SB2026033148 - Ubuntu update for linux-azure
Published: March 31, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 172 secuirty vulnerabilities.
1) Insufficient Entropy (CVE-ID: CVE-2025-62626)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient entropy in Zen 5 processors, which causes the RDSEED instruction to return 0 at a rate inconsistent with randomness while incorrectly signaling success (CF=1), indicating a potential misclassification of failure as success. A local user can escalate privileges on the system.
2) Use of uninitialized resource (CVE-ID: CVE-2025-71128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c. A local user can perform a denial of service (DoS) attack.
3) Out-of-bounds read (CVE-ID: CVE-2025-68766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mchp_eic_domain_alloc() function in drivers/irqchip/irq-mchp-eic.c. A local user can perform a denial of service (DoS) attack.
4) Memory leak (CVE-ID: CVE-2025-68765)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mt7615_mcu_wtbl_sta_add() function in drivers/net/wireless/mediatek/mt76/mt7615/mcu.c. A local user can perform a denial of service (DoS) attack.
5) Improper locking (CVE-ID: CVE-2025-68764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_get_tree_common() function in fs/nfs/super.c. A local user can perform a denial of service (DoS) attack.
6) Improper error handling (CVE-ID: CVE-2025-68763)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the starfive_hash_digest() function in drivers/crypto/starfive/jh7110-hash.c. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2025-68762)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __netpoll_setup() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
8) Out-of-bounds read (CVE-ID: CVE-2025-68760)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iommu_mmio_write() function in drivers/iommu/amd/debugfs.c. A local user can perform a denial of service (DoS) attack.
9) Memory leak (CVE-ID: CVE-2025-68759)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtl8180_init_rx_ring() and rtl8180_start() functions in drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c. A local user can perform a denial of service (DoS) attack.
10) NULL pointer dereference (CVE-ID: CVE-2025-68758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the led_bl_probe() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2025-68757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vgem_fence_create() function in drivers/gpu/drm/vgem/vgem_fence.c. A local user can perform a denial of service (DoS) attack.
12) Improper locking (CVE-ID: CVE-2025-68756)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blk_mq_quiesce_tagset(), blk_mq_unquiesce_tagset(), blk_mq_del_queue_tag_set() and blk_mq_add_queue_tag_set() functions in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
13) NULL pointer dereference (CVE-ID: CVE-2025-68755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the function in drivers/staging/most/i2c/i2c.c. A local user can perform a denial of service (DoS) attack.
14) Double free (CVE-ID: CVE-2025-68754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the aml_rtc_probe() and SIMPLE_DEV_PM_OPS() functions in drivers/rtc/rtc-amlogic-a4.c. A local user can perform a denial of service (DoS) attack.
15) Buffer overflow (CVE-ID: CVE-2025-68753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hwdep_read() function in sound/firewire/motu/motu-hwdep.c. A local user can escalate privileges on the system.
16) NULL pointer dereference (CVE-ID: CVE-2025-68752)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iavf_ptp_gettimex64() and iavf_ptp_register_clock() functions in drivers/net/ethernet/intel/iavf/iavf_ptp.c. A local user can perform a denial of service (DoS) attack.
17) Use of uninitialized resource (CVE-ID: CVE-2025-68751)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the arch/s390/include/asm/fpu-insn.h. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2025-68749)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ivpu_gem_bo_free() function in drivers/accel/ivpu/ivpu_gem.c. A local user can escalate privileges on the system.
19) Use-after-free (CVE-ID: CVE-2025-68748)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panthor_sched_unplug() function in drivers/gpu/drm/panthor/panthor_sched.c. A local user can escalate privileges on the system.
20) Use-after-free (CVE-ID: CVE-2025-68747)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panthor_gem_free_object() function in drivers/gpu/drm/panthor/panthor_gem.c. A local user can escalate privileges on the system.
21) Improper error handling (CVE-ID: CVE-2025-68746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tegra_qspi_handle_error(), tegra_qspi_combined_seq_xfer(), tegra_qspi_non_combined_seq_xfer(), handle_cpu_based_xfer() and tegra_qspi_isr_thread() functions in drivers/spi/spi-tegra210-quad.c. A local user can perform a denial of service (DoS) attack.
22) Use-after-free (CVE-ID: CVE-2025-68744)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the free_htab_elem() function in kernel/bpf/hashtab.c. A local user can escalate privileges on the system.
