SB2026040265 - Ubuntu update for linux-raspi
Published: April 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 334 secuirty vulnerabilities.
1) Improper Access Control (CVE-ID: CVE-2026-23268)
The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.
The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.
The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.
2) Out-of-bounds read (CVE-ID: CVE-2026-23269)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the AppArmor subsystem's DFA state table validation when processing untrusted policy data. A local user can provide a specially crafted AppArmor policy with an out-of-bounds start state to trigger an out-of-bounds read during policy unpacking.
Exploitation requires the ability to load or modify AppArmor policies, which typically requires privileged access. The out-of-bounds read may expose contents of kernel memory.
3) Input validation error (CVE-ID: CVE-2026-23047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the calc_target() function in net/ceph/osd_client.c. A local user can perform a denial of service (DoS) attack.
4) Memory leak (CVE-ID: CVE-2026-23021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the update_eth_regs_async() function in drivers/net/usb/pegasus.c. A local user can perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2026-23020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vortex_probe1() function in drivers/net/ethernet/3com/3c59x.c. A local user can perform a denial of service (DoS) attack.
6) NULL pointer dereference (CVE-ID: CVE-2026-23019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prestera_devlink_alloc() function in drivers/net/ethernet/marvell/prestera/prestera_devlink.c. A local user can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2026-22992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mon_handle_auth_done() function in net/ceph/mon_client.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2026-22991)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_choose_arg_map() function in net/ceph/osdmap.c. A local user can escalate privileges on the system.
9) Input validation error (CVE-ID: CVE-2026-22990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the osdmap_apply_incremental() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
10) Out-of-bounds read (CVE-ID: CVE-2026-22984)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the process_auth_done() function in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2026-22982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocelot_set_aggr_pgids() function in drivers/net/ethernet/mscc/ocelot.c. A local user can perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2026-22980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/nfsd/state.h. A local user can escalate privileges on the system.
13) Buffer overflow (CVE-ID: CVE-2026-22978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the compat_private_call() function in net/wireless/wext-priv.c. A local user can perform a denial of service (DoS) attack.
14) Memory leak (CVE-ID: CVE-2026-22977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sock_enable_timestamp() and sock_recv_errqueue() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2026-22976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qfq_reset_qdisc() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2025-71182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the j1939_session_activate() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
17) Improper locking (CVE-ID: CVE-2025-71180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the interrupt_cnt_probe() function in drivers/counter/interrupt-cnt.c. A local user can perform a denial of service (DoS) attack.
18) Memory leak (CVE-ID: CVE-2025-71154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the async_set_registers() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
19) Memory leak (CVE-ID: CVE-2025-71147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_load_cmd() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
20) Out-of-bounds read (CVE-ID: CVE-2025-71137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the otx2_set_ringparam() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c. A local user can perform a denial of service (DoS) attack.
21) Out-of-bounds read (CVE-ID: CVE-2025-71136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the adv7842_cp_log_status() function in drivers/media/i2c/adv7842.c. A local user can perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2025-71133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the irdma_net_event() function in drivers/infiniband/hw/irdma/utils.c. A local user can perform a denial of service (DoS) attack.
23) Memory leak (CVE-ID: CVE-2025-71132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smc_rcv() function in drivers/net/ethernet/smsc/smc91x.c. A local user can perform a denial of service (DoS) attack.
24) Double free (CVE-ID: CVE-2025-71131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the seqiv_aead_encrypt() function in crypto/seqiv.c. A local user can perform a denial of service (DoS) attack.
25) Resource management error (CVE-ID: CVE-2025-71127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_rx_h_mgmt_check() function in net/mac80211/rx.c. A local user can perform a denial of service (DoS) attack.
26) NULL pointer dereference (CVE-ID: CVE-2025-71125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_event_reg() function in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
27) Input validation error (CVE-ID: CVE-2025-71121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gsc_set_affinity_irq() function in drivers/parisc/gsc.c. A local user can perform a denial of service (DoS) attack.
28) NULL pointer dereference (CVE-ID: CVE-2025-71120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
29) NULL pointer dereference (CVE-ID: CVE-2025-71118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ns_walk_namespace() function in drivers/acpi/acpica/nswalk.c. A local user can perform a denial of service (DoS) attack.
30) Out-of-bounds read (CVE-ID: CVE-2025-71116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_pool() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
31) Buffer overflow (CVE-ID: CVE-2025-71114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the wdt_probe() function in drivers/watchdog/via_wdt.c. A local user can perform a denial of service (DoS) attack.
32) Use of uninitialized resource (CVE-ID: CVE-2025-71113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the rng_accept_parent() function in crypto/algif_rng.c. A local user can perform a denial of service (DoS) attack.
33) Out-of-bounds read (CVE-ID: CVE-2025-71112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hclge_set_vlan_filter() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
34) Race condition (CVE-ID: CVE-2025-71111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/hwmon/w83791d.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
35) Input validation error (CVE-ID: CVE-2025-71108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ucsi_init() function in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
36) Resource management error (CVE-ID: CVE-2025-71105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fs/f2fs/xattr.h. A local user can perform a denial of service (DoS) attack.
37) Improper locking (CVE-ID: CVE-2025-71104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the advance_periodic_target_expiration() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
38) Input validation error (CVE-ID: CVE-2025-71102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the scs_check_usage() function in kernel/scs.c. A local user can perform a denial of service (DoS) attack.
39) Improper error handling (CVE-ID: CVE-2025-71098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ip6gre_header() function in net/ipv6/ip6_gre.c. A local user can perform a denial of service (DoS) attack.
40) Memory leak (CVE-ID: CVE-2025-71097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fib_table_flush() function in net/ipv4/fib_trie.c. A local user can perform a denial of service (DoS) attack.
41) NULL pointer dereference (CVE-ID: CVE-2025-71096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ib_nl_handle_ip_res_resp() function in drivers/infiniband/core/addr.c. A local user can perform a denial of service (DoS) attack.
42) Resource management error (CVE-ID: CVE-2025-71094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the asix_read_phy_addr() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
43) Buffer overflow (CVE-ID: CVE-2025-71093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the e1000_tbi_should_accept() function in drivers/net/ethernet/intel/e1000/e1000_main.c. A local user can escalate privileges on the system.
44) Improper error handling (CVE-ID: CVE-2025-71091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __team_queue_override_enabled_check() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
45) Off-by-one (CVE-ID: CVE-2025-71087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the iavf_config_rss_reg() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
46) Memory leak (CVE-ID: CVE-2025-71086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rose_kill_by_device() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.
