL pointer dereference (CVE-ID: CVE-2025-39850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arp_reduce() and neigh_reduce() functions in drivers/net/vxlan/vxlan_core.c. A local user can perform a denial of service (DoS) attack.
382) Buffer overflow (CVE-ID: CVE-2025-39849)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the __cfg80211_connect_result() function in net/wireless/sme.c. A local user can escalate privileges on the system.
383) Input validation error (CVE-ID: CVE-2025-39848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ax25_rcv() function in net/ax25/ax25_in.c. A local user can perform a denial of service (DoS) attack.
384) Memory leak (CVE-ID: CVE-2025-39847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pad_compress_skb() and ppp_send_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
385) NULL pointer dereference (CVE-ID: CVE-2025-39846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __iodyn_find_io_region() function in drivers/pcmcia/rsrc_iodyn.c. A local user can perform a denial of service (DoS) attack.
386) Resource management error (CVE-ID: CVE-2025-39845)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sync_global_pgds() function in arch/x86/mm/init_64.c. A local user can perform a denial of service (DoS) attack.
387) Improper Initialization (CVE-ID: CVE-2025-39844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the include/linux/vmalloc.h. A local user can perform a denial of service (DoS) attack.
388) Improper locking (CVE-ID: CVE-2025-39843)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the get_track(), set_track_update(), free_debug_processing(), ___slab_alloc() and free_to_partial_list() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
389) NULL pointer dereference (CVE-ID: CVE-2025-39842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_clear_inode() function in fs/ocfs2/inode.c. A local user can perform a denial of service (DoS) attack.
390) Use-after-free (CVE-ID: CVE-2025-39841)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_nvmet_defer_rcv() function in drivers/scsi/lpfc/lpfc_nvmet.c. A local user can escalate privileges on the system.
391) Out-of-bounds read (CVE-ID: CVE-2025-39839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the batadv_nc_skb_decode_packet() function in net/batman-adv/network-coding.c. A local user can perform a denial of service (DoS) attack.
392) NULL pointer dereference (CVE-ID: CVE-2025-39838)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cifs_strndup_to_utf16() function in fs/smb/client/cifs_unicode.c. A local user can perform a denial of service (DoS) attack.
393) Buffer overflow (CVE-ID: CVE-2025-39836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mm_communicate(), setup_mm_hdr(), get_max_payload(), get_property_int(), tee_get_variable(), tee_get_next_variable(), tee_set_variable() and tee_query_variable_info() functions in drivers/firmware/efi/stmm/tee_stmm_efi.c. A local user can perform a denial of service (DoS) attack.
394) Memory leak (CVE-ID: CVE-2025-39835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xfs_da_read_buf() function in fs/xfs/libxfs/xfs_da_btree.c. A local user can perform a denial of service (DoS) attack.
395) Improper locking (CVE-ID: CVE-2025-39832)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h. A local user can perform a denial of service (DoS) attack.
396) Resource management error (CVE-ID: CVE-2025-39829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the register_ftrace_graph() function in kernel/trace/fgraph.c. A local user can perform a denial of service (DoS) attack.
397) Out-of-bounds write (CVE-ID: CVE-2025-39828)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the vcc_sendmsg() function in net/atm/common.c. A local user can execute arbitrary code.
398) Resource management error (CVE-ID: CVE-2025-39827)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rose_add_node(), rose_del_node(), rose_add_loopback_node(), rose_del_loopback_node(), rose_rt_device_down(), rose_clear_routes(), rose_neigh_show() and rose_rt_free() functions in net/rose/rose_route.c. A local user can perform a denial of service (DoS) attack.
399) Race condition (CVE-ID: CVE-2025-39826)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rose_timer_expiry() function in net/rose/rose_timer.c. A local user can escalate privileges on the system.
400) Race condition (CVE-ID: CVE-2025-39825)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the cifs_rename2() function in fs/smb/client/inode.c. A local user can escalate privileges on the system.
401) Resource management error (CVE-ID: CVE-2025-39824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the asus_probe() function in drivers/hid/hid-asus.c. A local user can perform a denial of service (DoS) attack.
402) Input validation error (CVE-ID: CVE-2025-39823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_sched_yield() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
403) Resource management error (CVE-ID: CVE-2025-39819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smb2_compound_op() function in fs/smb/client/smb2inode.c. A local user can perform a denial of service (DoS) attack.
404) Buffer overflow (CVE-ID: CVE-2025-39817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efivarfs_d_compare() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
405) Buffer overflow (CVE-ID: CVE-2025-39815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the kvm_riscv_vcpu_set_reg_vector() function in arch/riscv/kvm/vcpu_vector.c. A local user can perform a denial of service (DoS) attack.
406) Resource management error (CVE-ID: CVE-2025-39813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ftrace_dump() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
407) Input validation error (CVE-ID: CVE-2025-39812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sctp_v6_from_sk() function in net/sctp/ipv6.c. A local user can perform a denial of service (DoS) attack.
408) Input validation error (CVE-ID: CVE-2025-39811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xe_vm_create_scratch() function in drivers/gpu/drm/xe/xe_vm.c. A local user can perform a denial of service (DoS) attack.
409) Buffer overflow (CVE-ID: CVE-2025-39810)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bnxt_set_xps_mapping(), bnxt_trim_dflt_sh_rings(), bnxt_set_dflt_rings() and bnxt_init_dflt_ring_mode() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can escalate privileges on the system.
410) Resource management error (CVE-ID: CVE-2025-39808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ntrig_report_version() function in drivers/hid/hid-ntrig.c. A local user can perform a denial of service (DoS) attack.
411) Input validation error (CVE-ID: CVE-2025-39807)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mtk_plane_atomic_disable() function in drivers/gpu/drm/mediatek/mtk_plane.c. A local user can perform a denial of service (DoS) attack.
412) Input validation error (CVE-ID: CVE-2025-39806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt_report_fixup() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.
413) Resource management error (CVE-ID: CVE-2025-39805)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the macb_remove() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.
414) Resource management error (CVE-ID: CVE-2025-39801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dwc3_stop_active_transfer() and dwc3_clear_stall_all_ep() functions in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
415) Resource management error (CVE-ID: CVE-2025-39800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the btrfs_copy_root() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
416) Input validation error (CVE-ID: CVE-2025-39798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs4_server_capabilities() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
417) Improper error handling (CVE-ID: CVE-2025-39797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the xfrm_state_lookup_byspi() and xfrm_alloc_spi() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
418) Buffer overflow (CVE-ID: CVE-2025-39795)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_stack_limits() function in block/blk-settings.c. A local user can escalate privileges on the system.
419) Input validation error (CVE-ID: CVE-2025-39794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_cpu_reset_handler_enable() function in arch/arm/mach-tegra/reset.c. A local user can perform a denial of service (DoS) attack.
420) Double free (CVE-ID: CVE-2025-39790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
421) Out-of-bounds read (CVE-ID: CVE-2025-39788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the exynos_ufs_post_link() function in drivers/scsi/ufs/ufs-exynos.c. A local user can perform a denial of service (DoS) attack.
422) Incorrect calculation (CVE-ID: CVE-2025-39787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qcom_mdt_get_size(), qcom_mdt_read_metadata() and __qcom_mdt_load() functions in drivers/soc/qcom/mdt_loader.c. A local user can perform a denial of service (DoS) attack.
423) Use-after-free (CVE-ID: CVE-2025-39783)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_epf_remove_cfs() function in drivers/pci/endpoint/pci-epf-core.c. A local user can escalate privileges on the system.
424) Improper locking (CVE-ID: CVE-2025-39782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the jbd2_log_do_checkpoint() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
425) Resource management error (CVE-ID: CVE-2025-39781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the flush_cache_vmap() function in arch/parisc/kernel/cache.c. A local user can perform a denial of service (DoS) attack.
426) Improper locking (CVE-ID: CVE-2025-39779)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_subpage_set_writeback() function in fs/btrfs/subpage.c. A local user can perform a denial of service (DoS) attack.
427) Resource management error (CVE-ID: CVE-2025-39776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the destroy_args() function in mm/debug_vm_pgtable.c. A local user can perform a denial of service (DoS) attack.
428) Improper locking (CVE-ID: CVE-2025-39773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/bridge/br_private.h. A local user can perform a denial of service (DoS) attack.
429) NULL pointer dereference (CVE-ID: CVE-2025-39772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hibmc_load() function in drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c. A local user can perform a denial of service (DoS) attack.
430) Improper locking (CVE-ID: CVE-2025-39770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gso_features_check() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
431) Resource management error (CVE-ID: CVE-2025-39766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cake_enqueue() function in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
432) Improper locking (CVE-ID: CVE-2025-39763)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ghes_do_proc() function in drivers/acpi/apei/ghes.c. A local user can perform a denial of service (DoS) attack.
433) Out-of-bounds read (CVE-ID: CVE-2025-39761)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath12k_dp_peer_setup() function in drivers/net/wireless/ath/ath12k/dp.c. A local user can perform a denial of service (DoS) attack.
434) Out-of-bounds read (CVE-ID: CVE-2025-39760)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the usb_parse_ss_endpoint_companion() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
435) Use-after-free (CVE-ID: CVE-2025-39759)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_check_quota_leak() and btrfs_qgroup_rescan() functions in fs/btrfs/qgroup.c. A local user can escalate privileges on the system.
436) Out-of-bounds read (CVE-ID: CVE-2025-39758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the siw_tcp_sendpages() function in drivers/infiniband/sw/siw/siw_qp_tx.c. A local user can perform a denial of service (DoS) attack.
437) Out-of-bounds read (CVE-ID: CVE-2025-39757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the convert_chmap_v3() and snd_usb_get_audioformat_uac3() functions in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
438) Resource management error (CVE-ID: CVE-2025-39756)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the alloc_fdtable() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
439) Resource management error (CVE-ID: CVE-2025-39753)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in fs/gfs2/meta_io.c. A local user can perform a denial of service (DoS) attack.
440) Input validation error (CVE-ID: CVE-2025-39752)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rockchip_smp_prepare_cpus() function in arch/arm/mach-rockchip/platsmp.c. A local user can perform a denial of service (DoS) attack.
441) Out-of-bounds read (CVE-ID: CVE-2025-39750)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath12k_dp_peer_setup() function in drivers/net/wireless/ath/ath12k/dp.c. A local user can perform a denial of service (DoS) attack.
442) Improper locking (CVE-ID: CVE-2025-39749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/rcu/tree_plugin.h. A local user can perform a denial of service (DoS) attack.
443) Resource management error (CVE-ID: CVE-2025-39748)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the regs_refine_cond_op() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
444) NULL pointer dereference (CVE-ID: CVE-2025-39747)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_ioctl_gem_info_set_metadata() function in drivers/gpu/drm/msm/msm_drv.c. A local user can perform a denial of service (DoS) attack.
445) Input validation error (CVE-ID: CVE-2025-39746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath10k_wmi_cmd_send() function in drivers/net/wireless/ath/ath10k/wmi.c. A local user can perform a denial of service (DoS) attack.
446) Improper locking (CVE-ID: CVE-2025-39744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/rcu/tree_plugin.h. A local user can perform a denial of service (DoS) attack.
447) Input validation error (CVE-ID: CVE-2025-39743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_evict_inode() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
448) Division by zero (CVE-ID: CVE-2025-39742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the find_hw_thread_mask() function in drivers/infiniband/hw/hfi1/affinity.c. A local user can perform a denial of service (DoS) attack.
449) Improper error handling (CVE-ID: CVE-2025-39739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the function in drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c. A local user can perform a denial of service (DoS) attack.
450) Infinite loop (CVE-ID: CVE-2025-39738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the create_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
451) Memory leak (CVE-ID: CVE-2025-39737)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __kmemleak_do_cleanup() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.
452) Memory leak (CVE-ID: CVE-2025-39736)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mem_pool_alloc() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.
453) Improper locking (CVE-ID: CVE-2025-39734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_file_mmap() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.
454) Resource management error (CVE-ID: CVE-2025-39732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_mac_op_set_bitrate_mask() function in drivers/net/wireless/ath/ath11k/mac.c. A local user can perform a denial of service (DoS) attack.
455) Improper error handling (CVE-ID: CVE-2025-39731)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_read_end_io() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
456) Input validation error (CVE-ID: CVE-2025-39730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_fh_to_dentry() function in fs/nfs/export.c. A local user can perform a denial of service (DoS) attack.
457) Buffer overflow (CVE-ID: CVE-2025-39726)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ism_cmd() and ism_probe() functions in drivers/s390/net/ism_drv.c. A local user can perform a denial of service (DoS) attack.
458) Improper error handling (CVE-ID: CVE-2025-39724)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the serial8250_do_startup() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
459) Use-after-free (CVE-ID: CVE-2025-39721)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adf_misc_wq_queue_delayed_work() function in drivers/crypto/intel/qat/qat_common/adf_isr.c, within the adf_dev_shutdown() function in drivers/crypto/intel/qat/qat_common/adf_init.c. A local user can escalate privileges on the system.
460) Memory leak (CVE-ID: CVE-2025-39720)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb_send_parent_lease_break_noti(), smb_lazy_parent_lease_break_close() and smb_break_all_levII_oplock() functions in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
461) Out-of-bounds read (CVE-ID: CVE-2025-39719)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ARRAY_SIZE() and bno055_get_regmask() functions in drivers/iio/imu/bno055/bno055.c. A local user can perform a denial of service (DoS) attack.
462) Buffer overflow (CVE-ID: CVE-2025-39718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtio_transport_rx_work() function in net/vmw_vsock/virtio_transport.c. A local user can perform a denial of service (DoS) attack.
463) Input validation error (CVE-ID: CVE-2025-39716)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/parisc/include/asm/uaccess.h. A local user can perform a denial of service (DoS) attack.
464) Input validation error (CVE-ID: CVE-2025-39715)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the 1: ldw 0(), 10: ldw 0() and 1: ldb 0() functions in arch/parisc/kernel/syscall.S. A local user can perform a denial of service (DoS) attack.
465) Improper locking (CVE-ID: CVE-2025-39714)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usbtv_configure_for_norm() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.
466) Improper locking (CVE-ID: CVE-2025-39713)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rain_interrupt() function in drivers/media/cec/usb/rainshadow/rainshadow-cec.c. A local user can perform a denial of service (DoS) attack.
467) Improper locking (CVE-ID: CVE-2025-39712)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mt9m114_ifp_get_frame_interval() and mt9m114_ifp_set_frame_interval() functions in drivers/media/i2c/mt9m114.c. A local user can perform a denial of service (DoS) attack.
468) Use-after-free (CVE-ID: CVE-2025-39711)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mei_csi_remove() function in drivers/media/pci/intel/ivsc/mei_csi.c, within the mei_ace_remove() function in drivers/media/pci/intel/ivsc/mei_ace.c. A local user can escalate privileges on the system.
469) Out-of-bounds read (CVE-ID: CVE-2025-39710)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the venus_write_queue() and venus_read_queue() functions in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.
470) NULL pointer dereference (CVE-ID: CVE-2025-39709)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the venus_probe() function in drivers/media/platform/qcom/venus/core.c. A local user can perform a denial of service (DoS) attack.
471) NULL pointer dereference (CVE-ID: CVE-2025-39707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the capabilities_show() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.
472) NULL pointer dereference (CVE-ID: CVE-2025-39706)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kfd_exit() function in drivers/gpu/drm/amd/amdkfd/kfd_module.c. A local user can perform a denial of service (DoS) attack.
473) NULL pointer dereference (CVE-ID: CVE-2025-39705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_destruct() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
474) Input validation error (CVE-ID: CVE-2025-39703)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hsr_handle_frame() function in net/hsr/hsr_slave.c. A local user can perform a denial of service (DoS) attack.
475) Resource management error (CVE-ID: CVE-2025-39702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the seg6_hmac_validate_skb() function in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
476) Input validation error (CVE-ID: CVE-2025-39701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the applicable_image() function in drivers/acpi/pfr_update.c. A local user can perform a denial of service (DoS) attack.
477) Use-after-free (CVE-ID: CVE-2025-39698)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_futex_wait() function in io_uring/futex.c. A local user can execute arbitrary code with elevated privileges.
478) Improper locking (CVE-ID: CVE-2025-39697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_page_set_inode_ref(), nfs_page_group_lock() and nfs_inode_remove_request() functions in fs/nfs/write.c, within the nfs_page_group_unlock() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
479) Improper error handling (CVE-ID: CVE-2025-39694)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sclpint_to_sccb(), __sclp_find_req() and sclp_interrupt_handler() functions in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
480) NULL pointer dereference (CVE-ID: CVE-2025-39693)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_connector_atomic_check() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
481) NULL pointer dereference (CVE-ID: CVE-2025-39692)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ksmbd_rdma_init() and ksmbd_rdma_destroy() functions in fs/smb/server/transport_rdma.c, within the ksmbd_conn_transport_destroy() function in fs/smb/server/connection.c. A local user can perform a denial of service (DoS) attack.