23) Resource management error (CVE-ID: CVE-2025-68743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mshv_partition_region_by_gfn() and mshv_partition_create_region() functions in drivers/hv/mshv_root_main.c. A local user can perform a denial of service (DoS) attack.
24) Resource management error (CVE-ID: CVE-2025-68742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_prog_inc_misses_counter() function in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.
25) Use-after-free (CVE-ID: CVE-2025-68741)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla2xxx_process_purls_iocb() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can escalate privileges on the system.
26) Improper error handling (CVE-ID: CVE-2025-68740)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ima_match_rules() function in security/integrity/ima/ima_policy.c. A local user can perform a denial of service (DoS) attack.
27) Use-after-free (CVE-ID: CVE-2025-68739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hisi_uncore_target() function in drivers/devfreq/hisi_uncore_freq.c. A local user can escalate privileges on the system.
28) NULL pointer dereference (CVE-ID: CVE-2025-68738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h. A local user can perform a denial of service (DoS) attack.
29) Use-after-free (CVE-ID: CVE-2025-68735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panthor_fdinfo_gather_group_samples(), panthor_group_create(), panthor_group_destroy() and panthor_fdinfo_gather_group_mem_info() functions in drivers/gpu/drm/panthor/panthor_sched.c. A local user can escalate privileges on the system.
30) Resource management error (CVE-ID: CVE-2025-68733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_setattr() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.
31) Improper locking (CVE-ID: CVE-2025-68732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the syncpt_release() and host1x_syncpt_put() functions in drivers/gpu/host1x/syncpt.c. A local user can perform a denial of service (DoS) attack.
32) Input validation error (CVE-ID: CVE-2025-68730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ivpu_bo_unbind_all_bos_from_context(), ivpu_gem_create_object(), ivpu_gem_prime_import() and ivpu_bo_alloc() functions in drivers/accel/ivpu/ivpu_gem.c. A local user can perform a denial of service (DoS) attack.
33) Memory leak (CVE-ID: CVE-2025-68729)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_hal_desc_reo_parse_err() function in drivers/net/wireless/ath/ath12k/hal_rx.c. A local user can perform a denial of service (DoS) attack.
34) Buffer overflow (CVE-ID: CVE-2025-68728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_get_bh() function in fs/ntfs3/fsntfs.c. A local user can perform a denial of service (DoS) attack.
35) Buffer overflow (CVE-ID: CVE-2025-68727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_link_inode() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
36) Buffer overflow (CVE-ID: CVE-2025-68726)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the crypto_aead_init_tfm() function in crypto/aead.c. A local user can escalate privileges on the system.
37) Integer overflow (CVE-ID: CVE-2025-68724)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the asymmetric_key_generate_id() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can execute arbitrary code.
38) Resource management error (CVE-ID: CVE-2025-68380)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_wmi_send_peer_assoc_cmd() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can perform a denial of service (DoS) attack.
39) NULL pointer dereference (CVE-ID: CVE-2025-68379)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rxe_srq_from_attr() function in drivers/infiniband/sw/rxe/rxe_srq.c. A local user can perform a denial of service (DoS) attack.
40) Out-of-bounds read (CVE-ID: CVE-2025-68378)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __bpf_get_stackid() and BPF_CALL_3() functions in kernel/bpf/stackmap.c. A local user can perform a denial of service (DoS) attack.
41) Use-after-free (CVE-ID: CVE-2025-68376)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tmc_etr_get_sysfs_buffer() function in drivers/hwtracing/coresight/coresight-tmc-etr.c. A local user can escalate privileges on the system.
42) NULL pointer dereference (CVE-ID: CVE-2025-68375)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the x86_pmu_enable(), x86_pmu_start(), x86_pmu_stop() and x86_pmu_del() functions in arch/x86/events/core.c. A local user can perform a denial of service (DoS) attack.
43) Use-after-free (CVE-ID: CVE-2025-68374)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/md/md.h. A local user can escalate privileges on the system.
44) Use-after-free (CVE-ID: CVE-2025-68373)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/md/md.h. A local user can escalate privileges on the system.