47) Resource management error (CVE-ID: CVE-2025-71085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the calipso_skbuff_setattr() function in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
48) Improper resource shutdown or release (CVE-ID: CVE-2025-71084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the destroy_mc() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
49) NULL pointer dereference (CVE-ID: CVE-2025-71083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ttm_bo_vm_access() function in drivers/gpu/drm/ttm/ttm_bo_vm.c. A local user can perform a denial of service (DoS) attack.
50) Use-after-free (CVE-ID: CVE-2025-71082)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btusb_probe() and btusb_disconnect() functions in drivers/bluetooth/btusb.c. A local user can escalate privileges on the system.
51) Memory leak (CVE-ID: CVE-2025-71081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_sai_sub_parse_of(), stm32_sai_sub_probe() and stm32_sai_sub_remove() functions in sound/soc/stm/stm32_sai_sub.c. A local user can perform a denial of service (DoS) attack.
52) Improper locking (CVE-ID: CVE-2025-71079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() and nfc_unregister_device() functions in net/nfc/core.c. A local user can perform a denial of service (DoS) attack.
53) Resource management error (CVE-ID: CVE-2025-71078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the preload_age() function in arch/powerpc/mm/book3s64/slb.c. A local user can perform a denial of service (DoS) attack.
54) Out-of-bounds read (CVE-ID: CVE-2025-71077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/tpm.h. A local user can perform a denial of service (DoS) attack.
55) Race condition (CVE-ID: CVE-2025-71075)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the asd_pci_remove() function in drivers/scsi/aic94xx/aic94xx_init.c. A local user can escalate privileges on the system.
56) Buffer overflow (CVE-ID: CVE-2025-71069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_rename() function in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
57) Buffer overflow (CVE-ID: CVE-2025-71068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the svc_rdma_copy_inline_range() function in net/sunrpc/xprtrdma/svc_rdma_rw.c. A local user can perform a denial of service (DoS) attack.
58) Use-after-free (CVE-ID: CVE-2025-71066)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can escalate privileges on the system.
59) Use of uninitialized resource (CVE-ID: CVE-2025-71064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hclgevf_knic_setup() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c. A local user can perform a denial of service (DoS) attack.
60) NULL pointer dereference (CVE-ID: CVE-2025-68820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
61) Out-of-bounds read (CVE-ID: CVE-2025-68819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtv5100_i2c_msg() function in drivers/media/usb/dvb-usb/dtv5100.c. A local user can perform a denial of service (DoS) attack.
62) Input validation error (CVE-ID: CVE-2025-68818)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
63) Input validation error (CVE-ID: CVE-2025-68816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.h. A local user can perform a denial of service (DoS) attack.
64) Resource management error (CVE-ID: CVE-2025-68815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
65) Memory leak (CVE-ID: CVE-2025-68814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __io_openat_prep() function in io_uring/openclose.c. A local user can perform a denial of service (DoS) attack.
66) NULL pointer dereference (CVE-ID: CVE-2025-68813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __ip_vs_get_out_rt() function in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
67) Use-after-free (CVE-ID: CVE-2025-68808)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vidtv_channel_si_init() function in drivers/media/test-drivers/vidtv/vidtv_channel.c. A local user can escalate privileges on the system.
68) Use-after-free (CVE-ID: CVE-2025-68804)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cros_ec_ishtp_remove() function in drivers/platform/chrome/cros_ec_ishtp.c. A local user can escalate privileges on the system.
69) Input validation error (CVE-ID: CVE-2025-68803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/nfsd/vfs.h. A local user can perform a denial of service (DoS) attack.
70) Use-after-free (CVE-ID: CVE-2025-68801)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_neigh_entry_alloc(), mlxsw_sp_nexthop_dead_neigh_replace(), mlxsw_sp_nexthop_neigh_init() and mlxsw_sp_nexthop_neigh_fini() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c. A local user can escalate privileges on the system.
71) Use-after-free (CVE-ID: CVE-2025-68800)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_mr_route_add() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c. A local user can escalate privileges on the system.
72) Use of uninitialized resource (CVE-ID: CVE-2025-68799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cffrml_receive() function in net/caif/cffrml.c. A local user can perform a denial of service (DoS) attack.
73) NULL pointer dereference (CVE-ID: CVE-2025-68797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ac_ioctl() function in drivers/char/applicom.c. A local user can perform a denial of service (DoS) attack.
74) Improper error handling (CVE-ID: CVE-2025-68796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_do_zero_range() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
75) Buffer overflow (CVE-ID: CVE-2025-68795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ethtool_get_strings(), ethtool_get_stats(), ethtool_get_phy_stats_phydev(), ethtool_get_phy_stats_ethtool() and ethtool_get_phy_stats() functions in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.
76) Input validation error (CVE-ID: CVE-2025-68788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __fsnotify_parent() function in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.
77) Memory leak (CVE-ID: CVE-2025-68787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_output() function in net/netrom/nr_out.c. A local user can perform a denial of service (DoS) attack.
78) Out-of-bounds read (CVE-ID: CVE-2025-68785)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_and_copy_set_tun() and __ovs_nla_copy_actions() functions in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
79) Input validation error (CVE-ID: CVE-2025-68783)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the get_meter_levels_from_urb() function in sound/usb/mixer_us16x08.c. A local user can perform a denial of service (DoS) attack.
80) NULL pointer dereference (CVE-ID: CVE-2025-68782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the target_cmd_init_cdb() function in drivers/target/target_core_transport.c. A local user can perform a denial of service (DoS) attack.
81) Improper locking (CVE-ID: CVE-2025-68780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dec_dl_deadline(), rq_online_dl() and rq_offline_dl() functions in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
82) Out-of-bounds read (CVE-ID: CVE-2025-68777)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the titsc_config_wires() function in drivers/input/touchscreen/ti_am335x_tsc.c. A local user can perform a denial of service (DoS) attack.
83) NULL pointer dereference (CVE-ID: CVE-2025-68776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prp_get_untagged_frame() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
84) Incorrect calculation (CVE-ID: CVE-2025-68774)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __hfs_bnode_create() function in fs/hfsplus/bnode.c. A local user can perform a denial of service (DoS) attack.
85) Improper error handling (CVE-ID: CVE-2025-68771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_claim_suballoc_bits() function in fs/ocfs2/suballoc.c. A local user can perform a denial of service (DoS) attack.
86) Improper error handling (CVE-ID: CVE-2025-68769)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_fill_super() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
87) Improper privilege management (CVE-ID: CVE-2025-68767)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the hfsplus_get_perms() and hfsplus_cat_read_inode() functions in fs/hfsplus/inode.c. A local user can read and manipulate data.
88) Memory leak (CVE-ID: CVE-2025-68765)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mt7615_mcu_wtbl_sta_add() function in drivers/net/wireless/mediatek/mt76/mt7615/mcu.c. A local user can perform a denial of service (DoS) attack.
