SB20260407109 - Ubuntu update for linux-oem-6.17
Published: April 7, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 186 secuirty vulnerabilities.
1) Insufficient Entropy (CVE-ID: CVE-2025-62626)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient entropy in Zen 5 processors, which causes the RDSEED instruction to return 0 at a rate inconsistent with randomness while incorrectly signaling success (CF=1), indicating a potential misclassification of failure as success. A local user can escalate privileges on the system.
2) Improper Access Control (CVE-ID: CVE-2026-23268)
The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.
The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.
The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.
3) Out-of-bounds read (CVE-ID: CVE-2026-23269)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the AppArmor subsystem's DFA state table validation when processing untrusted policy data. A local user can provide a specially crafted AppArmor policy with an out-of-bounds start state to trigger an out-of-bounds read during policy unpacking.
Exploitation requires the ability to load or modify AppArmor policies, which typically requires privileged access. The out-of-bounds read may expose contents of kernel memory.
4) Memory leak (CVE-ID: CVE-2026-23403)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper memory management in the AppArmor subsystem when processing multiple profiles during profile unpacking. A local user can provide specially crafted profile data to cause a memory leak, leading to resource exhaustion.
Exploitation requires the ability to load AppArmor profiles, which is restricted to users with appropriate privileges.
5) Uncontrolled Recursion (CVE-ID: CVE-2026-23404)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to improper input validation in AppArmor profile removal functionality when handling deeply nested profiles. A local attacker can send a specially crafted request to cause a denial of service.
Exploitation requires the ability to load AppArmor profiles and trigger their removal, which is typically available to unprivileged users on systems where AppArmor is enabled.
6) Resource exhaustion (CVE-ID: CVE-2026-23405)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource management in the AppArmor policy namespace subsystem when creating nested policy namespaces. A local user can create deeply nested policy namespaces to cause a denial of service.
Exploitation requires the ability to create AppArmor policy namespaces, which is available to unprivileged users in a user namespace.
7) Out-of-bounds write (CVE-ID: CVE-2026-23406)
The vulnerability allows a local user to cause a denial of service or potentially execute arbitrary code.
The vulnerability exists due to improper pointer arithmetic in the AppArmor match_char() macro within the Linux kernel's DFA matching logic when processing path permissions during file open operations. A local user can provide a specially crafted file access request that triggers differential encoding chain traversal with a post-incremented string pointer, causing the pointer to advance multiple times per iteration and resulting in out-of-bounds memory reads. This can lead to kernel memory corruption and system instability.
The vulnerability is exploitable during AppArmor policy enforcement when opening files, and may allow privilege escalation or system crash.
8) Out-of-bounds write (CVE-ID: CVE-2026-23407)
The vulnerability allows a local user to execute arbitrary code or cause a denial of service.
The vulnerability exists due to improper bounds checking in the AppArmor verify_dfa() function when parsing a malformed DFA policy. A local user can provide a specially crafted AppArmor policy with differential encoding that triggers out-of-bounds memory access to execute arbitrary code or crash the kernel.
Successful exploitation requires the ability to load a malicious AppArmor profile, which requires user privileges but no special administrative rights beyond those needed to manage AppArmor policies.
9) Double free (CVE-ID: CVE-2026-23408)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a double free in the AppArmor profile replacement component when processing user-supplied profile data. A local user can send a specially crafted request to cause a denial of service.
10) Resource exhaustion (CVE-ID: CVE-2026-23409)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in AppArmor's differential encoding verification when processing encoded profile data. A local user can provide a specially crafted differential-encoded profile that creates loops in the chain to cause a denial of service.
Successful exploitation requires the ability to load AppArmor profiles, which is restricted to privileged users. However, since no additional authentication beyond standard system privileges is required, the attacker capability is considered as a local user with low privileges in the context of the vulnerability.