45) Use-after-free (CVE-ID: CVE-2025-68372)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the recv_work() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
46) Use-after-free (CVE-ID: CVE-2025-68371)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pqi_device_reset() and pqi_sdev_destroy() functions in drivers/scsi/smartpqi/smartpqi_init.c. A local user can escalate privileges on the system.
47) Resource management error (CVE-ID: CVE-2025-68370)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/coresight.h. A local user can perform a denial of service (DoS) attack.
48) Improper locking (CVE-ID: CVE-2025-68369)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_read_mft() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
49) Improper locking (CVE-ID: CVE-2025-68367)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mac_hid_toggle_emumouse() function in drivers/macintosh/mac_hid.c. A local user can perform a denial of service (DoS) attack.
50) Use-after-free (CVE-ID: CVE-2025-68366)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_genl_connect() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
51) Input validation error (CVE-ID: CVE-2025-68364)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __ocfs2_move_extent() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
52) Resource management error (CVE-ID: CVE-2025-68363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_5() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
53) Integer underflow (CVE-ID: CVE-2025-68362)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the rtl8187_rx_cb() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can execute arbitrary code.
54) Stack-based buffer overflow (CVE-ID: CVE-2025-68361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the erofs_fc_fill_super() function in fs/erofs/super.c. A local user can perform a denial of service (DoS) attack.
55) Resource management error (CVE-ID: CVE-2025-68360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/soc/mediatek/mtk_wed.h. A local user can perform a denial of service (DoS) attack.
56) Use-after-free (CVE-ID: CVE-2025-68359)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the init_delayed_ref_head(), add_delayed_ref_head() and add_delayed_ref() functions in fs/btrfs/delayed-ref.c. A local user can escalate privileges on the system.
57) Improper locking (CVE-ID: CVE-2025-68358)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/btrfs/space-info.h. A local user can perform a denial of service (DoS) attack.
58) Improper locking (CVE-ID: CVE-2025-68356)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gfs2_fill_super() function in fs/gfs2/ops_fstype.c. A local user can perform a denial of service (DoS) attack.
59) Use-after-free (CVE-ID: CVE-2025-68354)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the regulator_supply_alias(), regulator_register_supply_alias() and regulator_unregister_supply_alias() functions in drivers/regulator/core.c. A local user can escalate privileges on the system.
60) Out-of-bounds read (CVE-ID: CVE-2025-68352)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ch341_transfer_one() function in drivers/spi/spi-ch341.c. A local user can perform a denial of service (DoS) attack.
61) Buffer overflow (CVE-ID: CVE-2025-68349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pnfs_mark_layout_stateid_invalid() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
62) Memory leak (CVE-ID: CVE-2025-68348)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __blkdev_issue_zero_pages() function in block/blk-lib.c. A local user can perform a denial of service (DoS) attack.
63) Buffer overflow (CVE-ID: CVE-2025-68347)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hwdep_read() function in sound/firewire/motu/motu-hwdep.c. A local user can escalate privileges on the system.
64) Out-of-bounds read (CVE-ID: CVE-2025-68346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detect_stream_formats() function in sound/firewire/dice/dice-extension.c. A local user can perform a denial of service (DoS) attack.
65) NULL pointer dereference (CVE-ID: CVE-2025-68345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cs35l41_hda_read_acpi() function in sound/hda/codecs/side-codecs/cs35l41_hda.c. A local user can perform a denial of service (DoS) attack.
66) Input validation error (CVE-ID: CVE-2025-68344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in sound/isa/wavefront/wavefront_synth.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2025-68343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gs_usb_receive_bulk_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
68) Input validation error (CVE-ID: CVE-2025-68342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gs_usb_get_echo_skb() and gs_usb_receive_bulk_callback() functions in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
69) Use of uninitialized resource (CVE-ID: CVE-2025-68341)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the veth_poll() function in drivers/net/veth.c. A local user can perform a denial of service (DoS) attack.
70) Resource management error (CVE-ID: CVE-2025-68340)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the team_port_add() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
71) Improper locking (CVE-ID: CVE-2025-68339)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fore200e_open() function in drivers/atm/fore200e.c. A local user can perform a denial of service (DoS) attack.
72) Use of uninitialized resource (CVE-ID: CVE-2025-68338)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ksz_setup() function in drivers/net/dsa/microchip/ksz_common.c. A local user can perform a denial of service (DoS) attack.