89) Improper locking (CVE-ID: CVE-2025-68764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_get_tree_common() function in fs/nfs/super.c. A local user can perform a denial of service (DoS) attack.
90) Memory leak (CVE-ID: CVE-2025-68759)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtl8180_init_rx_ring() and rtl8180_start() functions in drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c. A local user can perform a denial of service (DoS) attack.
91) NULL pointer dereference (CVE-ID: CVE-2025-68758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the led_bl_probe() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.
92) Improper locking (CVE-ID: CVE-2025-68757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vgem_fence_create() function in drivers/gpu/drm/vgem/vgem_fence.c. A local user can perform a denial of service (DoS) attack.
93) Improper error handling (CVE-ID: CVE-2025-68746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tegra_qspi_handle_error(), tegra_qspi_combined_seq_xfer(), tegra_qspi_non_combined_seq_xfer(), handle_cpu_based_xfer() and tegra_qspi_isr_thread() functions in drivers/spi/spi-tegra210-quad.c. A local user can perform a denial of service (DoS) attack.
94) Improper error handling (CVE-ID: CVE-2025-68740)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ima_match_rules() function in security/integrity/ima/ima_policy.c. A local user can perform a denial of service (DoS) attack.
95) Memory leak (CVE-ID: CVE-2025-68734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the setup_instance() and hfcsusb_probe() functions in drivers/isdn/hardware/mISDN/hfcsusb.c. A local user can perform a denial of service (DoS) attack.
96) Resource management error (CVE-ID: CVE-2025-68733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_setattr() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.
97) Improper locking (CVE-ID: CVE-2025-68732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the syncpt_release() and host1x_syncpt_put() functions in drivers/gpu/host1x/syncpt.c. A local user can perform a denial of service (DoS) attack.
98) Buffer overflow (CVE-ID: CVE-2025-68728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_get_bh() function in fs/ntfs3/fsntfs.c. A local user can perform a denial of service (DoS) attack.
99) Buffer overflow (CVE-ID: CVE-2025-68727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_link_inode() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
100) Integer overflow (CVE-ID: CVE-2025-68724)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the asymmetric_key_generate_id() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can execute arbitrary code.
101) Use-after-free (CVE-ID: CVE-2025-68372)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the recv_work() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
102) Improper locking (CVE-ID: CVE-2025-68367)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mac_hid_toggle_emumouse() function in drivers/macintosh/mac_hid.c. A local user can perform a denial of service (DoS) attack.
103) Use-after-free (CVE-ID: CVE-2025-68366)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_genl_connect() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
104) Input validation error (CVE-ID: CVE-2025-68364)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __ocfs2_move_extent() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
105) Integer underflow (CVE-ID: CVE-2025-68362)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the rtl8187_rx_cb() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can execute arbitrary code.
106) Use-after-free (CVE-ID: CVE-2025-68354)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the regulator_supply_alias(), regulator_register_supply_alias() and regulator_unregister_supply_alias() functions in drivers/regulator/core.c. A local user can escalate privileges on the system.
107) Buffer overflow (CVE-ID: CVE-2025-68349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pnfs_mark_layout_stateid_invalid() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
108) Out-of-bounds read (CVE-ID: CVE-2025-68346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detect_stream_formats() function in sound/firewire/dice/dice-extension.c. A local user can perform a denial of service (DoS) attack.
109) Input validation error (CVE-ID: CVE-2025-68344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in sound/isa/wavefront/wavefront_synth.c. A local user can perform a denial of service (DoS) attack.
110) Improper locking (CVE-ID: CVE-2025-68339)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fore200e_open() function in drivers/atm/fore200e.c. A local user can perform a denial of service (DoS) attack.
111) Reachable assertion (CVE-ID: CVE-2025-68337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the jbd2_journal_get_create_access() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
112) Improper locking (CVE-ID: CVE-2025-68336)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_raw_read_unlock() function in kernel/locking/spinlock_debug.c. A local user can perform a denial of service (DoS) attack.
113) NULL pointer dereference (CVE-ID: CVE-2025-68335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcl818_detach() function in drivers/comedi/drivers/pcl818.c. A local user can perform a denial of service (DoS) attack.
114) Resource management error (CVE-ID: CVE-2025-68332)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the c6xdigio_attach() function in drivers/comedi/drivers/c6xdigio.c. A local user can perform a denial of service (DoS) attack.
115) Use-after-free (CVE-ID: CVE-2025-68331)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uas_queuecommand_lck() function in drivers/usb/storage/uas.c. A local user can escalate privileges on the system.
116) NULL pointer dereference (CVE-ID: CVE-2025-68330)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/iio/accel/bmc150-accel.h. A local user can perform a denial of service (DoS) attack.
117) Resource management error (CVE-ID: CVE-2025-68328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stratix10_svc_drv_probe() function in drivers/firmware/stratix10-svc.c. A local user can perform a denial of service (DoS) attack.
118) Resource management error (CVE-ID: CVE-2025-68327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
119) NULL pointer dereference (CVE-ID: CVE-2025-68325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cake_drop(), cake_reconfigure() and cake_enqueue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
120) Buffer overflow (CVE-ID: CVE-2025-68321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __page_pool_alloc_pages_slow() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
121) Resource management error (CVE-ID: CVE-2025-68312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
122) Buffer overflow (CVE-ID: CVE-2025-68308)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvaser_usb_leaf_wait_cmd() and kvaser_usb_leaf_read_bulk_callback() functions in drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c. A local user can escalate privileges on the system.
123) Buffer overflow (CVE-ID: CVE-2025-68303)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the intel_punit_ipc_probe() function in drivers/platform/x86/intel/punit_ipc.c. A local user can escalate privileges on the system.
124) NULL pointer dereference (CVE-ID: CVE-2025-68302)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sxgbe_rx() function in drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c. A local user can perform a denial of service (DoS) attack.
125) Out-of-bounds read (CVE-ID: CVE-2025-68301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aq_ring_rx_clean() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c. A local user can perform a denial of service (DoS) attack.
126) Memory leak (CVE-ID: CVE-2025-68295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_construct_tcon() function in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
127) Use-after-free (CVE-ID: CVE-2025-68290)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdm_probe() function in drivers/most/most_usb.c. A local user can escalate privileges on the system.
128) Memory leak (CVE-ID: CVE-2025-68289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_unwrap() function in drivers/usb/gadget/function/f_eem.c. A local user can perform a denial of service (DoS) attack.
129) Memory leak (CVE-ID: CVE-2025-68288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_stor_Bulk_transport() function in drivers/usb/storage/transport.c. A local user can perform a denial of service (DoS) attack.