482) Use-after-free (CVE-ID: CVE-2025-39691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __end_buffer_read_notouch() function in fs/buffer.c. A local user can escalate privileges on the system.
483) Use-after-free (CVE-ID: CVE-2025-39689)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_regex_open() and ftrace_regex_release() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
484) Buffer overflow (CVE-ID: CVE-2025-39687)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the as73211_trigger_handler() function in drivers/iio/light/as73211.c. A local user can perform a denial of service (DoS) attack.
485) Memory leak (CVE-ID: CVE-2025-39686)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the insn_rw_emulate_bits() function in drivers/comedi/drivers.c. A local user can perform a denial of service (DoS) attack.
486) Out-of-bounds read (CVE-ID: CVE-2025-39685)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl726_attach() function in drivers/comedi/drivers/pcl726.c. A local user can perform a denial of service (DoS) attack.
487) Memory leak (CVE-ID: CVE-2025-39684)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the do_insnlist_ioctl() and do_insn_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
488) Out-of-bounds read (CVE-ID: CVE-2025-39683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trace_get_user() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
489) Use of uninitialized resource (CVE-ID: CVE-2025-39681)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the bsp_init_hygon() function in arch/x86/kernel/cpu/hygon.c. A local user can perform a denial of service (DoS) attack.
490) Memory leak (CVE-ID: CVE-2025-39679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvif_vmm_ctor() function in drivers/gpu/drm/nouveau/nvif/vmm.c. A local user can perform a denial of service (DoS) attack.
491) NULL pointer dereference (CVE-ID: CVE-2025-39678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hsmp_metric_tbl_read() function in drivers/platform/x86/amd/hsmp/hsmp.c. A local user can perform a denial of service (DoS) attack.
492) NULL pointer dereference (CVE-ID: CVE-2025-39676)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla4xxx_get_ep_fwdb() function in drivers/scsi/qla4xxx/ql4_os.c. A local user can perform a denial of service (DoS) attack.
493) NULL pointer dereference (CVE-ID: CVE-2025-39675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_create_session() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.
494) NULL pointer dereference (CVE-ID: CVE-2025-39673)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ppp_fill_forward_path(), ppp_unregister_channel(), ppp_connect_channel() and ppp_disconnect_channel() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
495) NULL pointer dereference (CVE-ID: CVE-2025-38735)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_shutdown() function in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.
496) Use-after-free (CVE-ID: CVE-2025-38734)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_listen_work() function in net/smc/af_smc.c. A local user can escalate privileges on the system.
497) Memory leak (CVE-ID: CVE-2025-38732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nf_send_reset6() and nf_send_unreach6() functions in net/ipv6/netfilter/nf_reject_ipv6.c, within the nf_send_reset() and nf_send_unreach() functions in net/ipv4/netfilter/nf_reject_ipv4.c. A local user can perform a denial of service (DoS) attack.
498) Improper locking (CVE-ID: CVE-2025-38730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_bundle_nbufs(), io_sendmsg(), io_net_kbuf_recyle(), io_send_zc() and io_sendmsg_zc() functions in io_uring/net.c. A local user can perform a denial of service (DoS) attack.
499) Out-of-bounds read (CVE-ID: CVE-2025-38729)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_uac3_feature_unit() and FUNC() functions in sound/usb/validate.c. A local user can perform a denial of service (DoS) attack.
500) Out-of-bounds read (CVE-ID: CVE-2025-38728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sizeof() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
501) NULL pointer dereference (CVE-ID: CVE-2025-38725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ax88772_init_mdio() function in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.
502) Use-after-free (CVE-ID: CVE-2025-38724)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfsd4_setclientid_confirm() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
503) Use-after-free (CVE-ID: CVE-2025-38722)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hl_release_dmabuf() and export_dmabuf() functions in drivers/accel/habanalabs/common/memory.c. A local user can escalate privileges on the system.
504) Memory leak (CVE-ID: CVE-2025-38721)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ctnetlink_done(), ctnetlink_get_id(), NFNL_MSG_TYPE() and local_bh_enable() functions in net/netfilter/nf_conntrack_netlink.c. A local user can perform a denial of service (DoS) attack.
505) Improper locking (CVE-ID: CVE-2025-38718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sctp_rcv() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
506) NULL pointer dereference (CVE-ID: CVE-2025-38716)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hfs_ext_keycmp() function in fs/hfs/extent.c, within the hfs_btree_open() function in fs/hfs/btree.c, within the hfs_find_init() function in fs/hfs/bfind.c. A local user can perform a denial of service (DoS) attack.
507) Out-of-bounds read (CVE-ID: CVE-2025-38715)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the is_bnode_offset_valid(), hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy() and hfs_bnode_move() functions in fs/hfs/bnode.c. A local user can perform a denial of service (DoS) attack.
508) Out-of-bounds read (CVE-ID: CVE-2025-38714)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the is_bnode_offset_valid(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy() and hfs_bnode_move() functions in fs/hfsplus/bnode.c. A local user can perform a denial of service (DoS) attack.
509) Out-of-bounds read (CVE-ID: CVE-2025-38713)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_uni2asc() function in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
510) Input validation error (CVE-ID: CVE-2025-38712)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the PTR_ERR() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
511) Improper locking (CVE-ID: CVE-2025-38711)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_create_link() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
512) Input validation error (CVE-ID: CVE-2025-38710)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gfs2_dinode_in() function in fs/gfs2/glops.c, within the dir_make_exhash() function in fs/gfs2/dir.c. A local user can perform a denial of service (DoS) attack.
513) Buffer overflow (CVE-ID: CVE-2025-38709)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the loop_set_dio(), loop_set_block_size(), lo_simple_ioctl() and lo_ioctl() functions in drivers/block/loop.c. A local user can escalate privileges on the system.
514) Use-after-free (CVE-ID: CVE-2025-38708)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the handle_write_conflicts() function in drivers/block/drbd/drbd_receiver.c. A local user can escalate privileges on the system.
515) Input validation error (CVE-ID: CVE-2025-38707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_dir_emit() function in fs/ntfs3/dir.c. A local user can perform a denial of service (DoS) attack.
516) NULL pointer dereference (CVE-ID: CVE-2025-38706)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_soc_remove_pcm_runtime() function in sound/soc/soc-core.c. A local user can perform a denial of service (DoS) attack.
517) NULL pointer dereference (CVE-ID: CVE-2025-38705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_set_pp_power_profile_mode() and parse_input_od_command_lines() functions in drivers/gpu/drm/amd/pm/amdgpu_pm.c. A local user can perform a denial of service (DoS) attack.
518) Input validation error (CVE-ID: CVE-2025-38704)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kernel/rcu/tree_nocb.h. A local user can perform a denial of service (DoS) attack.
519) Improper locking (CVE-ID: CVE-2025-38703)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xe_hw_fence_irq_finish() function in drivers/gpu/drm/xe/xe_hw_fence.c, within the __guc_exec_queue_fini_async() and guc_exec_queue_init() functions in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
520) Buffer overflow (CVE-ID: CVE-2025-38702)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the do_register_framebuffer() function in drivers/video/fbdev/core/fbmem.c. A local user can escalate privileges on the system.
521) Input validation error (CVE-ID: CVE-2025-38701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_create_inline_data(), ext4_update_inline_data() and ext4_inline_data_truncate() functions in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
522) NULL pointer dereference (CVE-ID: CVE-2025-38700)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsi_conn_setup() function in drivers/scsi/libiscsi.c. A local user can perform a denial of service (DoS) attack.
523) Use-after-free (CVE-ID: CVE-2025-38699)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfad_im_probe() function in drivers/scsi/bfa/bfad_im.c. A local user can escalate privileges on the system.
524) Input validation error (CVE-ID: CVE-2025-38698)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_open() function in fs/jfs/file.c. A local user can perform a denial of service (DoS) attack.
525) Out-of-bounds read (CVE-ID: CVE-2025-38697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
526) NULL pointer dereference (CVE-ID: CVE-2025-38696)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mips_stack_top() function in arch/mips/kernel/process.c. A local user can perform a denial of service (DoS) attack.
527) NULL pointer dereference (CVE-ID: CVE-2025-38695)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli4_vport_delete_fcp_xri_aborted() function in drivers/scsi/lpfc/lpfc_scsi.c. A local user can perform a denial of service (DoS) attack.
528) NULL pointer dereference (CVE-ID: CVE-2025-38694)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dib7090p_rw_on_apb() function in drivers/media/dvb-frontends/dib7000p.c. A local user can perform a denial of service (DoS) attack.
529) NULL pointer dereference (CVE-ID: CVE-2025-38693)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the w7090p_tuner_write_serpar() and w7090p_tuner_read_serpar() functions in drivers/media/dvb-frontends/dib7000p.c. A local user can perform a denial of service (DoS) attack.
530) Infinite loop (CVE-ID: CVE-2025-38692)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the exfat_hash_init(), exfat_read_root(), exfat_verify_boot_region(), __exfat_fill_super() and exfat_fill_super() functions in fs/exfat/super.c, within the exfat_check_dir_empty() function in fs/exfat/namei.c, within the exfat_count_num_clusters() function in fs/exfat/fatent.c, within the exfat_find_dir_entry() and exfat_count_dir_entries() functions in fs/exfat/dir.c. A local user can perform a denial of service (DoS) attack.
531) Use-after-free (CVE-ID: CVE-2025-38691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext_tree_encode_commit(), ext_tree_prepare_commit() and dprintk() functions in fs/nfs/blocklayout/extent_tree.c. A local user can escalate privileges on the system.
532) Buffer overflow (CVE-ID: CVE-2025-38688)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the iopt_area_contig_next() function in drivers/iommu/iommufd/io_pagetable.c. A local user can escalate privileges on the system.
533) Use-after-free (CVE-ID: CVE-2025-38687)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the comedi_device_detach_cleanup() function in drivers/comedi/drivers.c, within the is_device_busy() and do_devconfig_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can escalate privileges on the system.
534) Input validation error (CVE-ID: CVE-2025-38686)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the move_pages() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
535) Out-of-bounds read (CVE-ID: CVE-2025-38685)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the con2fb_init_display() and fbcon_set_disp() functions in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
536) NULL pointer dereference (CVE-ID: CVE-2025-38684)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
537) Use-after-free (CVE-ID: CVE-2025-38681)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ptdump_walk_pgd() function in mm/ptdump.c, within the ptdump_show() function in arch/s390/mm/dump_pagetables.c, within the ptdump_show() function in arch/arm64/mm/ptdump_debugfs.c. A local user can escalate privileges on the system.
538) Out-of-bounds read (CVE-ID: CVE-2025-38680)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can perform a denial of service (DoS) attack.
539) Memory leak (CVE-ID: CVE-2025-38679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_seq_changed() function in drivers/media/platform/qcom/venus/hfi_msgs.c. A local user can perform a denial of service (DoS) attack.
540) Out-of-bounds read (CVE-ID: CVE-2025-38677)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_get_dnode_of_data() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
541) Buffer overflow (CVE-ID: CVE-2025-38676)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_ivrs_acpihid() function in drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
542) Improper locking (CVE-ID: CVE-2025-38675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xfrm_state_find() function in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
543) Infinite loop (CVE-ID: CVE-2025-38671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the qup_i2c_bus_active() function in drivers/i2c/busses/i2c-qup.c. A local user can perform a denial of service (DoS) attack.
544) Improper error handling (CVE-ID: CVE-2025-38670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_END(), SYM_FUNC_START() and NOKPROBE() functions in arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
545) NULL pointer dereference (CVE-ID: CVE-2025-38668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the regulator_remove_coupling() function in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
546) NULL pointer dereference (CVE-ID: CVE-2025-38665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_changelink() function in drivers/net/can/dev/netlink.c, within the can_change_state(), can_restart() and can_restart_now() functions in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
547) NULL pointer dereference (CVE-ID: CVE-2025-38664)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_copy_and_init_pkg() function in drivers/net/ethernet/intel/ice/ice_ddp.c. A local user can perform a denial of service (DoS) attack.
548) Input validation error (CVE-ID: CVE-2025-38663)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nilfs_read_inode() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
549) Input validation error (CVE-ID: CVE-2025-38660)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_longname() function in fs/ceph/crypto.c. A local user can perform a denial of service (DoS) attack.
550) Use-after-free (CVE-ID: CVE-2025-38659)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the signal_our_withdraw() function in fs/gfs2/util.c. A local user can escalate privileges on the system.
551) Use-after-free (CVE-ID: CVE-2025-38653)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_reg_open() function in fs/proc/inode.c, within the pde_set_flags() function in fs/proc/generic.c. A local user can escalate privileges on the system.
552) Out-of-bounds read (CVE-ID: CVE-2025-38652)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
553) Improper locking (CVE-ID: CVE-2025-38650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_free_extents() function in fs/hfsplus/extents.c. A local user can perform a denial of service (DoS) attack.
554) NULL pointer dereference (CVE-ID: CVE-2025-38648)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_spi_probe() function in drivers/spi/spi-stm32.c. A local user can perform a denial of service (DoS) attack.
555) NULL pointer dereference (CVE-ID: CVE-2025-38646)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_core_cancel_6ghz_probe_tx() function in drivers/net/wireless/realtek/rtw89/core.c. A local user can perform a denial of service (DoS) attack.
556) NULL pointer dereference (CVE-ID: CVE-2025-38645)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_init_once() function in drivers/net/ethernet/mellanox/mlx5/core/main.c, within the mlx5_dm_create() and kfree() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c, within the handle_alloc_dm_memic() function in drivers/infiniband/hw/mlx5/dm.c. A local user can perform a denial of service (DoS) attack.
557) Use of uninitialized resource (CVE-ID: CVE-2025-38644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.
558) Improper locking (CVE-ID: CVE-2025-38643)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cfg80211_check_and_end_cac() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
559) Improper locking (CVE-ID: CVE-2025-38640)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_hook_run_bpf() function in net/netfilter/nf_bpf_link.c. A local user can perform a denial of service (DoS) attack.
560) Out-of-bounds read (CVE-ID: CVE-2025-38639)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfacct_mt_checkentry() function in net/netfilter/xt_nfacct.c. A local user can perform a denial of service (DoS) attack.
561) NULL pointer dereference (CVE-ID: CVE-2025-38635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the davinci_lpsc_clk_register() function in drivers/clk/davinci/psc.c. A local user can perform a denial of service (DoS) attack.
562) NULL pointer dereference (CVE-ID: CVE-2025-38634)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpcap_usb_detect() function in drivers/power/supply/cpcap-charger.c. A local user can perform a denial of service (DoS) attack.
563) NULL pointer dereference (CVE-ID: CVE-2025-38632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pin_free() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
564) NULL pointer dereference (CVE-ID: CVE-2025-38630)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imxfb_probe() function in drivers/video/fbdev/imxfb.c. A local user can perform a denial of service (DoS) attack.
565) Use-after-free (CVE-ID: CVE-2025-38627)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lzo_decompress_pages(), lz4_decompress_pages(), zstd_init_decompress_ctx(), zstd_decompress_pages(), f2fs_release_decomp_mem(), f2fs_end_read_compressed_page(), allow_memalloc_for_decomp(), f2fs_prepare_decomp_mem(), f2fs_alloc_dic(), f2fs_free_dic() and f2fs_put_dic() functions in fs/f2fs/compress.c. A local user can escalate privileges on the system.
566) Improper error handling (CVE-ID: CVE-2025-38626)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_map_blocks() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
567) Resource management error (CVE-ID: CVE-2025-38625)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pds_vfio_ops_info() function in drivers/vfio/pci/pds/vfio_dev.c. A local user can perform a denial of service (DoS) attack.
568) Memory leak (CVE-ID: CVE-2025-38624)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
569) Improper error handling (CVE-ID: CVE-2025-38623)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pnv_php_set_attention_state(), pnv_php_enable() and pnv_php_enable_msix() functions in drivers/pci/hotplug/pnv_php.c, within the pci_hp_add_devices() function in arch/powerpc/kernel/pci-hotplug.c. A local user can perform a denial of service (DoS) attack.
570) Improper error handling (CVE-ID: CVE-2025-38622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/net/udp.h. A local user can perform a denial of service (DoS) attack.
571) Improper locking (CVE-ID: CVE-2025-38619)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ti_csi2rx_dma_callback() function in drivers/media/platform/ti/j721e-csi2rx/j721e-csi2rx.c. A local user can perform a denial of service (DoS) attack.
572) Input validation error (CVE-ID: CVE-2025-38615)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_rename() function in fs/ntfs3/namei.c, within the ni_add_name() and ni_rename() functions in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.
573) Infinite loop (CVE-ID: CVE-2025-38614)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ep_poll() and ep_loop_check_proc() functions in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
574) Memory leak (CVE-ID: CVE-2025-38612)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fbtft_framebuffer_alloc() function in drivers/staging/fbtft/fbtft-core.c. A local user can perform a denial of service (DoS) attack.