73) Reachable assertion (CVE-ID: CVE-2025-68337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the jbd2_journal_get_create_access() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
74) Improper locking (CVE-ID: CVE-2025-68336)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_raw_read_unlock() function in kernel/locking/spinlock_debug.c. A local user can perform a denial of service (DoS) attack.
75) NULL pointer dereference (CVE-ID: CVE-2025-68335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcl818_detach() function in drivers/comedi/drivers/pcl818.c. A local user can perform a denial of service (DoS) attack.
76) Resource management error (CVE-ID: CVE-2025-68334)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/platform/x86/amd/pmc/pmc.h. A local user can perform a denial of service (DoS) attack.
77) Improper locking (CVE-ID: CVE-2025-68333)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_sched_ext_class() function in kernel/sched/ext.c. A local user can perform a denial of service (DoS) attack.
78) Resource management error (CVE-ID: CVE-2025-68332)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the c6xdigio_attach() function in drivers/comedi/drivers/c6xdigio.c. A local user can perform a denial of service (DoS) attack.
79) Use-after-free (CVE-ID: CVE-2025-68331)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uas_queuecommand_lck() function in drivers/usb/storage/uas.c. A local user can escalate privileges on the system.
80) NULL pointer dereference (CVE-ID: CVE-2025-68330)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/iio/accel/bmc150-accel.h. A local user can perform a denial of service (DoS) attack.
81) Buffer overflow (CVE-ID: CVE-2025-68329)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tracing_buffers_mmap_close() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
82) Resource management error (CVE-ID: CVE-2025-68328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stratix10_svc_drv_probe() function in drivers/firmware/stratix10-svc.c. A local user can perform a denial of service (DoS) attack.
83) Resource management error (CVE-ID: CVE-2025-68327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
84) NULL pointer dereference (CVE-ID: CVE-2025-68326)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xe_guc_ct_init_noalloc() function in drivers/gpu/drm/xe/xe_guc_ct.c. A local user can perform a denial of service (DoS) attack.
85) NULL pointer dereference (CVE-ID: CVE-2025-68325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cake_drop(), cake_reconfigure() and cake_enqueue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
86) Use-after-free (CVE-ID: CVE-2025-68324)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the imm_detach() function in drivers/scsi/imm.c. A local user can escalate privileges on the system.
87) Use-after-free (CVE-ID: CVE-2025-68323)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gaokun_ucsi_remove() function in drivers/usb/typec/ucsi/ucsi_huawei_gaokun.c. A local user can escalate privileges on the system.
88) Buffer overflow (CVE-ID: CVE-2025-68308)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvaser_usb_leaf_wait_cmd() and kvaser_usb_leaf_read_bulk_callback() functions in drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c. A local user can escalate privileges on the system.
89) Improper locking (CVE-ID: CVE-2025-68307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gs_usb_xmit_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
90) NULL pointer dereference (CVE-ID: CVE-2025-68306)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/bluetooth/hci_core.h. A local user can perform a denial of service (DoS) attack.
91) Use-after-free (CVE-ID: CVE-2025-68305)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_sock_bind() function in net/bluetooth/hci_sock.c. A local user can escalate privileges on the system.
92) Use-after-free (CVE-ID: CVE-2025-68304)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sco_disconn_cfm() function in net/bluetooth/sco.c. A local user can escalate privileges on the system.
93) Buffer overflow (CVE-ID: CVE-2025-68303)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the intel_punit_ipc_probe() function in drivers/platform/x86/intel/punit_ipc.c. A local user can escalate privileges on the system.
94) NULL pointer dereference (CVE-ID: CVE-2025-68302)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sxgbe_rx() function in drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c. A local user can perform a denial of service (DoS) attack.
95) Out-of-bounds read (CVE-ID: CVE-2025-68301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aq_ring_rx_clean() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c. A local user can perform a denial of service (DoS) attack.
96) Memory leak (CVE-ID: CVE-2025-68300)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the grab_requested_mnt_ns() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
97) Improper error handling (CVE-ID: CVE-2025-68299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the afs_request_key_rcu() and afs_permission() functions in fs/afs/security.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2025-68298)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btusb_mtk_claim_iso_intf() function in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.