130) Use-after-free (CVE-ID: CVE-2025-68287)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dwc3_gadget_giveback() function in drivers/usb/dwc3/gadget.c. A local user can escalate privileges on the system.
131) NULL pointer dereference (CVE-ID: CVE-2025-68286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_scanoutpos() function in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
132) Use-after-free (CVE-ID: CVE-2025-68285)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the monmap_show() and osdmap_show() functions in net/ceph/debugfs.c. A local user can escalate privileges on the system.
133) Out-of-bounds read (CVE-ID: CVE-2025-68284)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_auth_session_key() function in net/ceph/auth_x.c. A local user can perform a denial of service (DoS) attack.
134) Use-after-free (CVE-ID: CVE-2025-68282)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/usb/gadget.h. A local user can escalate privileges on the system.
135) Buffer overflow (CVE-ID: CVE-2025-68266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bfs_iget() function in fs/bfs/inode.c. A local user can perform a denial of service (DoS) attack.
136) Improper locking (CVE-ID: CVE-2025-68264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
137) Reachable assertion (CVE-ID: CVE-2025-68261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ext4_destroy_inline_data_nolock() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
138) Improper locking (CVE-ID: CVE-2025-68258)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the multiq3_attach() function in drivers/comedi/drivers/multiq3.c. A local user can perform a denial of service (DoS) attack.
139) NULL pointer dereference (CVE-ID: CVE-2025-68257)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the compat_chaninfo(), compat_rangeinfo(), compat_cmd(), compat_cmdtest(), compat_insnlist() and compat_insn() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
140) Buffer overflow (CVE-ID: CVE-2025-68255)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the OnAssocReq() function in drivers/staging/rtl8723bs/core/rtw_mlme_ext.c. A local user can escalate privileges on the system.
141) Out-of-bounds read (CVE-ID: CVE-2025-68254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the OnBeacon() function in drivers/staging/rtl8723bs/core/rtw_mlme_ext.c. A local user can perform a denial of service (DoS) attack.
142) Use of uninitialized resource (CVE-ID: CVE-2025-68249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hdm_probe() function in drivers/most/most_usb.c. A local user can perform a denial of service (DoS) attack.
143) Memory leak (CVE-ID: CVE-2025-68245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __netpoll_cleanup() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
144) Improper locking (CVE-ID: CVE-2025-68244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i915_vma_pin_ww() function in drivers/gpu/drm/i915/i915_vma.c. A local user can perform a denial of service (DoS) attack.
145) Memory leak (CVE-ID: CVE-2025-68241)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fnhe_remove_oldest() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
146) NULL pointer dereference (CVE-ID: CVE-2025-68238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cadence_nand_irq_cleanup() and cadence_nand_init() functions in drivers/mtd/nand/raw/cadence-nand-controller.c. A local user can perform a denial of service (DoS) attack.
147) NULL pointer dereference (CVE-ID: CVE-2025-68229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_loop_tpg_address_show() function in drivers/target/loopback/tcm_loop.c. A local user can perform a denial of service (DoS) attack.
148) Resource management error (CVE-ID: CVE-2025-68227)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_wnd_end() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
149) Improper error handling (CVE-ID: CVE-2025-68220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the of_channel_match_helper() and knav_dma_open_channel() functions in drivers/soc/ti/knav_dma.c. A local user can perform a denial of service (DoS) attack.
150) Out-of-bounds read (CVE-ID: CVE-2025-68217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pegasus_probe() function in drivers/input/tablet/pegasus_notetaker.c. A local user can perform a denial of service (DoS) attack.
151) Memory leak (CVE-ID: CVE-2025-68204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_pd_power_off() and scmi_pm_domain_probe() functions in drivers/firmware/arm_scmi/scmi_pm_domain.c. A local user can perform a denial of service (DoS) attack.
152) Resource management error (CVE-ID: CVE-2025-68200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cls_bpf_classify() function in net/sched/cls_bpf.c. A local user can perform a denial of service (DoS) attack.
153) Improper locking (CVE-ID: CVE-2025-68194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the send_packet(), usb_rx_callback_intf0() and usb_rx_callback_intf1() functions in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.
154) Input validation error (CVE-ID: CVE-2025-68192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
155) Improper error handling (CVE-ID: CVE-2025-68191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the udp_tunnel_nic_netdevice_event() function in net/ipv4/udp_tunnel_nic.c. A local user can perform a denial of service (DoS) attack.
156) Improper locking (CVE-ID: CVE-2025-68185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs4_setup_readdir() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
157) NULL pointer dereference (CVE-ID: CVE-2025-68177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the longhaul_exit() function in drivers/cpufreq/longhaul.c. A local user can perform a denial of service (DoS) attack.
158) NULL pointer dereference (CVE-ID: CVE-2025-68176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/pci/controller/cadence/pcie-cadence.h. A local user can perform a denial of service (DoS) attack.
159) Improper locking (CVE-ID: CVE-2025-68168)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the txInit() function in fs/jfs/jfs_txnmgr.c. A local user can perform a denial of service (DoS) attack.
160) Resource management error (CVE-ID: CVE-2025-40363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ah6_output_done() and ah6_output() functions in net/ipv6/ah6.c. A local user can perform a denial of service (DoS) attack.
161) NULL pointer dereference (CVE-ID: CVE-2025-40360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL() function in drivers/gpu/drm/drm_gem_atomic_helper.c. A local user can perform a denial of service (DoS) attack.
162) Improper locking (CVE-ID: CVE-2025-40351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_iget() function in fs/hfsplus/super.c. A local user can perform a denial of service (DoS) attack.
163) Out-of-bounds read (CVE-ID: CVE-2025-40349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/hfsplus/hfsplus_fs.h. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2025-40346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the topology_parse_cpu_capacity() function in drivers/base/arch_topology.c. A local user can perform a denial of service (DoS) attack.
165) Out-of-bounds read (CVE-ID: CVE-2025-40345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sddr55_write_data() function in drivers/usb/storage/sddr55.c. A local user can perform a denial of service (DoS) attack.
166) Improper locking (CVE-ID: CVE-2025-40343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_fc_delete_assoc_work() and nvmet_fc_delete_target_assoc() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
167) Improper locking (CVE-ID: CVE-2025-40342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_create_association() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
168) Out-of-bounds read (CVE-ID: CVE-2025-40331)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the inet_diag_msg_sctpladdrs_fill() function in net/sctp/diag.c. A local user can perform a denial of service (DoS) attack.
169) Race condition (CVE-ID: CVE-2025-40324)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the nfsd4_read() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
170) Out-of-bounds read (CVE-ID: CVE-2025-40322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bit_putcs_aligned() and bit_putcs_unaligned() functions in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.