11) Use-after-free (CVE-ID: CVE-2026-23410)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a use-after-free in AppArmor rawdata inode handling when opening rawdata files while simultaneously removing the corresponding profile. A local attacker can trigger a race condition to access freed memory and cause a denial of service.
12) Race condition (CVE-ID: CVE-2026-23411)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a race condition in the AppArmor i_private data management when accessing filesystem callback functions after reference removal. A local attacker can trigger a use-after-free condition by exploiting the race between freeing data and filesystem access to trigger a denial of service.
The issue arises when the inode persists beyond AppArmor data cleanup and filesystem callbacks are invoked after the reference has been released. This race condition primarily affects data stored in i_private, including rawdata/loaddata interfaces.
13) Use-after-free (CVE-ID: CVE-2026-23111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_map_catchall_activate() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
14) Use-after-free (CVE-ID: CVE-2026-23074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.
15) NULL pointer dereference (CVE-ID: CVE-2026-23060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.
16) Use of uninitialized resource (CVE-ID: CVE-2025-71128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c. A local user can perform a denial of service (DoS) attack.
17) Out-of-bounds read (CVE-ID: CVE-2025-68766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mchp_eic_domain_alloc() function in drivers/irqchip/irq-mchp-eic.c. A local user can perform a denial of service (DoS) attack.
18) Memory leak (CVE-ID: CVE-2025-68765)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mt7615_mcu_wtbl_sta_add() function in drivers/net/wireless/mediatek/mt76/mt7615/mcu.c. A local user can perform a denial of service (DoS) attack.
19) Improper locking (CVE-ID: CVE-2025-68764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_get_tree_common() function in fs/nfs/super.c. A local user can perform a denial of service (DoS) attack.
20) Improper error handling (CVE-ID: CVE-2025-68763)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the starfive_hash_digest() function in drivers/crypto/starfive/jh7110-hash.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-68762)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __netpoll_setup() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2025-68760)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iommu_mmio_write() function in drivers/iommu/amd/debugfs.c. A local user can perform a denial of service (DoS) attack.
23) Memory leak (CVE-ID: CVE-2025-68759)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtl8180_init_rx_ring() and rtl8180_start() functions in drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c. A local user can perform a denial of service (DoS) attack.
24) NULL pointer dereference (CVE-ID: CVE-2025-68758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the led_bl_probe() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.
25) Improper locking (CVE-ID: CVE-2025-68757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vgem_fence_create() function in drivers/gpu/drm/vgem/vgem_fence.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2025-68756)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blk_mq_quiesce_tagset(), blk_mq_unquiesce_tagset(), blk_mq_del_queue_tag_set() and blk_mq_add_queue_tag_set() functions in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
27) NULL pointer dereference (CVE-ID: CVE-2025-68755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the function in drivers/staging/most/i2c/i2c.c. A local user can perform a denial of service (DoS) attack.
28) Double free (CVE-ID: CVE-2025-68754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the aml_rtc_probe() and SIMPLE_DEV_PM_OPS() functions in drivers/rtc/rtc-amlogic-a4.c. A local user can perform a denial of service (DoS) attack.
29) Buffer overflow (CVE-ID: CVE-2025-68753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hwdep_read() function in sound/firewire/motu/motu-hwdep.c. A local user can escalate privileges on the system.
30) NULL pointer dereference (CVE-ID: CVE-2025-68752)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iavf_ptp_gettimex64() and iavf_ptp_register_clock() functions in drivers/net/ethernet/intel/iavf/iavf_ptp.c. A local user can perform a denial of service (DoS) attack.
31) Use of uninitialized resource (CVE-ID: CVE-2025-68751)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the arch/s390/include/asm/fpu-insn.h. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2025-68749)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ivpu_gem_bo_free() function in drivers/accel/ivpu/ivpu_gem.c. A local user can escalate privileges on the system.
33) Use-after-free (CVE-ID: CVE-2025-68748)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panthor_sched_unplug() function in drivers/gpu/drm/panthor/panthor_sched.c. A local user can escalate privileges on the system.