99) Improper locking (CVE-ID: CVE-2025-68297)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the decrypt_control_remainder() and process_v2_sparse_read() functions in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
100) Out-of-bounds read (CVE-ID: CVE-2025-68296)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fbcon_fb_unregistered() and do_fb_registered() functions in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
101) Memory leak (CVE-ID: CVE-2025-68295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_construct_tcon() function in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
102) Buffer overflow (CVE-ID: CVE-2025-68294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_sendmsg_zc() function in io_uring/net.c. A local user can perform a denial of service (DoS) attack.
103) NULL pointer dereference (CVE-ID: CVE-2025-68293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the split_huge_page_to_list_to_order() function in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
104) Memory leak (CVE-ID: CVE-2025-68292)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the memfd_alloc_folio() function in mm/memfd.c. A local user can perform a denial of service (DoS) attack.
105) Use-after-free (CVE-ID: CVE-2025-68290)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdm_probe() function in drivers/most/most_usb.c. A local user can escalate privileges on the system.
106) Memory leak (CVE-ID: CVE-2025-68289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_unwrap() function in drivers/usb/gadget/function/f_eem.c. A local user can perform a denial of service (DoS) attack.
107) Memory leak (CVE-ID: CVE-2025-68288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_stor_Bulk_transport() function in drivers/usb/storage/transport.c. A local user can perform a denial of service (DoS) attack.
108) Use-after-free (CVE-ID: CVE-2025-68287)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dwc3_gadget_giveback() function in drivers/usb/dwc3/gadget.c. A local user can escalate privileges on the system.
109) NULL pointer dereference (CVE-ID: CVE-2025-68286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_scanoutpos() function in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
110) Use-after-free (CVE-ID: CVE-2025-68285)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the monmap_show() and osdmap_show() functions in net/ceph/debugfs.c. A local user can escalate privileges on the system.
111) Out-of-bounds read (CVE-ID: CVE-2025-68284)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_auth_session_key() function in net/ceph/auth_x.c. A local user can perform a denial of service (DoS) attack.
112) Buffer overflow (CVE-ID: CVE-2025-68283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the decode_new_primary_temp(), ceph_get_primary_affinity(), decode_new_primary_affinity() and decode_new_up_state_weight() functions in net/ceph/osdmap.c. A local user can escalate privileges on the system.
113) Use-after-free (CVE-ID: CVE-2025-68282)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/usb/gadget.h. A local user can escalate privileges on the system.
114) Resource management error (CVE-ID: CVE-2025-68281)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the find_sdca_entity_control() function in sound/soc/sdca/sdca_functions.c. A local user can perform a denial of service (DoS) attack.
115) Buffer overflow (CVE-ID: CVE-2025-68266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bfs_iget() function in fs/bfs/inode.c. A local user can perform a denial of service (DoS) attack.
116) Use-after-free (CVE-ID: CVE-2025-68265)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_remove_admin_tag_set() and nvme_free_ctrl() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
117) Improper locking (CVE-ID: CVE-2025-68264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
118) Use-after-free (CVE-ID: CVE-2025-68263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipc_msg_send_request() function in fs/smb/server/transport_ipc.c. A local user can escalate privileges on the system.
119) Double free (CVE-ID: CVE-2025-68262)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the zstd_init() and zstd_mod_init() functions in crypto/zstd.c. A local user can perform a denial of service (DoS) attack.
120) Reachable assertion (CVE-ID: CVE-2025-68261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ext4_destroy_inline_data_nolock() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
121) Resource management error (CVE-ID: CVE-2025-68259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the is_vmware_backdoor_opcode() and x86_emulate_instruction() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
122) Improper locking (CVE-ID: CVE-2025-68258)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the multiq3_attach() function in drivers/comedi/drivers/multiq3.c. A local user can perform a denial of service (DoS) attack.
123) NULL pointer dereference (CVE-ID: CVE-2025-68257)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the compat_chaninfo(), compat_rangeinfo(), compat_cmd(), compat_cmdtest(), compat_insnlist() and compat_insn() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
124) Out-of-bounds read (CVE-ID: CVE-2025-68256)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_get_ie() function in drivers/staging/rtl8723bs/core/rtw_ieee80211.c. A local user can perform a denial of service (DoS) attack.
125) Buffer overflow (CVE-ID: CVE-2025-68255)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the OnAssocReq() function in drivers/staging/rtl8723bs/core/rtw_mlme_ext.c. A local user can escalate privileges on the system.