171) NULL pointer dereference (CVE-ID: CVE-2025-40321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h. A local user can perform a denial of service (DoS) attack.
172) Use-after-free (CVE-ID: CVE-2025-40319)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ringbuf_map_alloc() function in kernel/bpf/ringbuf.c. A local user can escalate privileges on the system.
173) Improper error handling (CVE-ID: CVE-2025-40317)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __regmap_init_slimbus() and __devm_regmap_init_slimbus() functions in drivers/base/regmap/regmap-slimbus.c. A local user can perform a denial of service (DoS) attack.
174) NULL pointer dereference (CVE-ID: CVE-2025-40315)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ffs_func_eps_enable() function in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
175) Use-after-free (CVE-ID: CVE-2025-40314)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions in drivers/usb/cdns3/cdnsp-gadget.c. A local user can escalate privileges on the system.
176) Input validation error (CVE-ID: CVE-2025-40313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_read_mft() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
177) Input validation error (CVE-ID: CVE-2025-40312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_iget() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
178) Use-after-free (CVE-ID: CVE-2025-40309)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sco_sock_kill() function in net/bluetooth/sco.c. A local user can escalate privileges on the system.
179) NULL pointer dereference (CVE-ID: CVE-2025-40308)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bcsp_recv() function in drivers/bluetooth/hci_bcsp.c. A local user can perform a denial of service (DoS) attack.
180) Memory leak (CVE-ID: CVE-2025-40306)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the convert_to_internal_xattr_flags() and orangefs_inode_getxattr() functions in fs/orangefs/xattr.c. A local user can perform a denial of service (DoS) attack.
181) Out-of-bounds read (CVE-ID: CVE-2025-40304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bit_putcs() function in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.
182) Use-after-free (CVE-ID: CVE-2025-40283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btusb_disconnect() function in drivers/bluetooth/btusb.c. A local user can escalate privileges on the system.
183) Improper error handling (CVE-ID: CVE-2025-40282)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the recv_pkt() function in net/bluetooth/6lowpan.c. A local user can perform a denial of service (DoS) attack.
184) Out-of-bounds read (CVE-ID: CVE-2025-40281)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sctp_transport_update_rto() function in net/sctp/transport.c. A local user can perform a denial of service (DoS) attack.
185) Use-after-free (CVE-ID: CVE-2025-40280)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_net_finalize_work() function in net/tipc/net.c. A local user can escalate privileges on the system.
186) Memory leak (CVE-ID: CVE-2025-40279)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_connmark_dump() function in net/sched/act_connmark.c. A local user can perform a denial of service (DoS) attack.
187) Memory leak (CVE-ID: CVE-2025-40278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_ife_dump() function in net/sched/act_ife.c. A local user can perform a denial of service (DoS) attack.
188) Out-of-bounds read (CVE-ID: CVE-2025-40277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_cmd_check() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
189) NULL pointer dereference (CVE-ID: CVE-2025-40275)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_usb_mixer_controls_badd() function in sound/usb/mixer.c. A local user can perform a denial of service (DoS) attack.
190) Improper locking (CVE-ID: CVE-2025-40273)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs4_free_ol_stateid() function in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
191) Use-after-free (CVE-ID: CVE-2025-40272)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the secretmem_fault() function in mm/secretmem.c. A local user can escalate privileges on the system.
192) Use-after-free (CVE-ID: CVE-2025-40271)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pde_put(), remove_proc_entry() and remove_proc_subtree() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
193) Input validation error (CVE-ID: CVE-2025-40269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_usb_endpoint_set_params() function in sound/usb/endpoint.c. A local user can perform a denial of service (DoS) attack.
194) NULL pointer dereference (CVE-ID: CVE-2025-40264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_xmit_flush(), be_send_pkt_to_bmc() and be_xmit() functions in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
195) Improper locking (CVE-ID: CVE-2025-40263)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cros_ec_keyb_work() function in drivers/input/keyboard/cros_ec_keyb.c. A local user can perform a denial of service (DoS) attack.
196) Buffer overflow (CVE-ID: CVE-2025-40262)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the imx_sc_key_probe() function in drivers/input/keyboard/imx_sc_key.c. A local user can escalate privileges on the system.
197) Improper locking (CVE-ID: CVE-2025-40261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_delete_ctrl() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
198) Input validation error (CVE-ID: CVE-2025-40259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sg_remove_sfp_usercontext() function in drivers/scsi/sg.c. A local user can perform a denial of service (DoS) attack.
199) Use-after-free (CVE-ID: CVE-2025-40258)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_reset_rtx_timer() function in net/mptcp/protocol.c. A local user can escalate privileges on the system.
200) Use-after-free (CVE-ID: CVE-2025-40257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_remove_anno_list_by_saddr(), mptcp_pm_del_add_timer() and mptcp_pm_free_anno_list() functions in net/mptcp/pm.c. A local user can escalate privileges on the system.
201) NULL pointer dereference (CVE-ID: CVE-2025-40254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the net/openvswitch/flow_netlink.h. A local user can perform a denial of service (DoS) attack.
202) Input validation error (CVE-ID: CVE-2025-40253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mpc_rcvd_sweep_req() function in drivers/s390/net/ctcm_mpc.c. A local user can perform a denial of service (DoS) attack.
203) Out-of-bounds read (CVE-ID: CVE-2025-40252)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qede_tpa_cont() and qede_tpa_end() functions in drivers/net/ethernet/qlogic/qede/qede_fp.c. A local user can perform a denial of service (DoS) attack.
204) Use-after-free (CVE-ID: CVE-2025-40248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vsock_connect() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
205) Improper Initialization (CVE-ID: CVE-2025-40245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the find_limits() and setup_arch() functions in arch/nios2/kernel/setup.c. A local user can perform a denial of service (DoS) attack.
206) Improper locking (CVE-ID: CVE-2025-40244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfs_find_init() and hfs_brec_find() functions in fs/hfsplus/bfind.c. A local user can perform a denial of service (DoS) attack.
207) Use-after-free (CVE-ID: CVE-2025-40243)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfs_mdb_get() function in fs/hfs/mdb.c. A local user can escalate privileges on the system.
208) NULL pointer dereference (CVE-ID: CVE-2025-40240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_inq_pop() function in net/sctp/inqueue.c. A local user can perform a denial of service (DoS) attack.
209) Incorrect calculation (CVE-ID: CVE-2025-40233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __ocfs2_move_extents_range() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
210) Improper locking (CVE-ID: CVE-2025-40231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_assign_transport() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
211) Use-after-free (CVE-ID: CVE-2025-40223)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the release_mdev() and hdm_disconnect() functions in drivers/most/most_usb.c. A local user can escalate privileges on the system.