575) NULL pointer dereference (CVE-ID: CVE-2025-38610)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_pd_power_uw() function in drivers/powercap/dtpm_cpu.c. A local user can perform a denial of service (DoS) attack.
576) NULL pointer dereference (CVE-ID: CVE-2025-38609)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devfreq_remove_governor() function in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
577) Use of uninitialized resource (CVE-ID: CVE-2025-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
578) NULL pointer dereference (CVE-ID: CVE-2025-38604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl8187_stop() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can perform a denial of service (DoS) attack.
579) NULL pointer dereference (CVE-ID: CVE-2025-38602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
580) Improper locking (CVE-ID: CVE-2025-38601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in drivers/net/wireless/ath/ath11k/hal.c. A local user can perform a denial of service (DoS) attack.
581) Use-after-free (CVE-ID: CVE-2025-38595)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dmabuf_exp_from_pages() function in drivers/xen/gntdev-dmabuf.c. A local user can escalate privileges on the system.
582) NULL pointer dereference (CVE-ID: CVE-2025-38593)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/bluetooth/hci_core.h. A local user can perform a denial of service (DoS) attack.
583) NULL pointer dereference (CVE-ID: CVE-2025-38590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_ipsec_offload_handle_rx_skb() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c. A local user can perform a denial of service (DoS) attack.
584) Infinite loop (CVE-ID: CVE-2025-38588)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rt6_nh_nlmsg_size() function in net/ipv6/route.c, within the WRITE_ONCE() and fib6_del_route() functions in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
585) Infinite loop (CVE-ID: CVE-2025-38587)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fib6_info_uses_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
586) Buffer overflow (CVE-ID: CVE-2025-38585)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the gmin_get_config_var() function in drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c. A local user can escalate privileges on the system.
587) Use-after-free (CVE-ID: CVE-2025-38584)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), padata_find_next(), padata_do_serial(), padata_alloc_pd() and padata_free_shell() functions in kernel/padata.c. A local user can escalate privileges on the system.
588) NULL pointer dereference (CVE-ID: CVE-2025-38583)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xvcu_unregister_clock_provider() function in drivers/clk/xilinx/xlnx_vcu.c. A local user can perform a denial of service (DoS) attack.
589) Buffer overflow (CVE-ID: CVE-2025-38582)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hns_roce_setup_hca() and hns_roce_init() functions in drivers/infiniband/hw/hns/hns_roce_main.c, within the hns_roce_v2_init() and __hns_roce_hw_v2_init_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
590) NULL pointer dereference (CVE-ID: CVE-2025-38581)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ccp5_debugfs_setup() function in drivers/crypto/ccp/ccp-debugfs.c. A local user can perform a denial of service (DoS) attack.
591) Use of uninitialized resource (CVE-ID: CVE-2025-38579)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the f2fs_init_read_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
592) Use-after-free (CVE-ID: CVE-2025-38578)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/f2fs/inode.c. A local user can escalate privileges on the system.
593) Use-after-free (CVE-ID: CVE-2025-38577)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_update_inode_page() function in fs/f2fs/inode.c. A local user can escalate privileges on the system.
594) Infinite loop (CVE-ID: CVE-2025-38576)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the eeh_bridge_check_link() function in arch/powerpc/kernel/eeh_pe.c, within the eeh_pe_report_edev(), eeh_pe_report(), eeh_dev_restore_state(), eeh_reset_device(), eeh_handle_normal_event(), eeh_pe_state_clear(), eeh_clear_slot_attention() and eeh_handle_special_event() functions in arch/powerpc/kernel/eeh_driver.c. A local user can perform a denial of service (DoS) attack.
595) Use of uninitialized resource (CVE-ID: CVE-2025-38574)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the pptp_xmit() function in drivers/net/ppp/pptp.c. A local user can perform a denial of service (DoS) attack.
596) Integer overflow (CVE-ID: CVE-2025-38572)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
597) Incorrect calculation (CVE-ID: CVE-2025-38571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the xs_alloc_sparse_pages(), xs_sock_process_cmsg(), xs_sock_recvmsg() and xs_read_discard() functions in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
598) Improper locking (CVE-ID: CVE-2025-38569)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the be_cmd_set_mac_list() function in drivers/net/ethernet/emulex/benet/be_cmds.c. A local user can perform a denial of service (DoS) attack.
599) Out-of-bounds read (CVE-ID: CVE-2025-38568)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mqprio_parse_opt() function in net/sched/sch_mqprio.c. A local user can perform a denial of service (DoS) attack.
600) Resource management error (CVE-ID: CVE-2025-38566)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
601) NULL pointer dereference (CVE-ID: CVE-2025-38562)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A remote user can perform a denial of service (DoS) attack.
602) Race condition (CVE-ID: CVE-2025-38561)
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to a race condition within the smb2_sess_setup() function in fs/smb/server/smb2pdu.c when handling the Preauth_HashValue field. A remote user can execute arbitrary code in the context of the kernel.
603) Input validation error (CVE-ID: CVE-2025-38560)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the early_set_pages_state() function in arch/x86/kernel/sev.c, within the setup_cpuid_table() and pvalidate_pages() functions in arch/x86/kernel/sev-shared.c, within the get_cpuflags() function in arch/x86/boot/cpuflags.c, within the __page_state_change() function in arch/x86/boot/compressed/sev.c. A local user can perform a denial of service (DoS) attack.
604) Out-of-bounds read (CVE-ID: CVE-2025-38556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
605) Use-after-free (CVE-ID: CVE-2025-38555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the composite_os_desc_req_prepare() function in drivers/usb/gadget/composite.c. A local user can escalate privileges on the system.
606) Improper locking (CVE-ID: CVE-2025-38553)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
607) Improper locking (CVE-ID: CVE-2025-38552)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the subflow_sched_work_if_closed() and mptcp_subflow_fail() functions in net/mptcp/subflow.c, within the mptcp_data_ready(), __mptcp_finish_join(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the mptcp_pm_mp_fail_received() function in net/mptcp/pm.c. A local user can perform a denial of service (DoS) attack.
608) Improper locking (CVE-ID: CVE-2025-38551)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtnet_probe() function in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
609) Input validation error (CVE-ID: CVE-2025-38550)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mld_del_delrec() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
610) Memory leak (CVE-ID: CVE-2025-38549)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the efivarfs_reconfigure() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
611) Input validation error (CVE-ID: CVE-2025-38548)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_BITMAP(), send_usb_cmd() and ccp_raw_event() functions in drivers/hwmon/corsair-cpro.c. A local user can perform a denial of service (DoS) attack.
612) Memory leak (CVE-ID: CVE-2025-38546)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
613) Reachable assertion (CVE-ID: CVE-2025-38544)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rxrpc_service_prealloc_one() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
614) Improper error handling (CVE-ID: CVE-2025-38543)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvdec_load_falcon_firmware() function in drivers/gpu/drm/tegra/nvdec.c. A local user can perform a denial of service (DoS) attack.
615) Memory leak (CVE-ID: CVE-2025-38542)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atrtr_create() function in net/appletalk/ddp.c. A local user can perform a denial of service (DoS) attack.
616) Input validation error (CVE-ID: CVE-2025-38540)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
617) Improper locking (CVE-ID: CVE-2025-38539)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __register_event() and __trace_add_event_dirs() functions in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
618) Buffer overflow (CVE-ID: CVE-2025-38538)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nbpf_probe() function in drivers/dma/nbpfaxi.c. A local user can escalate privileges on the system.
619) Improper locking (CVE-ID: CVE-2025-38537)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the phy_probe() and phy_remove() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
620) Resource management error (CVE-ID: CVE-2025-38535)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tegra186_xusb_padctl_vbus_override(), tegra186_xusb_padctl_id_override() and tegra186_utmi_phy_set_mode() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can perform a denial of service (DoS) attack.
621) Use-after-free (CVE-ID: CVE-2025-38533)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wx_alloc_mapped_page() and wx_alloc_rx_buffers() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can escalate privileges on the system.
622) Improper locking (CVE-ID: CVE-2025-38532)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wx_alloc_rx_buffers() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c, within the wx_configure_rx_ring() function in drivers/net/ethernet/wangxun/libwx/wx_hw.c. A local user can perform a denial of service (DoS) attack.
623) Use of uninitialized resource (CVE-ID: CVE-2025-38531)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the st_sensors_allocate_trigger() function in drivers/iio/common/st_sensors/st_sensors_trigger.c, within the st_sensors_set_fullscale(), st_sensors_power_enable(), EXPORT_SYMBOL_NS(), st_sensors_set_drdy_int_pin() and st_sensors_init_sensor() functions in drivers/iio/common/st_sensors/st_sensors_core.c, within the apply_acpi_orientation() function in drivers/iio/accel/st_accel_core.c. A local user can perform a denial of service (DoS) attack.
624) Out-of-bounds read (CVE-ID: CVE-2025-38530)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl812_attach() function in drivers/comedi/drivers/pcl812.c. A local user can perform a denial of service (DoS) attack.
625) Out-of-bounds read (CVE-ID: CVE-2025-38529)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aio_iiro_16_attach() function in drivers/comedi/drivers/aio_iiro_16.c. A local user can perform a denial of service (DoS) attack.
626) Resource management error (CVE-ID: CVE-2025-38528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_bprintf_prepare() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
627) Use-after-free (CVE-ID: CVE-2025-38527)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.
628) NULL pointer dereference (CVE-ID: CVE-2025-38526)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_lag_is_switchdev_running() function in drivers/net/ethernet/intel/ice/ice_lag.c. A local user can perform a denial of service (DoS) attack.
629) Improper locking (CVE-ID: CVE-2025-38524)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_see_call() and release_sock() functions in net/rxrpc/recvmsg.c, within the rxrpc_discard_prealloc() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
630) Resource management error (CVE-ID: CVE-2025-38521)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pvr_power_reset() function in drivers/gpu/drm/imagination/pvr_power.c. A local user can perform a denial of service (DoS) attack.
631) Memory leak (CVE-ID: CVE-2025-38520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svm_range_split_head(), svm_range_split_by_granularity(), svm_range_add_list_work(), schedule_deferred_list_work(), svm_range_unmap_split(), svm_range_unmap_from_cpu() and svm_range_cpu_invalidate_pagetables() functions in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
632) Input validation error (CVE-ID: CVE-2025-38516)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msm_gpio_needs_dual_edge_parent_workaround() and msm_gpio_init() functions in drivers/pinctrl/qcom/pinctrl-msm.c. A local user can perform a denial of service (DoS) attack.
633) Improper locking (CVE-ID: CVE-2025-38515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/drm/spsc_queue.h. A local user can perform a denial of service (DoS) attack.
634) Improper error handling (CVE-ID: CVE-2025-38514)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rxrpc_alloc_incoming_call() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
635) NULL pointer dereference (CVE-ID: CVE-2025-38513)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
636) Input validation error (CVE-ID: CVE-2025-38512)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
637) Reachable assertion (CVE-ID: CVE-2025-38511)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the lmtt_pt_alloc(), lmtt_pt_free() and lmtt_write_pte() functions in drivers/gpu/drm/xe/xe_lmtt.c. A local user can perform a denial of service (DoS) attack.
638) Improper locking (CVE-ID: CVE-2025-38510)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_task_stack_addr() and print_address_description() functions in mm/kasan/report.c. A local user can perform a denial of service (DoS) attack.
639) Improper locking (CVE-ID: CVE-2025-38507)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nintendo_hid_remove() and nintendo_init() functions in drivers/hid/hid-nintendo.c. A local user can perform a denial of service (DoS) attack.
640) Improper locking (CVE-ID: CVE-2025-38506)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_vm_set_mem_attributes() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
641) Reachable assertion (CVE-ID: CVE-2025-38503)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
642) Out-of-bounds read (CVE-ID: CVE-2025-38502)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
643) Input validation error (CVE-ID: CVE-2025-38501)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the alloc_transport() and ksmbd_kthread_fn() functions in fs/smb/server/transport_tcp.c. A remote attacker can perform a denial of service (DoS) attack.
644) Input validation error (CVE-ID: CVE-2025-38499)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
645) Out-of-bounds read (CVE-ID: CVE-2025-38497)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the webusb_landingPage_store() and os_desc_qw_sign_store() functions in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
646) Improper locking (CVE-ID: CVE-2025-38496)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __evict_many() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
647) Incorrect calculation (CVE-ID: CVE-2025-38495)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
648) Buffer overflow (CVE-ID: CVE-2025-38494)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __hid_request() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
649) Out-of-bounds read (CVE-ID: CVE-2025-38493)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __timerlat_dump_stack() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
650) Input validation error (CVE-ID: CVE-2025-38491)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
651) Double free (CVE-ID: CVE-2025-38490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the wx_dma_sync_frag(), wx_put_rx_buffer() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
652) NULL pointer dereference (CVE-ID: CVE-2025-38489)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_jit_plt() function in arch/s390/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
653) Use-after-free (CVE-ID: CVE-2025-38488)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the crypt_message() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
654) NULL pointer dereference (CVE-ID: CVE-2025-38487)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() and aspeed_lpc_disable_snoop() functions in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
655) Use-after-free (CVE-ID: CVE-2025-38485)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fxls8962af_buffer_predisable() function in drivers/iio/accel/fxls8962af-core.c. A local user can escalate privileges on the system.
656) Out-of-bounds read (CVE-ID: CVE-2025-38483)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das16m1_attach() function in drivers/comedi/drivers/das16m1.c. A local user can perform a denial of service (DoS) attack.
657) Out-of-bounds read (CVE-ID: CVE-2025-38482)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das6402_attach() function in drivers/comedi/drivers/das6402.c. A local user can perform a denial of service (DoS) attack.
658) Resource management error (CVE-ID: CVE-2025-38481)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_insnlist_len(), comedi_unlocked_ioctl() and compat_insnlist() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
659) Use of uninitialized resource (CVE-ID: CVE-2025-38480)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the insn_rw_emulate_bits() function in drivers/comedi/drivers.c. A local user can perform a denial of service (DoS) attack.
660) Use of uninitialized resource (CVE-ID: CVE-2025-38478)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_insnlist_ioctl() and do_insn_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
661) Use-after-free (CVE-ID: CVE-2025-38476)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpl_do_srh_inline() function in net/ipv6/rpl_iptunnel.c. A local user can escalate privileges on the system.
662) Input validation error (CVE-ID: CVE-2025-38474)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sierra_net_bind() function in drivers/net/usb/sierra_net.c. A local user can perform a denial of service (DoS) attack.
663) Use-after-free (CVE-ID: CVE-2025-38473)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_resume_cb() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
664) Use-after-free (CVE-ID: CVE-2025-38472)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_ct_resolve_clash_harder(), __nf_conntrack_confirm() and __nf_conntrack_insert_prepare() functions in net/netfilter/nf_conntrack_core.c. A local user can escalate privileges on the system.
665) Use-after-free (CVE-ID: CVE-2025-38471)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_strp_read_sock() function in net/tls/tls_strp.c. A local user can escalate privileges on the system.
666) Memory leak (CVE-ID: CVE-2025-38470)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __vlan_device_event() and vlan_device_event() functions in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
667) Resource management error (CVE-ID: CVE-2025-38469)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_xen_schedop_poll() function in arch/x86/kvm/xen.c. A local user can perform a denial of service (DoS) attack.
668) NULL pointer dereference (CVE-ID: CVE-2025-38468)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the htb_lookup_leaf() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
669) NULL pointer dereference (CVE-ID: CVE-2025-38467)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the decon_irq_handler() function in drivers/gpu/drm/exynos/exynos7_drm_decon.c. A local user can perform a denial of service (DoS) attack.
670) Buffer overflow (CVE-ID: CVE-2025-38466)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the perf_uprobe_event_init() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
671) Buffer overflow (CVE-ID: CVE-2025-38465)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netlink_skb_set_owner_r(), netlink_alloc_large_skb(), netlink_unicast_kernel(), EXPORT_SYMBOL_GPL() and netlink_dump() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
672) Use-after-free (CVE-ID: CVE-2025-38464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_topsrv_stop() function in net/tipc/topsrv.c. A local user can escalate privileges on the system.
673) Buffer overflow (CVE-ID: CVE-2025-38463)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the net/ipv4/tcp.c. A local user can escalate privileges on the system.
674) NULL pointer dereference (CVE-ID: CVE-2025-38462)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vsock_assign_transport() and vsock_dev_do_ioctl() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
675) Improper locking (CVE-ID: CVE-2025-38461)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL() and vsock_assign_transport() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
676) NULL pointer dereference (CVE-ID: CVE-2025-38460)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the DEFINE_MUTEX(), to_atmarpd(), atmarpd_close() and atm_init_atmarp() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
677) Improper locking (CVE-ID: CVE-2025-38459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clip_mkip() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
678) NULL pointer dereference (CVE-ID: CVE-2025-38458)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atmarpd_close() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
679) Improper error handling (CVE-ID: CVE-2025-38457)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qdisc_leaf(), tc_get_qdisc() and NL_SET_ERR_MSG() functions in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
680) Buffer overflow (CVE-ID: CVE-2025-38456)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ipmi_create_user() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
681) Input validation error (CVE-ID: CVE-2025-38455)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sev_check_source_vcpus() function in arch/x86/kvm/svm/sev.c. A local user can perform a denial of service (DoS) attack.