34) Use-after-free (CVE-ID: CVE-2025-68747)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panthor_gem_free_object() function in drivers/gpu/drm/panthor/panthor_gem.c. A local user can escalate privileges on the system.
35) Improper error handling (CVE-ID: CVE-2025-68746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tegra_qspi_handle_error(), tegra_qspi_combined_seq_xfer(), tegra_qspi_non_combined_seq_xfer(), handle_cpu_based_xfer() and tegra_qspi_isr_thread() functions in drivers/spi/spi-tegra210-quad.c. A local user can perform a denial of service (DoS) attack.
36) Use-after-free (CVE-ID: CVE-2025-68744)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the free_htab_elem() function in kernel/bpf/hashtab.c. A local user can escalate privileges on the system.
37) Resource management error (CVE-ID: CVE-2025-68743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mshv_partition_region_by_gfn() and mshv_partition_create_region() functions in drivers/hv/mshv_root_main.c. A local user can perform a denial of service (DoS) attack.
38) Resource management error (CVE-ID: CVE-2025-68742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_prog_inc_misses_counter() function in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.
39) Use-after-free (CVE-ID: CVE-2025-68741)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla2xxx_process_purls_iocb() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can escalate privileges on the system.
40) Improper error handling (CVE-ID: CVE-2025-68740)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ima_match_rules() function in security/integrity/ima/ima_policy.c. A local user can perform a denial of service (DoS) attack.
41) Use-after-free (CVE-ID: CVE-2025-68739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hisi_uncore_target() function in drivers/devfreq/hisi_uncore_freq.c. A local user can escalate privileges on the system.
42) NULL pointer dereference (CVE-ID: CVE-2025-68738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h. A local user can perform a denial of service (DoS) attack.
43) Use-after-free (CVE-ID: CVE-2025-68735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panthor_fdinfo_gather_group_samples(), panthor_group_create(), panthor_group_destroy() and panthor_fdinfo_gather_group_mem_info() functions in drivers/gpu/drm/panthor/panthor_sched.c. A local user can escalate privileges on the system.
44) Resource management error (CVE-ID: CVE-2025-68733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_setattr() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.
45) Improper locking (CVE-ID: CVE-2025-68732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the syncpt_release() and host1x_syncpt_put() functions in drivers/gpu/host1x/syncpt.c. A local user can perform a denial of service (DoS) attack.
46) Input validation error (CVE-ID: CVE-2025-68730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ivpu_bo_unbind_all_bos_from_context(), ivpu_gem_create_object(), ivpu_gem_prime_import() and ivpu_bo_alloc() functions in drivers/accel/ivpu/ivpu_gem.c. A local user can perform a denial of service (DoS) attack.
47) Memory leak (CVE-ID: CVE-2025-68729)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_hal_desc_reo_parse_err() function in drivers/net/wireless/ath/ath12k/hal_rx.c. A local user can perform a denial of service (DoS) attack.
48) Buffer overflow (CVE-ID: CVE-2025-68728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_get_bh() function in fs/ntfs3/fsntfs.c. A local user can perform a denial of service (DoS) attack.
49) Buffer overflow (CVE-ID: CVE-2025-68727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_link_inode() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
50) Buffer overflow (CVE-ID: CVE-2025-68726)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the crypto_aead_init_tfm() function in crypto/aead.c. A local user can escalate privileges on the system.
51) Integer overflow (CVE-ID: CVE-2025-68724)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the asymmetric_key_generate_id() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can execute arbitrary code.
52) Resource management error (CVE-ID: CVE-2025-68380)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_wmi_send_peer_assoc_cmd() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can perform a denial of service (DoS) attack.
53) NULL pointer dereference (CVE-ID: CVE-2025-68379)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rxe_srq_from_attr() function in drivers/infiniband/sw/rxe/rxe_srq.c. A local user can perform a denial of service (DoS) attack.