212) Improper locking (CVE-ID: CVE-2025-40220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fuse_file_release() function in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.
213) Improper locking (CVE-ID: CVE-2025-40219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sriov_add_vfs() and sriov_del_vfs() functions in drivers/pci/iov.c. A local user can perform a denial of service (DoS) attack.
214) Improper locking (CVE-ID: CVE-2025-40215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __xfrm_state_destroy(), __xfrm_state_delete(), xfrm_state_flush(), xfrm_flush_gc() and xfrm_state_fini() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
215) Use-after-free (CVE-ID: CVE-2025-40211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_video_bus_remove_notify_handler() function in drivers/acpi/acpi_video.c. A local user can escalate privileges on the system.
216) Out-of-bounds read (CVE-ID: CVE-2025-40205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_encode_fh() function in fs/btrfs/export.c. A local user can perform a denial of service (DoS) attack.
217) Resource management error (CVE-ID: CVE-2025-40204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
218) Resource management error (CVE-ID: CVE-2025-40200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
219) Resource management error (CVE-ID: CVE-2025-40194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the update_qos_request() function in drivers/cpufreq/intel_pstate.c. A local user can perform a denial of service (DoS) attack.
220) Input validation error (CVE-ID: CVE-2025-40188)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the berlin_pwm_suspend() and berlin_pwm_resume() functions in drivers/pwm/pwm-berlin.c. A local user can perform a denial of service (DoS) attack.
221) NULL pointer dereference (CVE-ID: CVE-2025-40187)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_sf_do_5_1D_ce() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
222) Memory leak (CVE-ID: CVE-2025-40183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __bpf_redirect_neigh_v6() and __bpf_redirect_neigh_v4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
223) Resource management error (CVE-ID: CVE-2025-40179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ext4_init_orphan_info() function in fs/ext4/orphan.c. A local user can perform a denial of service (DoS) attack.
224) NULL pointer dereference (CVE-ID: CVE-2025-40178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pid_nr_ns() function in kernel/pid.c. A local user can perform a denial of service (DoS) attack.
225) Input validation error (CVE-ID: CVE-2025-40173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip6_tnl_xmit() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.
226) Memory leak (CVE-ID: CVE-2025-40171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req(), __nvmet_fc_send_ls_req(), nvmet_fc_disconnect_assoc_done() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
227) Input validation error (CVE-ID: CVE-2025-40167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __ext4_iget() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
228) Out-of-bounds read (CVE-ID: CVE-2025-40154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the log_quirks() function in sound/soc/intel/boards/bytcr_rt5640.c. A local user can perform a denial of service (DoS) attack.
229) Improper locking (CVE-ID: CVE-2025-40153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hugetlb_change_protection() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
230) Improper locking (CVE-ID: CVE-2025-40140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtl8150_set_multicast() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
231) NULL pointer dereference (CVE-ID: CVE-2025-40134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __dm_suspend() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
232) Use of uninitialized resource (CVE-ID: CVE-2025-40127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ks_sa_rng_probe() function in drivers/char/hw_random/ks-sa-rng.c. A local user can perform a denial of service (DoS) attack.
233) Input validation error (CVE-ID: CVE-2025-40126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ENTRY() function in arch/sparc/lib/U1memcpy.S. A local user can perform a denial of service (DoS) attack.
234) Improper locking (CVE-ID: CVE-2025-40125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blk_mq_unregister_hctx() function in block/blk-mq-sysfs.c. A local user can perform a denial of service (DoS) attack.
235) Infinite loop (CVE-ID: CVE-2025-40124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the function in arch/sparc/lib/U3memcpy.S. A local user can perform a denial of service (DoS) attack.
236) Out-of-bounds read (CVE-ID: CVE-2025-40121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.
237) Improper locking (CVE-ID: CVE-2025-40120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ax88772_suspend(), ax88772_bind() and ax88772_unbind() functions in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.
238) Out-of-bounds read (CVE-ID: CVE-2025-40118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pm8001_dev_gone_notify() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.
239) NULL pointer dereference (CVE-ID: CVE-2025-40116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3421_probe() function in drivers/usb/host/max3421-hcd.c. A local user can perform a denial of service (DoS) attack.
240) Double free (CVE-ID: CVE-2025-40115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mpt3sas_transport_port_remove() function in drivers/scsi/mpt3sas/mpt3sas_transport.c. A local user can perform a denial of service (DoS) attack.
241) Buffer overflow (CVE-ID: CVE-2025-40112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ENTRY() function in arch/sparc/lib/NGmemcpy.S. A local user can perform a denial of service (DoS) attack.
242) Use-after-free (CVE-ID: CVE-2025-40111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_validation_add_resource() function in drivers/gpu/drm/vmwgfx/vmwgfx_validation.c. A local user can escalate privileges on the system.
243) Input validation error (CVE-ID: CVE-2025-40110)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vmw_cmd_dma() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
244) Input validation error (CVE-ID: CVE-2025-40109)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the crypto_del_default_rng() and crypto_register_rng() functions in crypto/rng.c. A local user can perform a denial of service (DoS) attack.
245) Improper error handling (CVE-ID: CVE-2025-40106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the comedi_buf_munge() function in drivers/comedi/comedi_buf.c. A local user can perform a denial of service (DoS) attack.
246) Memory leak (CVE-ID: CVE-2025-40105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the d_alloc() function in fs/dcache.c. A local user can perform a denial of service (DoS) attack.
247) NULL pointer dereference (CVE-ID: CVE-2025-40094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acm_bind() function in drivers/usb/gadget/function/f_acm.c. A local user can perform a denial of service (DoS) attack.
248) NULL pointer dereference (CVE-ID: CVE-2025-40092)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ncm_bind() function in drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.
249) Out-of-bounds read (CVE-ID: CVE-2025-40088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_strcasecmp() and hfsplus_strcmp() functions in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
250) Resource management error (CVE-ID: CVE-2025-40087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nfsd4_ff_proc_getdeviceinfo() function in fs/nfsd/flexfilelayout.c. A local user can perform a denial of service (DoS) attack.
251) NULL pointer dereference (CVE-ID: CVE-2025-40085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_alias_quirk() function in sound/usb/card.c. A local user can perform a denial of service (DoS) attack.
252) NULL pointer dereference (CVE-ID: CVE-2025-40083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the agg_dequeue() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
253) Buffer overflow (CVE-ID: CVE-2025-40081)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/perf/arm_spe_pmu.c. A local user can escalate privileges on the system.