682) Improper locking (CVE-ID: CVE-2025-38449)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_gem_fb_destroy() and drm_gem_fb_init_with_funcs() functions in drivers/gpu/drm/drm_gem_framebuffer_helper.c, within the drm_gem_private_object_fini(), drm_gem_object_exported_dma_buf_free(), drm_gem_object_handle_put_unlocked() and drm_gem_handle_create_tail() functions in drivers/gpu/drm/drm_gem.c. A local user can perform a denial of service (DoS) attack.
683) Improper locking (CVE-ID: CVE-2025-38448)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __acquires() and gs_start_io() functions in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
684) Use-after-free (CVE-ID: CVE-2025-38445)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_reshape() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
685) Memory leak (CVE-ID: CVE-2025-38444)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid10_read_request() and raid10_write_request() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
686) Use-after-free (CVE-ID: CVE-2025-38443)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_start_device() and set_bit() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
687) Use of uninitialized resource (CVE-ID: CVE-2025-38441)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the include/net/netfilter/nf_flow_table.h. A local user can perform a denial of service (DoS) attack.
688) Resource management error (CVE-ID: CVE-2025-38439)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
689) Use-after-free (CVE-ID: CVE-2025-38437)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb20_oplock_break_ack() and smb21_lease_break_ack() functions in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
690) Input validation error (CVE-ID: CVE-2025-38436)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drm_sched_entity_kill_jobs_work() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
691) Input validation error (CVE-ID: CVE-2025-38430)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_spo_must_allow() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
692) Use of uninitialized resource (CVE-ID: CVE-2025-38429)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mhi_ep_ring_add_element() function in drivers/bus/mhi/ep/ring.c. A local user can perform a denial of service (DoS) attack.
693) Buffer overflow (CVE-ID: CVE-2025-38428)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ims_pcu_flash_firmware() function in drivers/input/misc/ims-pcu.c. A local user can escalate privileges on the system.
694) Resource management error (CVE-ID: CVE-2025-38427)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_RES_MEM() and screen_info_apply_fixups() functions in drivers/video/screen_info_pci.c. A local user can perform a denial of service (DoS) attack.
695) Input validation error (CVE-ID: CVE-2025-38425)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_i2c_xfer() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.
696) Buffer overflow (CVE-ID: CVE-2025-38424)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the do_exit() function in kernel/exit.c, within the perf_sample_ustack_size() and perf_callchain() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
697) Out-of-bounds read (CVE-ID: CVE-2025-38422)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the lan743x_hs_otp_read(), lan743x_hs_otp_write(), lan743x_hs_eeprom_read(), lan743x_hs_eeprom_write() and lan743x_ethtool_get_eeprom_len() functions in drivers/net/ethernet/microchip/lan743x_ethtool.c. A local user can perform a denial of service (DoS) attack.
698) NULL pointer dereference (CVE-ID: CVE-2025-38420)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the carl9170_usb_rx_complete() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
699) Memory leak (CVE-ID: CVE-2025-38419)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_attach() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
700) Memory leak (CVE-ID: CVE-2025-38418)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_resource_cleanup() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
701) Input validation error (CVE-ID: CVE-2025-38416)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_uart_set_driver() function in net/nfc/nci/uart.c. A local user can perform a denial of service (DoS) attack.
702) Out-of-bounds read (CVE-ID: CVE-2025-38415)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the squashfs_fill_super() function in fs/squashfs/super.c. A local user can perform a denial of service (DoS) attack.
703) Input validation error (CVE-ID: CVE-2025-38414)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_pci_enable_ltssm() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
704) Input validation error (CVE-ID: CVE-2025-38412)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_bios_attributes() function in drivers/platform/x86/dell/dell-wmi-sysman/sysman.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c, within the is_enabled_show() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c. A local user can perform a denial of service (DoS) attack.
705) Memory leak (CVE-ID: CVE-2025-38410)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __msm_gem_submit_destroy() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
706) Memory leak (CVE-ID: CVE-2025-38409)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the msm_ioctl_gem_submit() and mutex_unlock() functions in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
707) Resource management error (CVE-ID: CVE-2025-38408)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the irq_domain_create_sim_full() function in kernel/irq/irq_sim.c. A local user can perform a denial of service (DoS) attack.
708) Resource management error (CVE-ID: CVE-2025-38407)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_PER_CPU() and sbi_cpu_start() functions in arch/riscv/kernel/cpu_ops_sbi.c. A local user can perform a denial of service (DoS) attack.
709) Input validation error (CVE-ID: CVE-2025-38406)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath6kl_bmi_get_target_info() function in drivers/net/wireless/ath/ath6kl/bmi.c. A local user can perform a denial of service (DoS) attack.
710) Memory leak (CVE-ID: CVE-2025-38405)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/nvme/target/nvmet.h. A local user can perform a denial of service (DoS) attack.
711) Use of uninitialized resource (CVE-ID: CVE-2025-38403)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the vmci_transport_packet_init() function in net/vmw_vsock/vmci_transport.c. A local user can perform a denial of service (DoS) attack.
712) Resource management error (CVE-ID: CVE-2025-38402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idpf_get_rxfh_key_size() and idpf_get_rxfh_indir_size() functions in drivers/net/ethernet/intel/idpf/idpf_ethtool.c. A local user can perform a denial of service (DoS) attack.
713) Buffer overflow (CVE-ID: CVE-2025-38401)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the msdc_prepare_data() and msdc_ops_request() functions in drivers/mmc/host/mtk-sd.c. A local user can escalate privileges on the system.
714) Memory leak (CVE-ID: CVE-2025-38400)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
715) NULL pointer dereference (CVE-ID: CVE-2025-38399)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kmem_cache_free() function in drivers/target/target_core_pr.c. A local user can perform a denial of service (DoS) attack.
716) Buffer overflow (CVE-ID: CVE-2025-38396)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the secretmem_file_create() function in mm/secretmem.c, within the anon_inode_make_secure_inode() and __anon_inode_getfile() functions in fs/anon_inodes.c. A local user can perform a denial of service (DoS) attack.
717) Out-of-bounds read (CVE-ID: CVE-2025-38395)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gpio_regulator_probe() function in drivers/regulator/gpio-regulator.c. A local user can perform a denial of service (DoS) attack.
718) Improper locking (CVE-ID: CVE-2025-38393)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_layoutget_begin() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
719) Use-after-free (CVE-ID: CVE-2025-38392)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the idpf_alloc_dma_mem() and idpf_free_dma_mem() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c, within the idpf_ctlq_init_rxq_bufs(), idpf_ctlq_shutdown(), idpf_ctlq_add(), idpf_ctlq_send(), idpf_ctlq_clean_sq(), idpf_ctlq_post_rx_buffs(), wr32() and idpf_ctlq_recv() functions in drivers/net/ethernet/intel/idpf/idpf_controlq.c. A local user can escalate privileges on the system.
720) Out-of-bounds read (CVE-ID: CVE-2025-38391)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pin_assignment_show() function in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
721) Memory leak (CVE-ID: CVE-2025-38390)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the update_notifier_cb() function in drivers/firmware/arm_ffa/driver.c. A local user can perform a denial of service (DoS) attack.
722) Resource management error (CVE-ID: CVE-2025-38389)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ring_context_alloc() function in drivers/gpu/drm/i915/gt/intel_ring_submission.c. A local user can perform a denial of service (DoS) attack.
723) Improper locking (CVE-ID: CVE-2025-38388)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DECLARE_HASHTABLE(), ffa_notify_relinquish(), ffa_notify_request(), handle_notif_callbacks() and ffa_notifications_setup() functions in drivers/firmware/arm_ffa/driver.c. A local user can perform a denial of service (DoS) attack.
724) NULL pointer dereference (CVE-ID: CVE-2025-38387)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subscribe_event_xa_alloc() function in drivers/infiniband/hw/mlx5/devx.c. A local user can perform a denial of service (DoS) attack.
725) Use-after-free (CVE-ID: CVE-2025-38386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.
726) Improper locking (CVE-ID: CVE-2025-38385)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.
727) Memory leak (CVE-ID: CVE-2025-38384)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spinand_cleanup() function in drivers/mtd/nand/spi/core.c. A local user can perform a denial of service (DoS) attack.
728) Infinite loop (CVE-ID: CVE-2025-38382)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
729) Use-after-free (CVE-ID: CVE-2025-38377)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_rt_device_down() function in net/rose/rose_route.c. A local user can escalate privileges on the system.
730) Resource management error (CVE-ID: CVE-2025-38376)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the udc_suspend() and udc_resume() functions in drivers/usb/chipidea/udc.c. A local user can perform a denial of service (DoS) attack.
731) Out-of-bounds read (CVE-ID: CVE-2025-38375)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mergeable_ctx_to_truesize(), virtnet_get_headroom(), xdp_linearize_page(), receive_small_xdp() and mergeable_xdp_get_buf() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
732) Improper locking (CVE-ID: CVE-2025-38374)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the optee_ffa_exchange_caps(), optee_ffa_remove() and optee_ffa_async_notif_init() functions in drivers/tee/optee/ffa_abi.c. A local user can perform a denial of service (DoS) attack.
733) Improper locking (CVE-ID: CVE-2025-38373)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_ib_revoke_data_direct_mrs(), mlx5_revoke_mr() and __mlx5_ib_dereg_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
734) NULL pointer dereference (CVE-ID: CVE-2025-38371)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_hub_irq(), v3d_irq_init() and v3d_irq_disable() functions in drivers/gpu/drm/v3d/v3d_irq.c, within the v3d_reset() function in drivers/gpu/drm/v3d/v3d_gem.c. A local user can perform a denial of service (DoS) attack.
735) Resource management error (CVE-ID: CVE-2025-38369)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idxd_cdev_evl_drain_pasid() function in drivers/dma/idxd/cdev.c. A local user can perform a denial of service (DoS) attack.
736) NULL pointer dereference (CVE-ID: CVE-2025-38368)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tps6594_pfsm_probe() function in drivers/misc/tps6594-pfsm.c. A local user can perform a denial of service (DoS) attack.
737) Race condition (CVE-ID: CVE-2025-38365)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the btrfs_rename_exchange() and btrfs_rename() functions in fs/btrfs/inode.c. A local user can escalate privileges on the system.
738) NULL pointer dereference (CVE-ID: CVE-2025-38364)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mas_preallocate() function in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
739) NULL pointer dereference (CVE-ID: CVE-2025-38363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_crtc_reset() function in drivers/gpu/drm/tegra/dc.c. A local user can perform a denial of service (DoS) attack.
740) NULL pointer dereference (CVE-ID: CVE-2025-38362)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_enable_encryption() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.
741) NULL pointer dereference (CVE-ID: CVE-2025-38361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dce110_blank_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c. A local user can perform a denial of service (DoS) attack.
742) Improper locking (CVE-ID: CVE-2025-38354)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the msm_devfreq_init() function in drivers/gpu/drm/msm/msm_gpu_devfreq.c. A local user can perform a denial of service (DoS) attack.
743) Input validation error (CVE-ID: CVE-2025-38351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_hv_vcpu_flush_tlb() function in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.
744) Use-after-free (CVE-ID: CVE-2025-38349)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ep_remove() and ep_clear_and_put() functions in fs/eventpoll.c. A local user can escalate privileges on the system.
745) Input validation error (CVE-ID: CVE-2025-38348)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the p54_rx_eeprom_readback() function in drivers/net/wireless/intersil/p54/txrx.c, within the p54_download_eeprom() function in drivers/net/wireless/intersil/p54/fwio.c. A local user can perform a denial of service (DoS) attack.
746) Improper locking (CVE-ID: CVE-2025-38347)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
747) Use-after-free (CVE-ID: CVE-2025-38346)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_release_mod() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
748) Memory leak (CVE-ID: CVE-2025-38345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c. A local user can perform a denial of service (DoS) attack.
749) Memory leak (CVE-ID: CVE-2025-38344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c. A local user can perform a denial of service (DoS) attack.
750) Input validation error (CVE-ID: CVE-2025-38343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt7996_mac_fill_rx() function in drivers/net/wireless/mediatek/mt76/mt7996/mac.c. A local user can perform a denial of service (DoS) attack.
751) Buffer overflow (CVE-ID: CVE-2025-38342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the software_node_get_reference_args() function in drivers/base/swnode.c. A local user can perform a denial of service (DoS) attack.
752) Improper locking (CVE-ID: CVE-2025-38338)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_return_empty_folio() function in fs/nfs/read.c. A local user can perform a denial of service (DoS) attack.
753) NULL pointer dereference (CVE-ID: CVE-2025-38337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jbd2_journal_dirty_metadata() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
754) Resource management error (CVE-ID: CVE-2025-38336)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the via_mode_filter() function in drivers/ata/pata_via.c. A local user can perform a denial of service (DoS) attack.
755) Improper locking (CVE-ID: CVE-2025-38335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gpio_keys_irq_isr() and gpio_keys_setup_key() functions in drivers/input/keyboard/gpio_keys.c. A local user can perform a denial of service (DoS) attack.
756) Use-after-free (CVE-ID: CVE-2025-38334)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arch_memory_failure() function in arch/x86/kernel/cpu/sgx/main.c. A local user can escalate privileges on the system.
757) Resource management error (CVE-ID: CVE-2025-38333)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fs/f2fs/segment.c, include/linux/f2fs_fs.h. A local user can perform a denial of service (DoS) attack.
758) Buffer overflow (CVE-ID: CVE-2025-38332)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lpfc_sli4_get_ctl_attr() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can escalate privileges on the system.
759) Input validation error (CVE-ID: CVE-2025-38331)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gmac_map_tx_bufs() function in drivers/net/ethernet/cortina/gemini.c. A local user can perform a denial of service (DoS) attack.
760) NULL pointer dereference (CVE-ID: CVE-2025-38328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jffs2_scan_medium() function in fs/jffs2/scan.c, within the jffs2_mark_erased_block() function in fs/jffs2/erase.c. A local user can perform a denial of service (DoS) attack.
761) Improper locking (CVE-ID: CVE-2025-38326)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aoedev_downdev() function in drivers/block/aoe/aoedev.c. A local user can perform a denial of service (DoS) attack.
762) Improper locking (CVE-ID: CVE-2025-38324)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpls_route_input_rcu() function in net/mpls/af_mpls.c. A local user can perform a denial of service (DoS) attack.
763) Use-after-free (CVE-ID: CVE-2025-38323)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX(), lec_vcc_attach(), lecd_attach() and lane_ioctl() functions in net/atm/lec.c. A local user can escalate privileges on the system.
764) Improper locking (CVE-ID: CVE-2025-38322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_pmu_read_event() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
765) Improper locking (CVE-ID: CVE-2025-38321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the close_all_cached_dirs() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
766) Incorrect calculation (CVE-ID: CVE-2025-38320)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the regs_get_kernel_stack_nth() function in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
767) NULL pointer dereference (CVE-ID: CVE-2025-38319)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
768) Double free (CVE-ID: CVE-2025-38313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fsl_mc_device_add() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
769) Input validation error (CVE-ID: CVE-2025-38312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fb_find_mode_cvt() function in drivers/video/fbdev/core/fbcvt.c. A local user can perform a denial of service (DoS) attack.
770) Input validation error (CVE-ID: CVE-2025-38310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.
771) NULL pointer dereference (CVE-ID: CVE-2025-38307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_control_write() function in sound/soc/intel/avs/debugfs.c. A local user can perform a denial of service (DoS) attack.
772) Improper locking (CVE-ID: CVE-2025-38305)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/ptp/ptp_private.h. A local user can perform a denial of service (DoS) attack.
773) NULL pointer dereference (CVE-ID: CVE-2025-38304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eir_create_scan_rsp() function in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
774) Input validation error (CVE-ID: CVE-2025-38303)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_set_ext_adv_data_sync() and hci_set_adv_data_sync() functions in net/bluetooth/hci_sync.c, within the eir_create_per_adv_data() and eir_create_adv_data() functions in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
775) Use-after-free (CVE-ID: CVE-2025-38300)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c. A local user can escalate privileges on the system.
776) NULL pointer dereference (CVE-ID: CVE-2025-38299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SND_SOC_DAILINK_DEFS() function in sound/soc/mediatek/mt8195/mt8195-mt6359.c. A local user can perform a denial of service (DoS) attack.
777) Out-of-bounds read (CVE-ID: CVE-2025-38298)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL_GPL() function in drivers/edac/skx_common.c. A local user can perform a denial of service (DoS) attack.
778) Input validation error (CVE-ID: CVE-2025-38295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the meson_ddr_pmu_create() function in drivers/perf/amlogic/meson_ddr_pmu_core.c. A local user can perform a denial of service (DoS) attack.