54) Out-of-bounds read (CVE-ID: CVE-2025-68378)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __bpf_get_stackid() and BPF_CALL_3() functions in kernel/bpf/stackmap.c. A local user can perform a denial of service (DoS) attack.
55) Use-after-free (CVE-ID: CVE-2025-68376)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tmc_etr_get_sysfs_buffer() function in drivers/hwtracing/coresight/coresight-tmc-etr.c. A local user can escalate privileges on the system.
56) NULL pointer dereference (CVE-ID: CVE-2025-68375)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the x86_pmu_enable(), x86_pmu_start(), x86_pmu_stop() and x86_pmu_del() functions in arch/x86/events/core.c. A local user can perform a denial of service (DoS) attack.
57) Use-after-free (CVE-ID: CVE-2025-68374)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/md/md.h. A local user can escalate privileges on the system.
58) Use-after-free (CVE-ID: CVE-2025-68373)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/md/md.h. A local user can escalate privileges on the system.
59) Use-after-free (CVE-ID: CVE-2025-68372)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the recv_work() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
60) Use-after-free (CVE-ID: CVE-2025-68371)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pqi_device_reset() and pqi_sdev_destroy() functions in drivers/scsi/smartpqi/smartpqi_init.c. A local user can escalate privileges on the system.
61) Resource management error (CVE-ID: CVE-2025-68370)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/coresight.h. A local user can perform a denial of service (DoS) attack.
62) Improper locking (CVE-ID: CVE-2025-68369)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_read_mft() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
63) Improper locking (CVE-ID: CVE-2025-68367)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mac_hid_toggle_emumouse() function in drivers/macintosh/mac_hid.c. A local user can perform a denial of service (DoS) attack.
64) Use-after-free (CVE-ID: CVE-2025-68366)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_genl_connect() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
65) Input validation error (CVE-ID: CVE-2025-68364)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __ocfs2_move_extent() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
66) Resource management error (CVE-ID: CVE-2025-68363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_5() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
67) Integer underflow (CVE-ID: CVE-2025-68362)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the rtl8187_rx_cb() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can execute arbitrary code.
68) Stack-based buffer overflow (CVE-ID: CVE-2025-68361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the erofs_fc_fill_super() function in fs/erofs/super.c. A local user can perform a denial of service (DoS) attack.
69) Resource management error (CVE-ID: CVE-2025-68360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/soc/mediatek/mtk_wed.h. A local user can perform a denial of service (DoS) attack.
70) Use-after-free (CVE-ID: CVE-2025-68359)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the init_delayed_ref_head(), add_delayed_ref_head() and add_delayed_ref() functions in fs/btrfs/delayed-ref.c. A local user can escalate privileges on the system.
71) Improper locking (CVE-ID: CVE-2025-68358)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/btrfs/space-info.h. A local user can perform a denial of service (DoS) attack.
72) Improper locking (CVE-ID: CVE-2025-68356)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gfs2_fill_super() function in fs/gfs2/ops_fstype.c. A local user can perform a denial of service (DoS) attack.
73) Use-after-free (CVE-ID: CVE-2025-68354)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the regulator_supply_alias(), regulator_register_supply_alias() and regulator_unregister_supply_alias() functions in drivers/regulator/core.c. A local user can escalate privileges on the system.
74) Out-of-bounds read (CVE-ID: CVE-2025-68352)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ch341_transfer_one() function in drivers/spi/spi-ch341.c. A local user can perform a denial of service (DoS) attack.
75) Buffer overflow (CVE-ID: CVE-2025-68349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pnfs_mark_layout_stateid_invalid() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
76) Memory leak (CVE-ID: CVE-2025-68348)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __blkdev_issue_zero_pages() function in block/blk-lib.c. A local user can perform a denial of service (DoS) attack.
77) Buffer overflow (CVE-ID: CVE-2025-68347)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hwdep_read() function in sound/firewire/motu/motu-hwdep.c. A local user can escalate privileges on the system.