126) Out-of-bounds read (CVE-ID: CVE-2025-68254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the OnBeacon() function in drivers/staging/rtl8723bs/core/rtw_mlme_ext.c. A local user can perform a denial of service (DoS) attack.
127) NULL pointer dereference (CVE-ID: CVE-2025-68238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cadence_nand_irq_cleanup() and cadence_nand_init() functions in drivers/mtd/nand/raw/cadence-nand-controller.c. A local user can perform a denial of service (DoS) attack.
128) Integer overflow (CVE-ID: CVE-2025-68237)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the mtdchar_write_ioctl() and mtdchar_read_ioctl() functions in drivers/mtd/mtdchar.c. A local user can execute arbitrary code.
129) Improper locking (CVE-ID: CVE-2025-68236)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufs_qcom_suspend() function in drivers/ufs/host/ufs-qcom.c. A local user can perform a denial of service (DoS) attack.
130) Memory leak (CVE-ID: CVE-2025-68235)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvkm_falcon_fw_dtor() function in drivers/gpu/drm/nouveau/nvkm/falcon/fw.c. A local user can perform a denial of service (DoS) attack.
131) Input validation error (CVE-ID: CVE-2025-68234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_uring_cmd_timestamp() function in io_uring/cmd_net.c. A local user can perform a denial of service (DoS) attack.
132) Memory leak (CVE-ID: CVE-2025-68233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tegra_drm_ioctl_channel_open() function in drivers/gpu/drm/tegra/uapi.c. A local user can perform a denial of service (DoS) attack.
133) Improper locking (CVE-ID: CVE-2025-68232)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the veth_xmit(), veth_xdp_rcv() and veth_poll() functions in drivers/net/veth.c. A local user can perform a denial of service (DoS) attack.
134) Infinite loop (CVE-ID: CVE-2025-68231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the check_element() and poison_element() functions in mm/mempool.c. A local user can perform a denial of service (DoS) attack.
135) Out-of-bounds read (CVE-ID: CVE-2025-68230)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gfx_v9_4_3_cp_resume() function in drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c. A local user can perform a denial of service (DoS) attack.
136) NULL pointer dereference (CVE-ID: CVE-2025-68229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_loop_tpg_address_show() function in drivers/target/loopback/tcm_loop.c. A local user can perform a denial of service (DoS) attack.
137) NULL pointer dereference (CVE-ID: CVE-2025-68228)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the create_in_format_blob() function in drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
138) Resource management error (CVE-ID: CVE-2025-68227)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_wnd_end() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
139) Use of uninitialized resource (CVE-ID: CVE-2025-68225)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the kho_test_init() function in lib/test_kho.c. A local user can perform a denial of service (DoS) attack.
140) Improper locking (CVE-ID: CVE-2025-68223)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the radeon_fence_is_signaled() function in drivers/gpu/drm/radeon/radeon_fence.c. A local user can perform a denial of service (DoS) attack.
141) Use of uninitialized resource (CVE-ID: CVE-2025-68222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the s32_pinctrl_probe() function in drivers/pinctrl/nxp/pinctrl-s32cc.c. A local user can perform a denial of service (DoS) attack.
142) Resource management error (CVE-ID: CVE-2025-68221)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_add_addr_received() function in net/mptcp/pm_kernel.c. A local user can perform a denial of service (DoS) attack.
143) Improper error handling (CVE-ID: CVE-2025-68220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the of_channel_match_helper() and knav_dma_open_channel() functions in drivers/soc/ti/knav_dma.c. A local user can perform a denial of service (DoS) attack.
144) Memory leak (CVE-ID: CVE-2025-68219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
145) Improper locking (CVE-ID: CVE-2025-68218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_mpath_set_live() function in drivers/nvme/host/multipath.c. A local user can perform a denial of service (DoS) attack.
146) Out-of-bounds read (CVE-ID: CVE-2025-68217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pegasus_probe() function in drivers/input/tablet/pegasus_notetaker.c. A local user can perform a denial of service (DoS) attack.
147) Use of uninitialized resource (CVE-ID: CVE-2025-68215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ice_ptp_init() function in drivers/net/ethernet/intel/ice/ice_ptp.c. A local user can perform a denial of service (DoS) attack.
148) NULL pointer dereference (CVE-ID: CVE-2025-68214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __try_to_del_timer_sync() function in kernel/time/timer.c. A local user can perform a denial of service (DoS) attack.