779) Improper locking (CVE-ID: CVE-2025-38293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath11k_core_halt() function in drivers/net/wireless/ath/ath11k/core.c. A local user can perform a denial of service (DoS) attack.
780) Use-after-free (CVE-ID: CVE-2025-38292)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath12k_dp_rx_msdu_coalesce() function in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can escalate privileges on the system.
781) Improper locking (CVE-ID: CVE-2025-38290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath12k_rfkill_work() and ath12k_core_halt() functions in drivers/net/wireless/ath/ath12k/core.c. A local user can perform a denial of service (DoS) attack.
782) Use-after-free (CVE-ID: CVE-2025-38289)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.
783) Out-of-bounds read (CVE-ID: CVE-2025-38286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the at91_gpio_probe() function in drivers/pinctrl/pinctrl-at91.c. A local user can perform a denial of service (DoS) attack.
784) Resource management error (CVE-ID: CVE-2025-38285)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_bpf_raw_tp_regs() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
785) Input validation error (CVE-ID: CVE-2025-38283)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_check_match(), vf_qm_load_data() and hisi_acc_vfio_pci_migrn_init_dev() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
786) Improper locking (CVE-ID: CVE-2025-38282)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernfs_should_drain_open_files() function in fs/kernfs/file.c, within the kernfs_break_active_protection() function in fs/kernfs/dir.c. A local user can perform a denial of service (DoS) attack.
787) Resource management error (CVE-ID: CVE-2025-38280)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
788) Resource management error (CVE-ID: CVE-2025-38279)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the backtrack_insn() and check_cond_jmp_op() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
789) Resource management error (CVE-ID: CVE-2025-38278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the otx2_qos_leaf_del_last() function in drivers/net/ethernet/marvell/octeontx2/nic/qos.c. A local user can perform a denial of service (DoS) attack.
790) Input validation error (CVE-ID: CVE-2025-38277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mxic_ecc_finish_io_req_external() function in drivers/mtd/nand/ecc-mxic.c. A local user can perform a denial of service (DoS) attack.
791) NULL pointer dereference (CVE-ID: CVE-2025-38275)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usb_iomap() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.
792) NULL pointer dereference (CVE-ID: CVE-2025-38274)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_mgr_test_img_load_sgt() function in drivers/fpga/tests/fpga-mgr-test.c. A local user can perform a denial of service (DoS) attack.
793) NULL pointer dereference (CVE-ID: CVE-2025-38269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/btrfs/extent-io-tree.c. A local user can perform a denial of service (DoS) attack.
794) NULL pointer dereference (CVE-ID: CVE-2025-38265)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jsm_uart_port_init() function in drivers/tty/serial/jsm/jsm_tty.c. A local user can perform a denial of service (DoS) attack.
795) Infinite loop (CVE-ID: CVE-2025-38264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the nvme_tcp_fetch_request(), nvme_tcp_init_request(), nvme_tcp_handle_r2t() and nvme_tcp_submit_async_event() functions in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.
796) Use-after-free (CVE-ID: CVE-2025-38263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the CLOSURE_CALLBACK() function in drivers/md/bcache/super.c. A local user can escalate privileges on the system.
797) Improper Initialization (CVE-ID: CVE-2025-38262)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the pm_runtime_set_active() and ulite_init() functions in drivers/tty/serial/uartlite.c. A local user can perform a denial of service (DoS) attack.
798) NULL pointer dereference (CVE-ID: CVE-2025-38260)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_global_roots_objectid() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
799) Memory leak (CVE-ID: CVE-2025-38259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WCD9335_SLIM_TX_CH() and wcd9335_parse_dt() functions in sound/soc/codecs/wcd9335.c. A local user can perform a denial of service (DoS) attack.
800) Memory leak (CVE-ID: CVE-2025-38258)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the memcg_path_store() function in mm/damon/sysfs-schemes.c. A local user can perform a denial of service (DoS) attack.
801) Buffer overflow (CVE-ID: CVE-2025-38257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the _copy_apqns_from_user() function in drivers/s390/crypto/pkey_api.c. A local user can escalate privileges on the system.
802) NULL pointer dereference (CVE-ID: CVE-2025-38255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the group_cpus_evenly() function in lib/group_cpus.c. A local user can perform a denial of service (DoS) attack.
803) Input validation error (CVE-ID: CVE-2025-38253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the wacom_remove() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.
804) Input validation error (CVE-ID: CVE-2025-38251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clip_push() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
805) Use-after-free (CVE-ID: CVE-2025-38250)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_IDA(), hci_dev_get(), hci_dev_do_reset(), hci_dev_reset(), hci_alloc_dev_priv() and hci_unregister_dev() functions in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
806) Out-of-bounds read (CVE-ID: CVE-2025-38249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_usb_get_audioformat_uac3() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
807) Use-after-free (CVE-ID: CVE-2025-38248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_port_ctx_init() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
808) Improper error handling (CVE-ID: CVE-2025-38246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __bnxt_poll_work() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
809) Incorrect calculation (CVE-ID: CVE-2025-38245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the atm_dev_deregister() function in net/atm/resources.c. A local user can perform a denial of service (DoS) attack.
810) Out-of-bounds read (CVE-ID: CVE-2025-38239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the megasas_set_high_iops_queue_affinity_and_hint() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
811) Use-after-free (CVE-ID: CVE-2025-38236)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() and unix_stream_recv_urg() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.
812) NULL pointer dereference (CVE-ID: CVE-2025-38232)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_nfsd(), unregister_cld_notifier() and exit_nfsd() functions in fs/nfsd/nfsctl.c. A local user can perform a denial of service (DoS) attack.
813) NULL pointer dereference (CVE-ID: CVE-2025-38231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd_startup_net() function in fs/nfsd/nfssvc.c. A local user can perform a denial of service (DoS) attack.
814) Out-of-bounds read (CVE-ID: CVE-2025-38230)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
815) Use of uninitialized resource (CVE-ID: CVE-2025-38229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cxusb_gpio_tuner() function in drivers/media/usb/dvb-usb/cxusb.c. A local user can perform a denial of service (DoS) attack.
816) Out-of-bounds read (CVE-ID: CVE-2025-38226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vivid_vid_cap_s_selection() function in drivers/media/test-drivers/vivid/vivid-vid-cap.c. A local user can perform a denial of service (DoS) attack.
817) NULL pointer dereference (CVE-ID: CVE-2025-38225)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_err() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
818) Improper error handling (CVE-ID: CVE-2025-38222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
819) NULL pointer dereference (CVE-ID: CVE-2025-38220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_walk_page_buffers() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
820) Resource management error (CVE-ID: CVE-2025-38219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the f2fs_unlink() function in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
821) Out-of-bounds read (CVE-ID: CVE-2025-38218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_sanity_check_ckpt() and DIV_ROUND_UP() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
822) Improper locking (CVE-ID: CVE-2025-38217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fts_read() function in drivers/hwmon/ftsteutates.c. A local user can perform a denial of service (DoS) attack.
823) NULL pointer dereference (CVE-ID: CVE-2025-38215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fb_check_foreignness() and do_register_framebuffer() functions in drivers/video/fbdev/core/fbmem.c. A local user can perform a denial of service (DoS) attack.
824) Improper error handling (CVE-ID: CVE-2025-38214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fb_set_var() function in drivers/video/fbdev/core/fbmem.c. A local user can perform a denial of service (DoS) attack.
825) Use-after-free (CVE-ID: CVE-2025-38212)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shm_try_destroy_orphaned() function in ipc/shm.c. A local user can escalate privileges on the system.
826) Use-after-free (CVE-ID: CVE-2025-38211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
827) NULL pointer dereference (CVE-ID: CVE-2025-38210)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the DECLARE_RWSEM(), tsm_report_privlevel_store(), tsm_report_privlevel_floor_show(), CONFIGFS_ATTR_RO(), tsm_report_read(), tsm_report_make_item(), tsm_register() and tsm_unregister() functions in drivers/virt/coco/tsm.c. A local user can perform a denial of service (DoS) attack.
828) NULL pointer dereference (CVE-ID: CVE-2025-38208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the automount_fullpath() function in fs/smb/client/namespace.c. A local user can perform a denial of service (DoS) attack.
829) Resource management error (CVE-ID: CVE-2025-38202)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_3() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
830) Integer underflow (CVE-ID: CVE-2025-38200)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the i40e_pf_reset() function in drivers/net/ethernet/intel/i40e/i40e_common.c. A local user can execute arbitrary code.
831) NULL pointer dereference (CVE-ID: CVE-2025-38198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fbcon_info_from_console() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
832) NULL pointer dereference (CVE-ID: CVE-2025-38197)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the packet_read_list() and packet_empty_list() functions in drivers/platform/x86/dell/dell_rbu.c. A local user can perform a denial of service (DoS) attack.
833) Input validation error (CVE-ID: CVE-2025-38194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
834) Race condition (CVE-ID: CVE-2025-38193)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the sfq_change() function in net/sched/sch_sfq.c. A local user can escalate privileges on the system.
835) NULL pointer dereference (CVE-ID: CVE-2025-38192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_skb_change_protocol(), bpf_skb_proto_4_to_6(), bpf_skb_proto_6_to_4(), bpf_skb_net_grow() and bpf_skb_net_shrink() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
836) NULL pointer dereference (CVE-ID: CVE-2025-38191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
837) Memory leak (CVE-ID: CVE-2025-38190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_pop_raw() function in net/atm/raw.c, within the vcc_sendmsg() function in net/atm/common.c. A local user can perform a denial of service (DoS) attack.
838) Memory leak (CVE-ID: CVE-2025-38185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atmtcp_c_send() function in drivers/atm/atmtcp.c. A local user can perform a denial of service (DoS) attack.
839) NULL pointer dereference (CVE-ID: CVE-2025-38184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
840) Out-of-bounds read (CVE-ID: CVE-2025-38183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/microchip/lan743x_ptp.h. A local user can perform a denial of service (DoS) attack.
841) Input validation error (CVE-ID: CVE-2025-38182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
842) Improper error handling (CVE-ID: CVE-2025-38181)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the calipso_req_setattr() and calipso_req_delattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
843) Use-after-free (CVE-ID: CVE-2025-38180)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lec_itf_walk(), lec_seq_start() and lec_seq_stop() functions in net/atm/lec.c. A local user can escalate privileges on the system.
844) Race condition (CVE-ID: CVE-2025-38174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tb_cfg_request_dequeue() function in drivers/thunderbolt/ctl.c. A local user can perform a denial of service (DoS) attack.
845) Input validation error (CVE-ID: CVE-2025-38173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv_cesa_skcipher_queue_req() function in drivers/crypto/marvell/cipher.c. A local user can perform a denial of service (DoS) attack.
846) Resource management error (CVE-ID: CVE-2025-38170)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_sme_acc() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
847) Input validation error (CVE-ID: CVE-2025-38169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fpsimd_thread_switch() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
848) NULL pointer dereference (CVE-ID: CVE-2025-38167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the indx_get_entry_to_replace() function in fs/ntfs3/index.c. A local user can perform a denial of service (DoS) attack.
849) Improper locking (CVE-ID: CVE-2025-38166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
850) Improper locking (CVE-ID: CVE-2025-38165)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_skb_ingress_enqueue(), sk_psock_skb_ingress(), sk_psock_skb_ingress_self() and sk_psock_verdict_apply() functions in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
851) Buffer overflow (CVE-ID: CVE-2025-38164)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_gc_range() function in fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.
852) Input validation error (CVE-ID: CVE-2025-38163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
853) Buffer overflow (CVE-ID: CVE-2025-38162)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lt_calculate_size(), pipapo_resize(), pipapo_lt_bits_adjust() and pipapo_clone() functions in net/netfilter/nft_set_pipapo.c. A local user can escalate privileges on the system.
854) Use-after-free (CVE-ID: CVE-2025-38161)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_get_rsc(), create_resource_common() and mlx5_core_destroy_rq_tracked() functions in drivers/infiniband/hw/mlx5/qpc.c. A local user can escalate privileges on the system.
855) Improper error handling (CVE-ID: CVE-2025-38160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the raspberrypi_clk_register() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
856) Out-of-bounds read (CVE-ID: CVE-2025-38159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_coex_tdma_timer_base() function in drivers/net/wireless/realtek/rtw88/coex.c. A local user can perform a denial of service (DoS) attack.
857) Input validation error (CVE-ID: CVE-2025-38158)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_func_stop(), vf_qm_check_match(), vf_qm_get_match_data() and vf_qm_read_data() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
858) Out-of-bounds read (CVE-ID: CVE-2025-38157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_swba() function in drivers/net/wireless/ath/ath9k/htc_drv_beacon.c. A local user can perform a denial of service (DoS) attack.
859) NULL pointer dereference (CVE-ID: CVE-2025-38156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7996_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7996/mmio.c. A local user can perform a denial of service (DoS) attack.
860) NULL pointer dereference (CVE-ID: CVE-2025-38155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7915_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7915/mmio.c. A local user can perform a denial of service (DoS) attack.
861) Improper locking (CVE-ID: CVE-2025-38154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_backlog() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
862) Improper error handling (CVE-ID: CVE-2025-38153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the aqc111_read_cmd_nopm() and aqc111_read_cmd() functions in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
863) NULL pointer dereference (CVE-ID: CVE-2025-38149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
864) Memory leak (CVE-ID: CVE-2025-38148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vsc85xx_txtstamp() function in drivers/net/phy/mscc/mscc_ptp.c. A local user can perform a denial of service (DoS) attack.
865) Memory leak (CVE-ID: CVE-2025-38147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_conn_setattr() function in net/netlabel/netlabel_kapi.c. A local user can perform a denial of service (DoS) attack.
866) Out-of-bounds read (CVE-ID: CVE-2025-38146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.
867) NULL pointer dereference (CVE-ID: CVE-2025-38145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() function in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
868) NULL pointer dereference (CVE-ID: CVE-2025-38143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wled_configure() function in drivers/video/backlight/qcom-wled.c. A local user can perform a denial of service (DoS) attack.
869) Input validation error (CVE-ID: CVE-2025-38142)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the asus_ec_hwmon_read_string() function in drivers/hwmon/asus-ec-sensors.c. A local user can perform a denial of service (DoS) attack.
870) NULL pointer dereference (CVE-ID: CVE-2025-38138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udma_probe() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
871) Use of uninitialized resource (CVE-ID: CVE-2025-38136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the usbhs_probe() and usbhs_fifo_remove() functions in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
872) NULL pointer dereference (CVE-ID: CVE-2025-38135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlb_usio_probe() function in drivers/tty/serial/milbeaut_usio.c. A local user can perform a denial of service (DoS) attack.
873) Use-after-free (CVE-ID: CVE-2025-38131)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), _cscfg_activate_config(), _cscfg_deactivate_config(), cscfg_csdev_enable_active_config() and cscfg_csdev_disable_active_config() functions in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can escalate privileges on the system.
874) Use-after-free (CVE-ID: CVE-2025-38129)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the page_pool_ethtool_stats_get(), page_pool_return_page() and page_pool_scrub() functions in net/core/page_pool.c. A local user can escalate privileges on the system.
875) Improper locking (CVE-ID: CVE-2025-38127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_map_xdp_rings(), ice_prepare_xdp_rings(), mutex_unlock(), ice_destroy_xdp_rings() and ice_xdp_setup_prog() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
876) Improper error handling (CVE-ID: CVE-2025-38126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the stmmac_ptp_register() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c, within the stmmac_init_tstamp_counter() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
877) Input validation error (CVE-ID: CVE-2025-38125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.
878) Improper locking (CVE-ID: CVE-2025-38124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
879) NULL pointer dereference (CVE-ID: CVE-2025-38123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the t7xx_ccmni_wwan_newlink(), t7xx_ccmni_wwan_dellink(), t7xx_ccmni_recv_skb(), t7xx_ccmni_queue_tx_irq_notify() and t7xx_ccmni_queue_state_notify() functions in drivers/net/wwan/t7xx/t7xx_netdev.c. A local user can perform a denial of service (DoS) attack.
880) NULL pointer dereference (CVE-ID: CVE-2025-38122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_tx_add_skb_dqo() function in drivers/net/ethernet/google/gve/gve_tx_dqo.c. A local user can perform a denial of service (DoS) attack.
881) Memory leak (CVE-ID: CVE-2025-38120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_pipapo_avx2_estimate() and nft_pipapo_avx2_lookup() functions in net/netfilter/nft_set_pipapo_avx2.c. A local user can perform a denial of service (DoS) attack.