78) Out-of-bounds read (CVE-ID: CVE-2025-68346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detect_stream_formats() function in sound/firewire/dice/dice-extension.c. A local user can perform a denial of service (DoS) attack.
79) NULL pointer dereference (CVE-ID: CVE-2025-68345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cs35l41_hda_read_acpi() function in sound/hda/codecs/side-codecs/cs35l41_hda.c. A local user can perform a denial of service (DoS) attack.
80) Input validation error (CVE-ID: CVE-2025-68344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in sound/isa/wavefront/wavefront_synth.c. A local user can perform a denial of service (DoS) attack.
81) NULL pointer dereference (CVE-ID: CVE-2025-68343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gs_usb_receive_bulk_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
82) Input validation error (CVE-ID: CVE-2025-68342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gs_usb_get_echo_skb() and gs_usb_receive_bulk_callback() functions in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
83) Use of uninitialized resource (CVE-ID: CVE-2025-68341)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the veth_poll() function in drivers/net/veth.c. A local user can perform a denial of service (DoS) attack.
84) Resource management error (CVE-ID: CVE-2025-68340)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the team_port_add() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
85) Improper locking (CVE-ID: CVE-2025-68339)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fore200e_open() function in drivers/atm/fore200e.c. A local user can perform a denial of service (DoS) attack.
86) Use of uninitialized resource (CVE-ID: CVE-2025-68338)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ksz_setup() function in drivers/net/dsa/microchip/ksz_common.c. A local user can perform a denial of service (DoS) attack.
87) Reachable assertion (CVE-ID: CVE-2025-68337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the jbd2_journal_get_create_access() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
88) Improper locking (CVE-ID: CVE-2025-68336)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_raw_read_unlock() function in kernel/locking/spinlock_debug.c. A local user can perform a denial of service (DoS) attack.
89) NULL pointer dereference (CVE-ID: CVE-2025-68335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcl818_detach() function in drivers/comedi/drivers/pcl818.c. A local user can perform a denial of service (DoS) attack.
90) Resource management error (CVE-ID: CVE-2025-68334)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/platform/x86/amd/pmc/pmc.h. A local user can perform a denial of service (DoS) attack.
91) Improper locking (CVE-ID: CVE-2025-68333)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_sched_ext_class() function in kernel/sched/ext.c. A local user can perform a denial of service (DoS) attack.
92) Resource management error (CVE-ID: CVE-2025-68332)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the c6xdigio_attach() function in drivers/comedi/drivers/c6xdigio.c. A local user can perform a denial of service (DoS) attack.
93) Use-after-free (CVE-ID: CVE-2025-68331)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uas_queuecommand_lck() function in drivers/usb/storage/uas.c. A local user can escalate privileges on the system.
94) NULL pointer dereference (CVE-ID: CVE-2025-68330)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/iio/accel/bmc150-accel.h. A local user can perform a denial of service (DoS) attack.
95) Buffer overflow (CVE-ID: CVE-2025-68329)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tracing_buffers_mmap_close() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
96) Resource management error (CVE-ID: CVE-2025-68328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stratix10_svc_drv_probe() function in drivers/firmware/stratix10-svc.c. A local user can perform a denial of service (DoS) attack.
97) Resource management error (CVE-ID: CVE-2025-68327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2025-68326)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xe_guc_ct_init_noalloc() function in drivers/gpu/drm/xe/xe_guc_ct.c. A local user can perform a denial of service (DoS) attack.
99) NULL pointer dereference (CVE-ID: CVE-2025-68325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cake_drop(), cake_reconfigure() and cake_enqueue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
100) Use-after-free (CVE-ID: CVE-2025-68324)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the imm_detach() function in drivers/scsi/imm.c. A local user can escalate privileges on the system.
101) Use-after-free (CVE-ID: CVE-2025-68323)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gaokun_ucsi_remove() function in drivers/usb/typec/ucsi/ucsi_huawei_gaokun.c. A local user can escalate privileges on the system.