254) Resource management error (CVE-ID: CVE-2025-40078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_addr_is_valid_access() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
255) Use-after-free (CVE-ID: CVE-2025-40070)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pps_register_cdev() function in drivers/pps/pps.c. A local user can escalate privileges on the system.
256) Input validation error (CVE-ID: CVE-2025-40068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the run_unpack() and run_get_highest_vcn() functions in fs/ntfs3/run.c. A local user can perform a denial of service (DoS) attack.
257) NULL pointer dereference (CVE-ID: CVE-2025-40060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_trbe_alloc_buffer() function in drivers/hwtracing/coresight/coresight-trbe.c. A local user can perform a denial of service (DoS) attack.
258) Double free (CVE-ID: CVE-2025-40055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the user_cluster_connect() function in fs/ocfs2/stack_user.c. A local user can perform a denial of service (DoS) attack.
259) NULL pointer dereference (CVE-ID: CVE-2025-40053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the function in drivers/net/ethernet/dlink/dl2k.c. A local user can perform a denial of service (DoS) attack.
260) Use of uninitialized resource (CVE-ID: CVE-2025-40049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the fs/squashfs/squashfs_fs_i.h. A local user can perform a denial of service (DoS) attack.
261) Memory leak (CVE-ID: CVE-2025-40048)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_channel_cb(), hv_uio_new_channel() and hv_uio_open() functions in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
262) Use-after-free (CVE-ID: CVE-2025-40044)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.
263) Input validation error (CVE-ID: CVE-2025-40043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_core_reset_ntf_packet(), nci_core_conn_credits_ntf_packet(), nci_core_generic_error_ntf_packet(), nci_core_conn_intf_error_ntf_packet(), nci_clear_target_list(), nci_rf_discover_ntf_packet(), nci_store_general_bytes_nfc_dep(), nci_rf_intf_activated_ntf_packet(), nci_rf_deactivate_ntf_packet(), nci_nfcee_discover_ntf_packet() and nci_ntf_packet() functions in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
264) NULL pointer dereference (CVE-ID: CVE-2025-40042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uprobe_dispatcher() and uretprobe_dispatcher() functions in kernel/trace/trace_uprobe.c. A local user can perform a denial of service (DoS) attack.
265) Improper error handling (CVE-ID: CVE-2025-40040)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rust/bindings/bindings_helper.h. A local user can perform a denial of service (DoS) attack.
266) Memory leak (CVE-ID: CVE-2025-40035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uinput_ff_upload_to_user() function in drivers/input/misc/uinput.c. A local user can perform a denial of service (DoS) attack.
267) NULL pointer dereference (CVE-ID: CVE-2025-40030)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pinmux_func_name_to_selector() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
268) NULL pointer dereference (CVE-ID: CVE-2025-40029)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fsl_mc_bus_probe() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
269) Improper locking (CVE-ID: CVE-2025-40027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the p9_fd_cancelled() function in net/9p/trans_fd.c. A local user can perform a denial of service (DoS) attack.
270) Resource management error (CVE-ID: CVE-2025-40026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the emulator_is_smm() and x86_emulate_instruction() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
271) Improper locking (CVE-ID: CVE-2025-40021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dyn_event_open() function in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.
272) Out-of-bounds read (CVE-ID: CVE-2025-40020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the peak_usb_update_ts_now() function in drivers/net/can/usb/peak_usb/pcan_usb_core.c. A local user can perform a denial of service (DoS) attack.
273) NULL pointer dereference (CVE-ID: CVE-2025-40011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the oaktrail_hdmi_teardown() function in drivers/gpu/drm/gma500/oaktrail_hdmi.c. A local user can perform a denial of service (DoS) attack.
274) Improper locking (CVE-ID: CVE-2025-40006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the remove_inode_single_folio() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
275) Use-after-free (CVE-ID: CVE-2025-40001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvs_free() function in drivers/scsi/mvsas/mv_init.c. A local user can escalate privileges on the system.
276) Buffer overflow (CVE-ID: CVE-2025-39998)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the target_lu_gp_members_show() function in drivers/target/target_core_configfs.c. A local user can escalate privileges on the system.
277) Use-after-free (CVE-ID: CVE-2025-39996)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the flexcop_pci_remove() function in drivers/media/pci/b2c2/flexcop-pci.c. A local user can escalate privileges on the system.
278) Use-after-free (CVE-ID: CVE-2025-39995)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can escalate privileges on the system.
279) Use-after-free (CVE-ID: CVE-2025-39994)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xc5000_release() function in drivers/media/tuners/xc5000.c. A local user can escalate privileges on the system.
280) Buffer overflow (CVE-ID: CVE-2025-39988)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/usb/etas_es58x/es58x_core.c. A local user can escalate privileges on the system.
281) Buffer overflow (CVE-ID: CVE-2025-39987)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.
282) Buffer overflow (CVE-ID: CVE-2025-39986)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/sun4i_can.c. A local user can escalate privileges on the system.
283) Buffer overflow (CVE-ID: CVE-2025-39985)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/usb/mcba_usb.c. A local user can escalate privileges on the system.
284) NULL pointer dereference (CVE-ID: CVE-2025-39980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the replace_nexthop_single() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
285) Input validation error (CVE-ID: CVE-2025-39973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_config_vsi_tx_queue() and i40e_config_vsi_rx_queue() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
286) Input validation error (CVE-ID: CVE-2025-39972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_validate_queue_map() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
287) Input validation error (CVE-ID: CVE-2025-39971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_vc_config_queues_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
288) Out-of-bounds read (CVE-ID: CVE-2025-39970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the i40e_validate_cloud_filter() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
289) Input validation error (CVE-ID: CVE-2025-39969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h. A local user can perform a denial of service (DoS) attack.
290) Buffer overflow (CVE-ID: CVE-2025-39968)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the i40e_vc_del_cloud_filter() and i40e_vc_add_cloud_filter() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can escalate privileges on the system.
291) Integer overflow (CVE-ID: CVE-2025-39967)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fbcon_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can execute arbitrary code.
292) Resource management error (CVE-ID: CVE-2025-39955)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_disconnect() function in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
293) Use-after-free (CVE-ID: CVE-2025-39953)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_PERCPU_RWSEM(), css_release_work_fn(), css_release(), css_create(), css_killed_ref_fn() and cgroup_wq_init() functions in kernel/cgroup/cgroup.c. A local user can escalate privileges on the system.
294) Use-after-free (CVE-ID: CVE-2025-39951)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_uml_probe() function in arch/um/drivers/virtio_uml.c. A local user can escalate privileges on the system.
295) Improper error handling (CVE-ID: CVE-2025-39949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qed_protection_override_dump() function in drivers/net/ethernet/qlogic/qed/qed_debug.c. A local user can perform a denial of service (DoS) attack.