882) Improper locking (CVE-ID: CVE-2025-38119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_err_handler() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
883) Improper locking (CVE-ID: CVE-2025-38117)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mgmt_cmd_complete(), mgmt_pending_new(), mgmt_pending_add() and mgmt_pending_free() functions in net/bluetooth/mgmt_util.c, within the settings_rsp(), cmd_complete_rsp(), mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_le_complete(), set_mesh_complete(), mgmt_class_complete(), pairing_complete(), mgmt_add_adv_patterns_monitor_complete(), mgmt_remove_adv_monitor_complete(), start_discovery_complete(), stop_discovery_complete(), set_advertising_complete(), set_bredr_complete(), set_secure_conn_complete(), get_conn_info_complete(), get_clock_info_complete(), add_advertising_complete(), add_ext_adv_params_complete(), add_ext_adv_data_complete(), remove_advertising_complete(), mgmt_index_removed(), mgmt_power_on(), __mgmt_power_off(), unpair_device_rsp(), mgmt_disconnect_failed(), mgmt_auth_enable_complete() and mgmt_set_class_of_dev_complete() functions in net/bluetooth/mgmt.c, within the hci_alloc_dev_priv() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
884) Input validation error (CVE-ID: CVE-2025-38115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
885) NULL pointer dereference (CVE-ID: CVE-2025-38113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_allow_fast_switch() function in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
886) NULL pointer dereference (CVE-ID: CVE-2025-38112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.
887) Out-of-bounds read (CVE-ID: CVE-2025-38111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __mdiobus_read() and __mdiobus_write() functions in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
888) Out-of-bounds write (CVE-ID: CVE-2025-38110)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the __mdiobus_c45_read() and __mdiobus_c45_write() functions in drivers/net/phy/mdio_bus.c. A local user can execute arbitrary code.
889) Use-after-free (CVE-ID: CVE-2025-38109)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_eswitch_enable_pf_vf_vports() and mlx5_eswitch_disable_pf_vf_vports() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can escalate privileges on the system.
890) Improper locking (CVE-ID: CVE-2025-38108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __red_change() function in net/sched/sch_red.c. A local user can perform a denial of service (DoS) attack.
891) Integer underflow (CVE-ID: CVE-2025-38107)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can execute arbitrary code.
892) Input validation error (CVE-ID: CVE-2025-38105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_usbmidi_free() and snd_usbmidi_disconnect() functions in sound/usb/midi.c. A local user can perform a denial of service (DoS) attack.
893) Improper locking (CVE-ID: CVE-2025-38104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_virt_rlcg_reg_rw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c, within the amdgpu_device_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
894) Out-of-bounds read (CVE-ID: CVE-2025-38103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
895) Double free (CVE-ID: CVE-2025-38102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drv_cp_harray_to_user() and vmci_host_setup_notify() functions in drivers/misc/vmw_vmci/vmci_host.c. A local user can perform a denial of service (DoS) attack.
896) Improper locking (CVE-ID: CVE-2025-38101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_subbuf_order_set() and atomic_dec() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
897) Memory leak (CVE-ID: CVE-2025-38100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the copy_thread() and native_tss_update_io_bitmap() functions in arch/x86/kernel/process.c, within the io_bitmap_share(), io_bitmap_exit() and SYSCALL_DEFINE1() functions in arch/x86/kernel/ioport.c. A local user can perform a denial of service (DoS) attack.
898) Improper locking (CVE-ID: CVE-2025-38099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_cc_read_buffer_size() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
899) Input validation error (CVE-ID: CVE-2025-38098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pre_validate_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c, within the create_validate_stream_for_sink(), amdgpu_dm_connector_mode_valid() and dm_update_crtc_state() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
900) Memory leak (CVE-ID: CVE-2025-38097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __xfrm_state_delete() function in net/xfrm/xfrm_state.c, within the esp_ssg_unref(), esp6_find_tcp_sk(), esp_output_tcp_finish() and esp6_output_tcp_encap() functions in net/ipv6/esp6.c, within the esp_ssg_unref(), esp_find_tcp_sk(), esp_output_tcp_finish() and esp_output_tcp_encap() functions in net/ipv4/esp4.c. A local user can perform a denial of service (DoS) attack.
901) NULL pointer dereference (CVE-ID: CVE-2025-38095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dma_resv_add_fence() function in drivers/dma-buf/dma-resv.c. A local user can perform a denial of service (DoS) attack.
902) Improper locking (CVE-ID: CVE-2025-38094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the macb_update_stats() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.
903) Buffer overflow (CVE-ID: CVE-2025-38090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riocm_ch_send() function in drivers/rapidio/rio_cm.c. A local user can perform a denial of service (DoS) attack.
904) NULL pointer dereference (CVE-ID: CVE-2025-38089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svc_process_common() function in net/sunrpc/svc.c. A local user can perform a denial of service (DoS) attack.
905) Out-of-bounds read (CVE-ID: CVE-2025-38088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the memtrace_read() function in arch/powerpc/platforms/powernv/memtrace.c. A local user can perform a denial of service (DoS) attack.
906) Use-after-free (CVE-ID: CVE-2025-38087)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_dev_notifier() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
907) Use of uninitialized resource (CVE-ID: CVE-2025-38086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ch9200_mdio_read() function in drivers/net/usb/ch9200.c. A local user can perform a denial of service (DoS) attack.
908) Buffer overflow (CVE-ID: CVE-2025-38085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the huge_pmd_unshare() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
909) Improper locking (CVE-ID: CVE-2025-38084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_vma() function in mm/vma.c, within the hugetlb_vma_lock_free(), hugetlb_vm_op_split(), move_hugetlb_state() and hugetlb_unshare_pmds() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
910) Out-of-bounds read (CVE-ID: CVE-2025-38081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rockchip_spi_config() function in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.
911) Buffer overflow (CVE-ID: CVE-2025-38080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/amd/display/dc/inc/core_types.h. A local user can perform a denial of service (DoS) attack.
912) Use-after-free (CVE-ID: CVE-2025-38079)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.
913) Use-after-free (CVE-ID: CVE-2025-38078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_pcm_buffer_access_unlock() function in sound/core/pcm_native.c, within the snd_pcm_oss_change_params_locked() function in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
914) Buffer overflow (CVE-ID: CVE-2025-38077)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the current_password_store() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c. A local user can escalate privileges on the system.
915) NULL pointer dereference (CVE-ID: CVE-2025-38075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.
916) Use-after-free (CVE-ID: CVE-2025-38074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
917) Division by zero (CVE-ID: CVE-2025-38072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the nd_label_data_init() function in drivers/nvdimm/label.c. A local user can perform a denial of service (DoS) attack.
918) Use-after-free (CVE-ID: CVE-2025-38071)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
919) Buffer overflow (CVE-ID: CVE-2025-38068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lzo1x_1_do_compress() and lzogeneric1x_1_compress() functions in lib/lzo/lzo1x_compress.c, within the obj-$() function in lib/lzo/Makefile, within the __lzo_compress() function in crypto/lzo.c, within the __lzorle_compress() function in crypto/lzo-rle.c. A local user can perform a denial of service (DoS) attack.
920) Input validation error (CVE-ID: CVE-2025-38067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rseq_get_rseq_cs_ptr_val(), rseq_get_rseq_cs(), rseq_need_restart(), clear_rseq_cs(), rseq_ip_fixup() and SYSCALL_DEFINE4() functions in kernel/rseq.c. A local user can perform a denial of service (DoS) attack.
921) Improper locking (CVE-ID: CVE-2025-38066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
922) Input validation error (CVE-ID: CVE-2025-38065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the orangefs_writepage_locked() and orangefs_writepages_work() functions in fs/orangefs/inode.c. A local user can perform a denial of service (DoS) attack.
923) Improper locking (CVE-ID: CVE-2025-38063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
924) Use-after-free (CVE-ID: CVE-2025-38062)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iommu_dma_prepare_msi() function in drivers/iommu/dma-iommu.c. A local user can escalate privileges on the system.
925) Out-of-bounds read (CVE-ID: CVE-2025-38061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pktgen_thread_write() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
926) Infinite loop (CVE-ID: CVE-2025-38060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the copy_verifier_state() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
927) NULL pointer dereference (CVE-ID: CVE-2025-38059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scrub_find_fill_first_stripe() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.
928) Incorrect calculation (CVE-ID: CVE-2025-38058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __legitimize_mnt() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
929) Memory leak (CVE-ID: CVE-2025-38057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the espintcp_queue_out() function in net/xfrm/espintcp.c, within the esp_output_tcp_finish() function in net/ipv6/esp6.c, within the esp_output_tcp_finish() function in net/ipv4/esp4.c. A local user can perform a denial of service (DoS) attack.
930) NULL pointer dereference (CVE-ID: CVE-2025-38055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_pmu_drain_pebs_core(), intel_pmu_pebs_event_update_no_drain(), intel_pmu_drain_pebs_nhm() and intel_pmu_drain_pebs_icl() functions in arch/x86/events/intel/ds.c. A local user can perform a denial of service (DoS) attack.
931) NULL pointer dereference (CVE-ID: CVE-2025-38053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_cfg_netdev() and idpf_features_check() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
932) Use-after-free (CVE-ID: CVE-2025-38052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_aead_encrypt() and tipc_aead_encrypt_done() functions in net/tipc/crypto.c. A local user can escalate privileges on the system.
933) Use-after-free (CVE-ID: CVE-2025-38051)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the find_cifs_entry() function in fs/cifs/readdir.c. A local user can escalate privileges on the system.
934) Race condition within a thread (CVE-ID: CVE-2025-38048)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the virtqueue_enable_cb_delayed() function in drivers/virtio/virtio_ring.c. A local user can corrupt data.
935) Input validation error (CVE-ID: CVE-2025-38045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the _iwl_dbg_tlv_time_point() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
936) Input validation error (CVE-ID: CVE-2025-38044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_setup_tc_mqprio() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
937) Resource management error (CVE-ID: CVE-2025-38043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
938) Improper locking (CVE-ID: CVE-2025-38040)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32_usart_enable_ms() function in drivers/tty/serial/stm32-usart.c, within the sci_shutdown() function in drivers/tty/serial/sh-sci.c, within the mctrl_gpio_enable_ms() and mctrl_gpio_disable_ms() functions in drivers/tty/serial/serial_mctrl_gpio.c, within the imx_uart_shutdown() function in drivers/tty/serial/imx.c, within the atmel_disable_ms() function in drivers/tty/serial/atmel_serial.c, within the serial8250_disable_ms() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
939) Input validation error (CVE-ID: CVE-2025-38039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_setup_tc_mqprio() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
940) Race condition within a thread (CVE-ID: CVE-2025-38037)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the vxlan_fdb_info(), vxlan_find_mac(), vxlan_fdb_update_existing(), vxlan_snoop() and vxlan_cleanup() functions in drivers/net/vxlan.c. A local user can corrupt data.
941) NULL pointer dereference (CVE-ID: CVE-2025-38035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_restore_socket_callbacks() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
942) NULL pointer dereference (CVE-ID: CVE-2025-38034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.
943) Memory leak (CVE-ID: CVE-2025-38031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the padata_reorder() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
944) Buffer overflow (CVE-ID: CVE-2025-38027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the max20086_regulators_register() and max20086_parse_regulators_dt() functions in drivers/regulator/max20086-regulator.c. A local user can perform a denial of service (DoS) attack.
945) Use-after-free (CVE-ID: CVE-2025-38024)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_cq_from_init() function in drivers/infiniband/sw/rxe/rxe_cq.c. A local user can escalate privileges on the system.
946) Use-after-free (CVE-ID: CVE-2025-38023)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_alloc_unlockdata() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
947) NULL pointer dereference (CVE-ID: CVE-2025-38020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_fix_uplink_rep_features() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
948) Use-after-free (CVE-ID: CVE-2025-38019)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_neigh_rif_made_sync() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c. A local user can escalate privileges on the system.
949) NULL pointer dereference (CVE-ID: CVE-2025-38018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_strp_read_copy() function in net/tls/tls_strp.c. A local user can perform a denial of service (DoS) attack.
950) Memory leak (CVE-ID: CVE-2025-38015)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the idxd_alloc() function in drivers/dma/idxd/init.c. A local user can perform a denial of service (DoS) attack.
951) Input validation error (CVE-ID: CVE-2025-38014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_new_node_page() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
952) Out-of-bounds read (CVE-ID: CVE-2025-38013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_register_hw() function in net/mac80211/main.c. A local user can perform a denial of service (DoS) attack.
953) Memory leak (CVE-ID: CVE-2025-38011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amdgpu_unmap_static_csa() function in drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c. A local user can perform a denial of service (DoS) attack.
954) Race condition (CVE-ID: CVE-2025-38010)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the DATA0_VAL_PD BIT(), DECLARE_BITMAP(), tegra186_utmi_bias_pad_power_on(), tegra186_utmi_bias_pad_power_off(), tegra186_utmi_pad_power_on() and tegra186_utmi_pad_power_down() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can escalate privileges on the system.
955) Improper resource shutdown or release (CVE-ID: CVE-2025-38009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
956) Input validation error (CVE-ID: CVE-2025-38008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_xen_vcpu_set_attr() function in arch/x86/kvm/xen.c. A local user can perform a denial of service (DoS) attack.
957) NULL pointer dereference (CVE-ID: CVE-2025-38007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uclogic_input_configured() function in drivers/hid/hid-uclogic-core.c. A local user can perform a denial of service (DoS) attack.
958) Input validation error (CVE-ID: CVE-2025-38006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_dump_addrinfo() function in net/mctp/device.c. A local user can perform a denial of service (DoS) attack.
959) Improper locking (CVE-ID: CVE-2025-38005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the udma_check_tx_completion() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
960) Improper locking (CVE-ID: CVE-2025-38004)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bcm_can_tx(), bcm_tx_timeout_handler() and bcm_tx_setup() functions in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
961) Use-after-free (CVE-ID: CVE-2025-38003)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_proc_show(), bcm_delete_rx_op(), bcm_delete_tx_op() and bcm_rx_setup() functions in net/can/bcm.c. A local user can escalate privileges on the system.
962) Incorrect calculation (CVE-ID: CVE-2025-37998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the output_userspace() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.
963) Improper error handling (CVE-ID: CVE-2025-37995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the module_kobj_release() function in kernel/params.c. A local user can perform a denial of service (DoS) attack.
964) NULL pointer dereference (CVE-ID: CVE-2025-37994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_displayport_remove_partner() function in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
965) NULL pointer dereference (CVE-ID: CVE-2025-37992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_change() function in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
966) Improper error handling (CVE-ID: CVE-2025-37991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the handle_fpe() function in arch/parisc/math-emu/driver.c. A local user can perform a denial of service (DoS) attack.
967) Improper error handling (CVE-ID: CVE-2025-37990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.
968) Use-after-free (CVE-ID: CVE-2025-37989)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_led_triggers_register() and phy_led_triggers_unregister() functions in drivers/net/phy/phy_led_triggers.c. A local user can escalate privileges on the system.
969) Improper locking (CVE-ID: CVE-2025-37988)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_lock_mount() and lock_mount() functions in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
970) Buffer overflow (CVE-ID: CVE-2025-37987)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_core_init() function in drivers/net/ethernet/amd/pds_core/core.c. A local user can perform a denial of service (DoS) attack.
971) Input validation error (CVE-ID: CVE-2025-37986)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the typec_unregister_partner() function in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.
972) Race condition (CVE-ID: CVE-2025-37985)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can escalate privileges on the system.
973) Integer overflow (CVE-ID: CVE-2025-37984)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ecdsa_x962_verify() function in crypto/ecdsa-x962.c, within the ecdsa_p1363_verify() function in crypto/ecdsa-p1363.c, within the EXPORT_SYMBOL() function in crypto/ecc.c. A local user can execute arbitrary code.
974) Memory leak (CVE-ID: CVE-2025-37983)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qibfs_mknod() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
975) Memory leak (CVE-ID: CVE-2025-37982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wl1251_tx_work() function in drivers/net/wireless/ti/wl1251/tx.c. A local user can perform a denial of service (DoS) attack.
976) Memory leak (CVE-ID: CVE-2025-37980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the blk_debugfs_remove() function in block/blk-sysfs.c. A local user can perform a denial of service (DoS) attack.
977) Out-of-bounds read (CVE-ID: CVE-2025-37979)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sound/soc/qcom/lpass.h. A local user can perform a denial of service (DoS) attack.
978) Buffer overflow (CVE-ID: CVE-2025-37978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bio_integrity_alloc(), bio_integrity_uncopy_user(), bio_integrity_unmap_user(), bio_integrity_copy_user() and bio_integrity_map_user() functions in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
979) Input validation error (CVE-ID: CVE-2025-37977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the exynos_ufs_shareability() and exynos_ufs_parse_dt() functions in drivers/ufs/host/ufs-exynos.c. A local user can perform a denial of service (DoS) attack.
980) Out-of-bounds read (CVE-ID: CVE-2025-37975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_relocate_add() function in arch/riscv/kernel/module.c. A local user can perform a denial of service (DoS) attack.
981) Buffer overflow (CVE-ID: CVE-2025-37973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cfg80211_defrag_mle() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
982) NULL pointer dereference (CVE-ID: CVE-2025-37972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_pmic_keys_lp_reset_setup() function in drivers/input/keyboard/mtk-pmic-keys.c. A local user can perform a denial of service (DoS) attack.