149) NULL pointer dereference (CVE-ID: CVE-2025-68213)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_remove() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
150) NULL pointer dereference (CVE-ID: CVE-2025-68212)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the statmount_string() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
151) Out-of-bounds read (CVE-ID: CVE-2025-40345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sddr55_write_data() function in drivers/usb/storage/sddr55.c. A local user can perform a denial of service (DoS) attack.
152) NULL pointer dereference (CVE-ID: CVE-2025-40290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xsk_cq_reserve_locked(), xsk_cq_cancel_locked(), xsk_destruct_skb(), xsk_build_skb_zerocopy(), xsk_build_skb() and xsk_init() functions in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
153) Out-of-bounds read (CVE-ID: CVE-2025-40266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __do_ffa_mem_xfer() function in arch/arm64/kvm/hyp/nvhe/ffa.c. A local user can perform a denial of service (DoS) attack.
154) Improper error handling (CVE-ID: CVE-2025-40265)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fat_fill_super() function in fs/fat/inode.c. A local user can perform a denial of service (DoS) attack.
155) NULL pointer dereference (CVE-ID: CVE-2025-40264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_xmit_flush(), be_send_pkt_to_bmc() and be_xmit() functions in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
156) Improper locking (CVE-ID: CVE-2025-40263)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cros_ec_keyb_work() function in drivers/input/keyboard/cros_ec_keyb.c. A local user can perform a denial of service (DoS) attack.
157) Buffer overflow (CVE-ID: CVE-2025-40262)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the imx_sc_key_probe() function in drivers/input/keyboard/imx_sc_key.c. A local user can escalate privileges on the system.
158) Improper locking (CVE-ID: CVE-2025-40261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_delete_ctrl() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
159) NULL pointer dereference (CVE-ID: CVE-2025-40260)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scx_alloc_and_add_sched() function in kernel/sched/ext.c. A local user can perform a denial of service (DoS) attack.
160) Input validation error (CVE-ID: CVE-2025-40259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sg_remove_sfp_usercontext() function in drivers/scsi/sg.c. A local user can perform a denial of service (DoS) attack.
161) Use-after-free (CVE-ID: CVE-2025-40258)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_reset_rtx_timer() function in net/mptcp/protocol.c. A local user can escalate privileges on the system.
162) Use-after-free (CVE-ID: CVE-2025-40257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_remove_anno_list_by_saddr(), mptcp_pm_del_add_timer() and mptcp_pm_free_anno_list() functions in net/mptcp/pm.c. A local user can escalate privileges on the system.
163) NULL pointer dereference (CVE-ID: CVE-2025-40255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the generic_hwtstamp_ioctl_lower() function in net/core/dev_ioctl.c. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2025-40254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the net/openvswitch/flow_netlink.h. A local user can perform a denial of service (DoS) attack.
165) Input validation error (CVE-ID: CVE-2025-40253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mpc_rcvd_sweep_req() function in drivers/s390/net/ctcm_mpc.c. A local user can perform a denial of service (DoS) attack.
166) Out-of-bounds read (CVE-ID: CVE-2025-40252)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qede_tpa_cont() and qede_tpa_end() functions in drivers/net/ethernet/qlogic/qede/qede_fp.c. A local user can perform a denial of service (DoS) attack.
167) Memory leak (CVE-ID: CVE-2025-40251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devl_rate_nodes_destroy() function in net/devlink/rate.c. A local user can perform a denial of service (DoS) attack.
168) Input validation error (CVE-ID: CVE-2025-40250)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_irq_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c. A local user can perform a denial of service (DoS) attack.
169) Use-after-free (CVE-ID: CVE-2025-40249)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lineinfo_changed_notify() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.
170) Use-after-free (CVE-ID: CVE-2025-40248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vsock_connect() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
171) NULL pointer dereference (CVE-ID: CVE-2025-40247)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_iommu_pagetable_prealloc_allocate() and msm_iommu_pagetable_prealloc_cleanup() functions in drivers/gpu/drm/msm/msm_iommu.c. A local user can perform a denial of service (DoS) attack.
172) Out-of-bounds read (CVE-ID: CVE-2025-40246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xrep_symlink_salvage_inline() function in fs/xfs/scrub/symlink_repair.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.