296) Use-after-free (CVE-ID: CVE-2025-39945)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cnic_cm_stop_bnx2x_hw() function in drivers/net/ethernet/broadcom/cnic.c. A local user can escalate privileges on the system.
297) Out-of-bounds read (CVE-ID: CVE-2025-39943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the recv_done() function in fs/smb/server/transport_rdma.c. A local user can perform a denial of service (DoS) attack.
298) NULL pointer dereference (CVE-ID: CVE-2025-39937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfkill_gpio_acpi_probe() function in net/rfkill/rfkill-gpio.c. A local user can perform a denial of service (DoS) attack.
299) NULL pointer dereference (CVE-ID: CVE-2025-39934)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the anx7625_i2c_probe() function in drivers/gpu/drm/bridge/analogix/anx7625.c. A local user can perform a denial of service (DoS) attack.
300) Improper error handling (CVE-ID: CVE-2025-39923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bam_dma_probe() function in drivers/dma/qcom/bam_dma.c. A local user can perform a denial of service (DoS) attack.
301) Resource management error (CVE-ID: CVE-2025-39913)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_bpf_send_verdict() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
302) Resource management error (CVE-ID: CVE-2025-39911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_vsi_request_irq_msix() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
303) Out-of-bounds read (CVE-ID: CVE-2025-39907)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stm32_fmc2_nfc_xfer() and stm32_fmc2_nfc_dma_setup() functions in drivers/mtd/nand/raw/stm32_fmc2_nand.c. A local user can perform a denial of service (DoS) attack.
304) Improper locking (CVE-ID: CVE-2025-39885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_extent_map_get_blocks(), ocfs2_fiemap_inline() and ocfs2_fiemap() functions in fs/ocfs2/extent_map.c. A local user can perform a denial of service (DoS) attack.
305) Improper error handling (CVE-ID: CVE-2025-39883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
306) Input validation error (CVE-ID: CVE-2025-39880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the con_fault_finish() and clear_standby() functions in net/ceph/messenger.c. A local user can perform a denial of service (DoS) attack.
307) NULL pointer dereference (CVE-ID: CVE-2025-39876)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fec_enet_phy_reset_after_clk_enable() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
308) Use-after-free (CVE-ID: CVE-2025-39873)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xcan_write_frame() function in drivers/net/can/xilinx_can.c. A local user can escalate privileges on the system.
309) Out-of-bounds read (CVE-ID: CVE-2025-39869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the edma_setup_from_hw() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.
310) Use-after-free (CVE-ID: CVE-2025-38584)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), padata_find_next(), padata_do_serial(), padata_alloc_pd() and padata_free_shell() functions in kernel/padata.c. A local user can escalate privileges on the system.
311) Out-of-bounds read (CVE-ID: CVE-2025-38556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
312) Use-after-free (CVE-ID: CVE-2025-38248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_port_ctx_init() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
313) Use-after-free (CVE-ID: CVE-2025-38236)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() and unix_stream_recv_urg() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.
314) Use-after-free (CVE-ID: CVE-2025-38129)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the page_pool_ethtool_stats_get(), page_pool_return_page() and page_pool_scrub() functions in net/core/page_pool.c. A local user can escalate privileges on the system.
315) Use-after-free (CVE-ID: CVE-2025-38022)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ib_device_notify_register() and ib_register_device() functions in drivers/infiniband/core/device.c. A local user can escalate privileges on the system.
316) NULL pointer dereference (CVE-ID: CVE-2025-23143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_lock_init() and sk_prot_free() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
317) Use-after-free (CVE-ID: CVE-2025-22121)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_xattr_check_block(), __xattr_check_inode(), ext4_xattr_ibody_get(), ext4_xattr_ibody_list(), ext4_get_inode_usage(), ext4_xattr_ibody_find() and sizeof() functions in fs/ext4/xattr.c, within the ext4_iget_extra_inode() function in fs/ext4/inode.c. A local user can escalate privileges on the system.
318) Improper locking (CVE-ID: CVE-2025-22111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_write_iter(), brioctl_set(), br_ioctl_call(), sock_ioctl() and compat_sock_ioctl_trans() functions in net/socket.c, within the dev_ifsioc() and dev_ioctl() functions in net/core/dev_ioctl.c, within the old_deviceless() and br_ioctl_stub() functions in net/bridge/br_ioctl.c. A local user can perform a denial of service (DoS) attack.
319) Memory leak (CVE-ID: CVE-2025-22058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the udp_skb_has_head_state(), udp_rmem_release(), EXPORT_SYMBOL_GPL() and first_packet_length() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
320) Improper locking (CVE-ID: CVE-2025-22022)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/usb/host/xhci.h. A local user can perform a denial of service (DoS) attack.
321) Resource management error (CVE-ID: CVE-2025-21861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the migrate_device_finalize() function in mm/migrate_device.c. A local user can perform a denial of service (DoS) attack.
322) Buffer overflow (CVE-ID: CVE-2025-21780)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the smu_sys_set_pp_table() function in drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c. A local user can escalate privileges on the system.
323) NULL pointer dereference (CVE-ID: CVE-2024-58011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the skl_int3472_tps68470_probe() function in drivers/platform/x86/intel/int3472/tps68470.c, within the skl_int3472_discrete_probe() function in drivers/platform/x86/intel/int3472/discrete.c. A local user can perform a denial of service (DoS) attack.
324) Use-after-free (CVE-ID: CVE-2024-56538)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zynqmp_dpsub_drm_cleanup() function in drivers/gpu/drm/xlnx/zynqmp_kms.c. A local user can escalate privileges on the system.
325) Input validation error (CVE-ID: CVE-2024-53114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
326) Input validation error (CVE-ID: CVE-2024-49968)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
327) Improper locking (CVE-ID: CVE-2024-47666)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pm8001_phy_control() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.
328) Improper locking (CVE-ID: CVE-2024-46830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
329) Out-of-bounds read (CVE-ID: CVE-2024-41014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
330) Race condition (CVE-ID: CVE-2024-37354)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
331) Use of uninitialized resource (CVE-ID: CVE-2024-36927)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the raw_sendmsg() function in net/ipv4/raw.c, within the __ip_make_skb() function in net/ipv4/ip_output.c. A local user can perform a denial of service (DoS) attack.
332) Use of uninitialized resource (CVE-ID: CVE-2024-36903)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __ip6_make_skb() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
333) Buffer overflow (CVE-ID: CVE-2022-49635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pot_hole() function in drivers/gpu/drm/i915/selftests/i915_gem_gtt.c. A local user can perform a denial of service (DoS) attack.
334) Use-after-free (CVE-ID: CVE-2022-49465)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the block/blk-throttle.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.