983) Improper locking (CVE-ID: CVE-2025-37970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the st_lsm6dsx_read_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
984) Infinite loop (CVE-ID: CVE-2025-37969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the st_lsm6dsx_read_tagged_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
985) Improper locking (CVE-ID: CVE-2025-37968)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the opt3001_irq() function in drivers/iio/light/opt3001.c. A local user can perform a denial of service (DoS) attack.
986) Improper locking (CVE-ID: CVE-2025-37967)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ucsi_set_drvdata() function in drivers/usb/typec/ucsi/ucsi.c, within the ucsi_displayport_enter(), ucsi_displayport_exit() and ucsi_displayport_vdm() functions in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
987) Input validation error (CVE-ID: CVE-2025-37963)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_bhb_mitigation() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
988) Memory leak (CVE-ID: CVE-2025-37962)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_lease_state() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
989) Use of uninitialized resource (CVE-ID: CVE-2025-37961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __mtu_check_toobig_v6(), do_output_route4() and __ip_vs_get_out_rt() functions in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
990) Resource management error (CVE-ID: CVE-2025-37960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the memblock_double_array() function in mm/memblock.c. A local user can perform a denial of service (DoS) attack.
991) Input validation error (CVE-ID: CVE-2025-37959)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the skb_do_redirect() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
992) Use-after-free (CVE-ID: CVE-2025-37957)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shutdown_interception() function in arch/x86/kvm/svm/svm.c, within the kvm_smm_changed() function in arch/x86/kvm/smm.c. A local user can escalate privileges on the system.
993) Buffer overflow (CVE-ID: CVE-2025-37956)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the smb2_get_name() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
994) Use-after-free (CVE-ID: CVE-2025-37952)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __close_file_table_ids() function in fs/smb/server/vfs_cache.c. A local user can escalate privileges on the system.
995) Memory leak (CVE-ID: CVE-2025-37951)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v3d_gpu_reset_for_timeout(), v3d_cl_job_timedout() and v3d_csd_job_timedout() functions in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.
996) Improper locking (CVE-ID: CVE-2025-37949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_suspend_exit(), xs_send(), xs_wait_for_reply(), xenbus_dev_request_and_reply() and xs_talkv() functions in drivers/xen/xenbus/xenbus_xs.c, within the xenbus_dev_queue_reply() function in drivers/xen/xenbus/xenbus_dev_frontend.c, within the process_msg() and process_writes() functions in drivers/xen/xenbus/xenbus_comms.c. A local user can perform a denial of service (DoS) attack.
997) Input validation error (CVE-ID: CVE-2025-37948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
998) Out-of-bounds read (CVE-ID: CVE-2025-37947)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ksmbd_vfs_stream_write() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
999) NULL pointer dereference (CVE-ID: CVE-2025-37945)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_link_change() and mdio_bus_phy_suspend() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
1000) Buffer overflow (CVE-ID: CVE-2025-37944)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ath12k_dp_mon_srng_process() function in drivers/net/wireless/ath/ath12k/dp_mon.c. A local user can perform a denial of service (DoS) attack.
1001) Input validation error (CVE-ID: CVE-2025-37943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_dp_rx_deliver_msdu(), ath12k_dp_rx_process_msdu(), skb_pull(), ath12k_dp_rx_h_null_q_desc(), ath12k_dp_rx_h_reo_err(), ath12k_dp_rx_h_tkip_mic_err() and ath12k_dp_rx_h_rxdma_err() functions in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
1002) Improper locking (CVE-ID: CVE-2025-37940)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ftrace_graph_set_hash() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
1003) Use-after-free (CVE-ID: CVE-2025-37938)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the test_event_printk() function in kernel/trace/trace_events.c. A local user can escalate privileges on the system.
1004) Resource management error (CVE-ID: CVE-2025-37936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the intel_guest_get_msrs() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
1005) Input validation error (CVE-ID: CVE-2025-37935)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mediatek/mtk_eth_soc.c. A local user can perform a denial of service (DoS) attack.
1006) Input validation error (CVE-ID: CVE-2025-37933)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the octep_hb_timeout_task() function in drivers/net/ethernet/marvell/octeon_ep/octep_main.c. A local user can perform a denial of service (DoS) attack.
1007) Infinite loop (CVE-ID: CVE-2025-37931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the submit_eb_subpage() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
1008) Resource management error (CVE-ID: CVE-2025-37930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.
1009) Improper error handling (CVE-ID: CVE-2025-37928)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
1010) Buffer overflow (CVE-ID: CVE-2025-37927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
1011) Improper locking (CVE-ID: CVE-2025-37925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the duplicateIXtree() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
1012) Use-after-free (CVE-ID: CVE-2025-37924)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the krb5_authenticate() function in fs/smb/server/smb2pdu.c, within the ksmbd_krb5_authenticate() function in fs/smb/server/auth.c. A local user can escalate privileges on the system.
1013) Buffer overflow (CVE-ID: CVE-2025-37923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tracing_splice_read_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
1014) Use-after-free (CVE-ID: CVE-2025-37922)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the radix__vmemmap_populate() function in arch/powerpc/mm/book3s64/radix_pgtable.c. A local user can escalate privileges on the system.
1015) Improper locking (CVE-ID: CVE-2025-37921)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vxlan_vni_delete_group() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.
1016) Improper locking (CVE-ID: CVE-2025-37920)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xp_create_and_assign_umem() function in net/xdp/xsk_buff_pool.c, within the xsk_generic_rcv() and xsk_create() functions in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
1017) NULL pointer dereference (CVE-ID: CVE-2025-37918)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btusb_coredump_qca(), handle_dump_pkt_qca() and acl_pkt_is_dump_qca() functions in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.
1018) Improper locking (CVE-ID: CVE-2025-37917)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_star_tx_poll() and mtk_star_rx_poll() functions in drivers/net/ethernet/mediatek/mtk_star_emac.c. A local user can perform a denial of service (DoS) attack.
1019) Use-after-free (CVE-ID: CVE-2025-37916)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pdsc_auxbus_dev_del() function in drivers/net/ethernet/amd/pds_core/auxbus.c. A local user can escalate privileges on the system.
1020) Use-after-free (CVE-ID: CVE-2025-37915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.
1021) Use-after-free (CVE-ID: CVE-2025-37914)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and ets_qdisc_enqueue() functions in net/sched/sch_ets.c. A local user can escalate privileges on the system.
1022) Use-after-free (CVE-ID: CVE-2025-37913)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and qfq_enqueue() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
1023) NULL pointer dereference (CVE-ID: CVE-2025-37912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vc_add_fdir_fltr() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.
1024) Out-of-bounds read (CVE-ID: CVE-2025-37911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.
1025) Memory leak (CVE-ID: CVE-2025-37909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lan743x_tx_frame_add_lso(), lan743x_tx_frame_add_fragment() and lan743x_tx_frame_end() functions in drivers/net/ethernet/microchip/lan743x_main.c. A local user can perform a denial of service (DoS) attack.
1026) Memory leak (CVE-ID: CVE-2025-37905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_child_dev_find() function in drivers/firmware/arm_scmi/bus.c. A local user can perform a denial of service (DoS) attack.
1027) Use-after-free (CVE-ID: CVE-2025-37903)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_update_display(), hdcp_remove_display(), hdcp_reset_display() and update_config() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
1028) Input validation error (CVE-ID: CVE-2025-37901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qcom_mpm_alloc() function in drivers/irqchip/irq-qcom-mpm.c. A local user can perform a denial of service (DoS) attack.
1029) NULL pointer dereference (CVE-ID: CVE-2025-37900)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
1030) Use-after-free (CVE-ID: CVE-2025-37899)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the smb2_session_logoff() function in fs/smb/server/smb2pdu.c. A remote attacker can send specially crafted data to the SMB client during session logoff and compromise the affected system.
1031) Improper locking (CVE-ID: CVE-2025-37897)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the plfxlc_mac_init_hw() function in drivers/net/wireless/purelifi/plfxlc/mac.c. A local user can perform a denial of service (DoS) attack.
1032) Out-of-bounds read (CVE-ID: CVE-2025-37892)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the INFTL_findwriteunit() function in drivers/mtd/inftlcore.c. A local user can perform a denial of service (DoS) attack.
1033) Buffer overflow (CVE-ID: CVE-2025-37891)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the include/sound/ump_convert.h. A local user can escalate privileges on the system.
1034) Buffer overflow (CVE-ID: CVE-2025-37887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_dl_info_get() function in drivers/net/ethernet/amd/pds_core/devlink.c. A local user can perform a denial of service (DoS) attack.
1035) Buffer overflow (CVE-ID: CVE-2025-37886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_q_map() function in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pdsc_adminq_isr(), __pdsc_adminq_post() and pdsc_adminq_post() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.
1036) Use-after-free (CVE-ID: CVE-2025-37885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
1037) Improper locking (CVE-ID: CVE-2025-37884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __set_printk_clr_event() and bpf_get_trace_vprintk_proto() functions in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
1038) Memory leak (CVE-ID: CVE-2025-37883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __sclp_console_free_pages() and sclp_console_init() functions in drivers/s390/char/sclp_con.c. A local user can perform a denial of service (DoS) attack.
1039) Improper error handling (CVE-ID: CVE-2025-37881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ast_vhub_init_dev() function in drivers/usb/gadget/udc/aspeed-vhub/dev.c. A local user can perform a denial of service (DoS) attack.
1040) Incorrect calculation (CVE-ID: CVE-2025-37879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the p9_client_read_once(), p9_client_write(), EXPORT_SYMBOL_GPL() and p9_client_readdir() functions in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
1041) Resource management error (CVE-ID: CVE-2025-37878)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the inherit_event() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
1042) Resource management error (CVE-ID: CVE-2025-37875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the igc_ptm_log_error(), igc_phc_get_syncdevicetime(), igc_ptp_stop() and igc_ptp_reset() functions in drivers/net/ethernet/intel/igc/igc_ptp.c. A local user can perform a denial of service (DoS) attack.
1043) Memory leak (CVE-ID: CVE-2025-37874)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ngbe_probe() and wx_clear_interrupt_scheme() functions in drivers/net/ethernet/wangxun/ngbe/ngbe_main.c. A local user can perform a denial of service (DoS) attack.
1044) Buffer overflow (CVE-ID: CVE-2025-37873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dev_kfree_skb_any() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
1045) Memory leak (CVE-ID: CVE-2025-37872)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the txgbe_probe() and wx_clear_interrupt_scheme() functions in drivers/net/ethernet/wangxun/txgbe/txgbe_main.c. A local user can perform a denial of service (DoS) attack.
1046) Improper locking (CVE-ID: CVE-2025-37871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfsd_break_one_deleg() function in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
1047) Use-after-free (CVE-ID: CVE-2025-37869)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kfd_process_remove_sysfs() and kfd_process_wq_release() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can escalate privileges on the system.
1048) Buffer overflow (CVE-ID: CVE-2025-37867)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ib_init_umem_odp() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.
1049) Use of uninitialized resource (CVE-ID: CVE-2025-37865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mv88e6xxx_vtu_get() and mv88e6xxx_mst_put() functions in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
1050) Memory leak (CVE-ID: CVE-2025-37864)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsa_switch_parse() function in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.
1051) Input validation error (CVE-ID: CVE-2025-37863)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ovl_get_lowerstack() function in fs/overlayfs/super.c. A local user can perform a denial of service (DoS) attack.
1052) NULL pointer dereference (CVE-ID: CVE-2025-37862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pidff_set_autocenter() and pidff_reports_ok() functions in drivers/hid/usbhid/hid-pidff.c. A local user can perform a denial of service (DoS) attack.
1053) Improper locking (CVE-ID: CVE-2025-37861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpi3mr_process_factsdata(), mpi3mr_process_admin_reply_q(), mpi3mr_process_op_reply_q(), mpi3mr_check_op_admin_proc() and mpi3mr_soft_reset_handler() functions in drivers/scsi/mpi3mr/mpi3mr_fw.c. A local user can perform a denial of service (DoS) attack.
1054) NULL pointer dereference (CVE-ID: CVE-2025-37860)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ef100_process_design_param() and ef100_check_design_params() functions in drivers/net/ethernet/sfc/ef100_nic.c, within the ef100_probe_netdev() function in drivers/net/ethernet/sfc/ef100_netdev.c. A local user can perform a denial of service (DoS) attack.
1055) Infinite loop (CVE-ID: CVE-2025-37859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the page_pool_release_retry() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
1056) Integer overflow (CVE-ID: CVE-2025-37858)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the dbExtendFS() function in fs/jfs/jfs_dmap.c. A local user can execute arbitrary code.
1057) Buffer overflow (CVE-ID: CVE-2025-37857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the validate_options() function in drivers/scsi/st.c. A local user can perform a denial of service (DoS) attack.
1058) Integer underflow (CVE-ID: CVE-2025-37856)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the btrfs_put_transaction() and btrfs_cleanup_pending_block_groups() functions in fs/btrfs/transaction.c, within the btrfs_finish_extent_commit() function in fs/btrfs/extent-tree.c. A local user can execute arbitrary code.
1059) Improper locking (CVE-ID: CVE-2025-37854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kfd_process_remove_sysfs() and kfd_process_wq_release() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.
1060) NULL pointer dereference (CVE-ID: CVE-2025-37853)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kfd_debugfs_hang_hws() function in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
1061) NULL pointer dereference (CVE-ID: CVE-2025-37852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_powerplay_create() function in drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c. A local user can perform a denial of service (DoS) attack.
1062) Use of uninitialized resource (CVE-ID: CVE-2025-37851)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the dispc_ovl_setup() function in drivers/video/fbdev/omap2/omapfb/dss/dispc.c. A local user can perform a denial of service (DoS) attack.
1063) Division by zero (CVE-ID: CVE-2025-37850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pwm_mediatek_config() function in drivers/pwm/pwm-mediatek.c. A local user can perform a denial of service (DoS) attack.
1064) Memory leak (CVE-ID: CVE-2025-37849)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_arch_vcpu_create() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.
1065) Out-of-bounds read (CVE-ID: CVE-2025-37846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the arch/arm64/include/asm/traps.h. A local user can perform a denial of service (DoS) attack.
1066) NULL pointer dereference (CVE-ID: CVE-2025-37844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_handle_cancelled_close() function in fs/smb/client/smb2misc.c. A local user can perform a denial of service (DoS) attack.
1067) Resource management error (CVE-ID: CVE-2025-37842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fsl_qspi_cleanup(), fsl_qspi_probe(), fsl_qspi_remove() and module_platform_driver() functions in drivers/spi/spi-fsl-qspi.c. A local user can perform a denial of service (DoS) attack.
1068) NULL pointer dereference (CVE-ID: CVE-2025-37841)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prepare_default_config() function in tools/power/cpupower/bench/parse.c. A local user can perform a denial of service (DoS) attack.
1069) Use of uninitialized resource (CVE-ID: CVE-2025-37840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the brcmnand_resume() function in drivers/mtd/nand/raw/brcmnand/brcmnand.c. A local user can perform a denial of service (DoS) attack.
1070) Input validation error (CVE-ID: CVE-2025-37839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jbd2_journal_update_sb_log_tail() function in fs/jbd2/journal.c. A local user can perform a denial of service (DoS) attack.
1071) Memory leak (CVE-ID: CVE-2025-37836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_register_host_bridge() function in drivers/pci/probe.c. A local user can perform a denial of service (DoS) attack.
1072) NULL pointer dereference (CVE-ID: CVE-2025-37831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_soc_cpufreq_get_rate() function in drivers/cpufreq/apple-soc-cpufreq.c. A local user can perform a denial of service (DoS) attack.
1073) NULL pointer dereference (CVE-ID: CVE-2025-37830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scmi_cpufreq_get_rate() function in drivers/cpufreq/scmi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
1074) NULL pointer dereference (CVE-ID: CVE-2025-37829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_cpufreq_get_rate() function in drivers/cpufreq/scpi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
1075) NULL pointer dereference (CVE-ID: CVE-2025-37828)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufshcd_mcq_abort() function in drivers/ufs/core/ufs-mcq.c. A local user can perform a denial of service (DoS) attack.
1076) Improper error handling (CVE-ID: CVE-2025-37827)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the btrfs_load_block_group_zone_info() function in fs/btrfs/zoned.c. A local user can perform a denial of service (DoS) attack.
1077) Improper error handling (CVE-ID: CVE-2025-37826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ufshcd_mcq_compl_pending_transfer() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
1078) NULL pointer dereference (CVE-ID: CVE-2025-37824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_mon_reinit_self() function in net/tipc/monitor.c. A local user can perform a denial of service (DoS) attack.
1079) Input validation error (CVE-ID: CVE-2025-37823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
1080) Buffer overflow (CVE-ID: CVE-2025-37822)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch_uprobe_copy_ixol() function in arch/riscv/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.
1081) Memory leak (CVE-ID: CVE-2025-37820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xennet_run_xdp() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
1082) Double free (CVE-ID: CVE-2025-37819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gicv2m_of_init() function in drivers/irqchip/irq-gic-v2m.c. A local user can perform a denial of service (DoS) attack.
1083) Double free (CVE-ID: CVE-2025-37817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the chameleon_parse_gdd() function in drivers/mcb/mcb-parse.c. A local user can perform a denial of service (DoS) attack.
1084) Improper locking (CVE-ID: CVE-2025-37816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the VSC_TP_PACKET_SIZE(), vsc_tp_dev_xfer() and vsc_tp_xfer() functions in drivers/misc/mei/vsc-tp.c. A local user can perform a denial of service (DoS) attack.
1085) Improper locking (CVE-ID: CVE-2025-37815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci1xxxx_gpio_irq_handler() function in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c. A local user can perform a denial of service (DoS) attack.
1086) Input validation error (CVE-ID: CVE-2025-37813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xhci_queue_ctrl_tx() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
1087) Improper locking (CVE-ID: CVE-2025-37812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns3_device_thread_irq_handler() function in drivers/usb/cdns3/cdns3-gadget.c. A local user can perform a denial of service (DoS) attack.
1088) NULL pointer dereference (CVE-ID: CVE-2025-37811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpu_latency_qos_remove_request() and ci_hdrc_imx_remove() functions in drivers/usb/chipidea/ci_hdrc_imx.c. A local user can perform a denial of service (DoS) attack.
1089) Out-of-bounds read (CVE-ID: CVE-2025-37810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dwc3_check_event_buf() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
1090) NULL pointer dereference (CVE-ID: CVE-2025-37809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the typec_register_partner(), typec_unregister_partner(), typec_get_partner(), typec_partner_attach(), typec_partner_deattach() and typec_register_port() functions in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.
1091) Resource management error (CVE-ID: CVE-2025-37808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX(), MODULE_ALIAS_CRYPTO() and EXPORT_SYMBOL_GPL() functions in crypto/crypto_null.c. A local user can perform a denial of service (DoS) attack.
1092) Improper locking (CVE-ID: CVE-2025-37805)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtsnd_pcm_parse_cfg() function in sound/virtio/virtio_pcm.c. A local user can perform a denial of service (DoS) attack.
1093) Buffer overflow (CVE-ID: CVE-2025-37803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udmabuf_create() function in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.
1094) NULL pointer dereference (CVE-ID: CVE-2025-37801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the spi_imx_transfer_one() function in drivers/spi/spi-imx.c. A local user can perform a denial of service (DoS) attack.
1095) NULL pointer dereference (CVE-ID: CVE-2025-37800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_uevent_name() and dev_uevent() functions in drivers/base/core.c, within the bus_rescan_devices_helper() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
1096) Memory leak (CVE-ID: CVE-2025-37799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
1097) Memory leak (CVE-ID: CVE-2025-37796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at76_disconnect() function in drivers/net/wireless/atmel/at76c50x-usb.c. A local user can perform a denial of service (DoS) attack.
1098) NULL pointer dereference (CVE-ID: CVE-2025-37794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
1099) Improper error handling (CVE-ID: CVE-2025-37793)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the avs_component_probe() function in sound/soc/intel/avs/pcm.c. A local user can perform a denial of service (DoS) attack.
1100) NULL pointer dereference (CVE-ID: CVE-2025-37792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl_dev_err() function in drivers/bluetooth/btrtl.c. A local user can perform a denial of service (DoS) attack.
1101) Input validation error (CVE-ID: CVE-2025-37790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_sk_hash() function in net/mctp/af_mctp.c. A local user can perform a denial of service (DoS) attack.
1102) Input validation error (CVE-ID: CVE-2025-37789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
1103) Memory leak (CVE-ID: CVE-2025-37788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cxgb4_init_ethtool_filters() function in drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c. A local user can perform a denial of service (DoS) attack.
1104) Input validation error (CVE-ID: CVE-2025-37787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv88e6xxx_teardown_devlink_regions_global() function in drivers/net/dsa/mv88e6xxx/devlink.c. A local user can perform a denial of service (DoS) attack.
1105) Use-after-free (CVE-ID: CVE-2025-37786)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dsa_tree_teardown_lags(), dsa_tree_setup(), dsa_tree_teardown_switches() and dsa_tree_teardown() functions in net/dsa/dsa.c. A local user can escalate privileges on the system.
1106) NULL pointer dereference (CVE-ID: CVE-2025-37784)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the icss_iep_perout_enable_hw() and icss_iep_perout_enable() functions in drivers/net/ethernet/ti/icssg/icss_iep.c. A local user can perform a denial of service (DoS) attack.
1107) Resource management error (CVE-ID: CVE-2025-37781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.
1108) Out-of-bounds read (CVE-ID: CVE-2025-37780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_fh_to_parent() function in fs/isofs/export.c. A local user can perform a denial of service (DoS) attack.
1109) Use-after-free (CVE-ID: CVE-2025-37778)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A remote attacker can trick the victim into connecting to a malicious SMB server and execute arbitrary code on the target system.
1110) Use-after-free (CVE-ID: CVE-2025-37777)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_transport() function in fs/smb/server/transport_tcp.c, within the ksmbd_conn_free() function in fs/smb/server/connection.c. A local user can escalate privileges on the system.
1111) Resource management error (CVE-ID: CVE-2025-37775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ksmbd_vfs_write() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
1112) Input validation error (CVE-ID: CVE-2025-37773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c. A local user can perform a denial of service (DoS) attack.
1113) NULL pointer dereference (CVE-ID: CVE-2025-37772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.
1114) Division by zero (CVE-ID: CVE-2025-37771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the arcturus_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c. A local user can perform a denial of service (DoS) attack.
1115) Division by zero (CVE-ID: CVE-2025-37770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the vega10_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c. A local user can perform a denial of service (DoS) attack.
1116) Division by zero (CVE-ID: CVE-2025-37769)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu_v11_0_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c. A local user can perform a denial of service (DoS) attack.
1117) Division by zero (CVE-ID: CVE-2025-37768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu7_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c. A local user can perform a denial of service (DoS) attack.
1118) Division by zero (CVE-ID: CVE-2025-37767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu_v13_0_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c. A local user can perform a denial of service (DoS) attack.
1119) Input validation error (CVE-ID: CVE-2025-37766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vega20_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c. A local user can perform a denial of service (DoS) attack.
1120) Use-after-free (CVE-ID: CVE-2025-37765)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nouveau_gem_object_del() function in drivers/gpu/drm/nouveau/nouveau_gem.c, within the nouveau_bo_del_ttm() function in drivers/gpu/drm/nouveau/nouveau_bo.c. A local user can escalate privileges on the system.
1121) Memory leak (CVE-ID: CVE-2025-37764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pvr_fw_process(), kfree() and pvr_fw_cleanup() functions in drivers/gpu/drm/imagination/pvr_fw.c. A local user can perform a denial of service (DoS) attack.
1122) Use-after-free (CVE-ID: CVE-2025-37763)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nouveau_gem_object_del() function in drivers/gpu/drm/nouveau/nouveau_gem.c, within the nouveau_bo_del_ttm() function in drivers/gpu/drm/nouveau/nouveau_bo.c. A local user can escalate privileges on the system.
1123) Out-of-bounds read (CVE-ID: CVE-2025-37761)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xe_gt_tlb_invalidation_ggtt() and xe_gt_tlb_invalidation_range() functions in drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c. A local user can perform a denial of service (DoS) attack.
1124) NULL pointer dereference (CVE-ID: CVE-2025-37759)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ublk_complete_rq() and __ublk_fail_req() functions in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
1125) NULL pointer dereference (CVE-ID: CVE-2025-37758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pxa_ata_probe() function in drivers/ata/pata_pxa.c. A local user can perform a denial of service (DoS) attack.
1126) Memory leak (CVE-ID: CVE-2025-37757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_link_xmit() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
1127) NULL pointer dereference (CVE-ID: CVE-2025-37755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wx_alloc_mapped_page() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
1128) Buffer overflow (CVE-ID: CVE-2025-37754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the intel_uc_init_late() function in drivers/gpu/drm/i915/gt/uc/intel_uc.c, within the intel_huc_init_early() and intel_huc_fini() functions in drivers/gpu/drm/i915/gt/uc/intel_huc.c. A local user can perform a denial of service (DoS) attack.
1129) Out-of-bounds read (CVE-ID: CVE-2025-37749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ppp_sync_txmunge() function in drivers/net/ppp/ppp_synctty.c. A local user can perform a denial of service (DoS) attack.
1130) NULL pointer dereference (CVE-ID: CVE-2025-37748)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_iommu_probe() function in drivers/iommu/mtk_iommu.c. A local user can perform a denial of service (DoS) attack.
1131) Improper locking (CVE-ID: CVE-2025-37745)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hibernate_compressor_param_set() function in kernel/power/hibernate.c. A local user can perform a denial of service (DoS) attack.
1132) Memory leak (CVE-ID: CVE-2025-37744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_pci_remove() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
1133) Use-after-free (CVE-ID: CVE-2025-37742)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the diMount() function in fs/jfs/jfs_imap.c. A local user can escalate privileges on the system.
1134) Improper locking (CVE-ID: CVE-2025-37741)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the diReadSpecial() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
1135) Input validation error (CVE-ID: CVE-2025-37740)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
1136) Out-of-bounds read (CVE-ID: CVE-2025-37739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_truncate_inode_blocks() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
1137) Use-after-free (CVE-ID: CVE-2025-37738)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can escalate privileges on the system.
1138) Resource management error (CVE-ID: CVE-2025-23163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vlan_dev_open(), vlan_dev_stop() and vlan_dev_change_rx_flags() functions in net/8021q/vlan_dev.c. A local user can perform a denial of service (DoS) attack.
1139) Improper locking (CVE-ID: CVE-2025-23161)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmd_pci_read(), vmd_pci_write() and vmd_probe() functions in drivers/pci/controller/vmd.c. A local user can perform a denial of service (DoS) attack.
1140) Memory leak (CVE-ID: CVE-2025-23160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
1141) Buffer overflow (CVE-ID: CVE-2025-23159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the venus_sfr_print() function in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.
1142) Out-of-bounds write (CVE-ID: CVE-2025-23158)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the venus_write_queue() and venus_read_queue() functions in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can execute arbitrary code.
1143) Out-of-bounds read (CVE-ID: CVE-2025-23157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the init_codecs() function in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.
1144) Out-of-bounds read (CVE-ID: CVE-2025-23156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fill_buf_mode(), parse_alloc_mode(), fill_profile_level(), parse_profile_level(), fill_caps(), parse_caps(), fill_raw_fmts(), parse_raw_formats(), parse_codecs(), hfi_platform_parser() and hfi_parser() functions in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.
1145) Resource management error (CVE-ID: CVE-2025-23155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stmmac_request_irq_multi_msi() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
1146) Improper locking (CVE-ID: CVE-2025-23151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mhi_gen_tre() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
1147) Use-after-free (CVE-ID: CVE-2025-23150)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_split() function in fs/ext4/namei.c. A local user can escalate privileges on the system.
1148) Improper error handling (CVE-ID: CVE-2025-23149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tpm_get_random() function in drivers/char/tpm/tpm-interface.c, within the tpm_try_get_ops() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.
1149) NULL pointer dereference (CVE-ID: CVE-2025-23148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the exynos_chipid_probe() function in drivers/soc/samsung/exynos-chipid.c. A local user can perform a denial of service (DoS) attack.
1150) NULL pointer dereference (CVE-ID: CVE-2025-23147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i3c_master_unregister_i3c_devs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
1151) NULL pointer dereference (CVE-ID: CVE-2025-23146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kb3930_probe() function in drivers/mfd/ene-kb3930.c. A local user can perform a denial of service (DoS) attack.
1152) NULL pointer dereference (CVE-ID: CVE-2025-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subflow_hmac_valid() and subflow_syn_recv_sock() functions in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
1153) Improper locking (CVE-ID: CVE-2025-23144)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the led_bl_remove() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.
1154) NULL pointer dereference (CVE-ID: CVE-2025-23143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_lock_init() and sk_prot_free() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
1155) Use-after-free (CVE-ID: CVE-2025-23142)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_transport_free() function in net/sctp/transport.c, within the sctp_writeable(), sctp_sendmsg_to_asoc(), sctp_sock_rfree() and sctp_wait_for_sndbuf() functions in net/sctp/socket.c. A local user can escalate privileges on the system.
1156) Improper locking (CVE-ID: CVE-2025-23141)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl_get_mpstate() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
1157) Memory leak (CVE-ID: CVE-2025-23140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_endpoint_test_release_irq() function in drivers/misc/pci_endpoint_test.c. A local user can perform a denial of service (DoS) attack.
1158) Out-of-bounds read (CVE-ID: CVE-2025-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath11k_reg_notifier(), ath11k_regd_update() and ath11k_regd_update_work() functions in drivers/net/wireless/ath/ath11k/reg.c. A local user can perform a denial of service (DoS) attack.
1159) Improper locking (CVE-ID: CVE-2025-23130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the MAIN_SECS(), spin_unlock(), __get_next_segno(), new_curseg() and f2fs_randomize_chunk() functions in fs/f2fs/segment.c, within the f2fs_expand_inode_data() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
1160) Resource management error (CVE-ID: CVE-2025-23129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __free_irq() function in drivers/net/wireless/ath/ath11k/pci.c. A local user can perform a denial of service (DoS) attack.
1161) Resource management error (CVE-ID: CVE-2025-22128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath12k_pci_probe() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
1162) Use-after-free (CVE-ID: CVE-2025-22126)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mddev_put(), md_seq_show(), EXPORT_SYMBOL_GPL(), md_notify_reboot(), md_autostart_arrays() and md_exit() functions in drivers/md/md.c. A local user can escalate privileges on the system.
1163) Improper locking (CVE-ID: CVE-2025-22125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid10_read_request() and raid10_write_one_disk() functions in drivers/md/raid10.c, within the raid1_read_request() and raid1_write_request() functions in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.
1164) Input validation error (CVE-ID: CVE-2025-22124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __write_sb_page() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
1165) Use-after-free (CVE-ID: CVE-2025-22121)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_xattr_check_block(), __xattr_check_inode(), ext4_xattr_ibody_get(), ext4_xattr_ibody_list(), ext4_get_inode_usage(), ext4_xattr_ibody_find() and sizeof() functions in fs/ext4/xattr.c, within the ext4_iget_extra_inode() function in fs/ext4/inode.c. A local user can escalate privileges on the system.
1166) Improper locking (CVE-ID: CVE-2025-22120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_setattr() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
1167) Use-after-free (CVE-ID: CVE-2025-22115)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_create_pending_block_groups() function in fs/btrfs/block-group.c. A local user can escalate privileges on the system.
1168) Improper locking (CVE-ID: CVE-2025-22113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_handle_error(), ext4_put_super() and ext4_load_and_init_journal() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
1169) Out-of-bounds read (CVE-ID: CVE-2025-22107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sja1105_table_delete_entry() function in drivers/net/dsa/sja1105/sja1105_static_config.c. A local user can perform a denial of service (DoS) attack.
1170) Resource management error (CVE-ID: CVE-2025-22106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmxnet3_rq_cleanup() and vmxnet3_rq_destroy() functions in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
1171) Resource management error (CVE-ID: CVE-2025-22105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bond_set_xfrm_features() function in drivers/net/bonding/bond_options.c, within the bond_sk_check(), bond_xdp_set_features() and bond_xdp_set() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
1172) NULL pointer dereference (CVE-ID: CVE-2025-22103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ipvlan_l3s_unregister() function in drivers/net/ipvlan/ipvlan_l3s.c. A local user can perform a denial of service (DoS) attack.
1173) Improper locking (CVE-ID: CVE-2025-22102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nxp_download_firmware() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
1174) Input validation error (CVE-ID: CVE-2025-22101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the wx_tx_csum() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
1175) NULL pointer dereference (CVE-ID: CVE-2025-22037)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_handle_negotiate(), alloc_preauth_hash(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the destroy_previous_session() function in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.
1176) Buffer overflow (CVE-ID: CVE-2025-22026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd_show() function in fs/nfsd/stats.c, within the nfsd_net_init() function in fs/nfsd/nfsctl.c. A local user can perform a denial of service (DoS) attack.
1177) Improper locking (CVE-ID: CVE-2025-21931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_migrate_range() function in mm/memory_hotplug.c. A local user can perform a denial of service (DoS) attack.
1178) Resource management error (CVE-ID: CVE-2025-21884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c, within the smc_create_clcsk() function in net/smc/af_smc.c, within the rds_tcp_tune() function in net/rds/tcp.c, within the netlink_release() function in net/netlink/af_netlink.c, within the mptcp_subflow_create_socket() function in net/mptcp/subflow.c, within the sk_alloc(), EXPORT_SYMBOL(), __sk_destruct() and sk_clone_lock() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
1179) NULL pointer dereference (CVE-ID: CVE-2025-21833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the domain_remove_dev_pasid() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.