102) Buffer overflow (CVE-ID: CVE-2025-68308)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvaser_usb_leaf_wait_cmd() and kvaser_usb_leaf_read_bulk_callback() functions in drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c. A local user can escalate privileges on the system.
103) Improper locking (CVE-ID: CVE-2025-68307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gs_usb_xmit_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
104) NULL pointer dereference (CVE-ID: CVE-2025-68306)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/bluetooth/hci_core.h. A local user can perform a denial of service (DoS) attack.
105) Use-after-free (CVE-ID: CVE-2025-68305)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_sock_bind() function in net/bluetooth/hci_sock.c. A local user can escalate privileges on the system.
106) Use-after-free (CVE-ID: CVE-2025-68304)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sco_disconn_cfm() function in net/bluetooth/sco.c. A local user can escalate privileges on the system.
107) Buffer overflow (CVE-ID: CVE-2025-68303)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the intel_punit_ipc_probe() function in drivers/platform/x86/intel/punit_ipc.c. A local user can escalate privileges on the system.
108) NULL pointer dereference (CVE-ID: CVE-2025-68302)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sxgbe_rx() function in drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c. A local user can perform a denial of service (DoS) attack.
109) Out-of-bounds read (CVE-ID: CVE-2025-68301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aq_ring_rx_clean() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c. A local user can perform a denial of service (DoS) attack.
110) Memory leak (CVE-ID: CVE-2025-68300)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the grab_requested_mnt_ns() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
111) Improper error handling (CVE-ID: CVE-2025-68299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the afs_request_key_rcu() and afs_permission() functions in fs/afs/security.c. A local user can perform a denial of service (DoS) attack.
112) NULL pointer dereference (CVE-ID: CVE-2025-68298)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btusb_mtk_claim_iso_intf() function in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.
113) Improper locking (CVE-ID: CVE-2025-68297)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the decrypt_control_remainder() and process_v2_sparse_read() functions in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
114) Out-of-bounds read (CVE-ID: CVE-2025-68296)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fbcon_fb_unregistered() and do_fb_registered() functions in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
115) Memory leak (CVE-ID: CVE-2025-68295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_construct_tcon() function in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
116) Buffer overflow (CVE-ID: CVE-2025-68294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_sendmsg_zc() function in io_uring/net.c. A local user can perform a denial of service (DoS) attack.
117) NULL pointer dereference (CVE-ID: CVE-2025-68293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the split_huge_page_to_list_to_order() function in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
118) Memory leak (CVE-ID: CVE-2025-68292)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the memfd_alloc_folio() function in mm/memfd.c. A local user can perform a denial of service (DoS) attack.
119) Use-after-free (CVE-ID: CVE-2025-68290)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdm_probe() function in drivers/most/most_usb.c. A local user can escalate privileges on the system.
120) Memory leak (CVE-ID: CVE-2025-68289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_unwrap() function in drivers/usb/gadget/function/f_eem.c. A local user can perform a denial of service (DoS) attack.
121) Memory leak (CVE-ID: CVE-2025-68288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_stor_Bulk_transport() function in drivers/usb/storage/transport.c. A local user can perform a denial of service (DoS) attack.
122) Use-after-free (CVE-ID: CVE-2025-68287)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dwc3_gadget_giveback() function in drivers/usb/dwc3/gadget.c. A local user can escalate privileges on the system.
123) NULL pointer dereference (CVE-ID: CVE-2025-68286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_scanoutpos() function in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
124) Use-after-free (CVE-ID: CVE-2025-68285)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the monmap_show() and osdmap_show() functions in net/ceph/debugfs.c. A local user can escalate privileges on the system.
125) Out-of-bounds read (CVE-ID: CVE-2025-68284)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_auth_session_key() function in net/ceph/auth_x.c. A local user can perform a denial of service (DoS) attack.
126) Buffer overflow (CVE-ID: CVE-2025-68283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the decode_new_primary_temp(), ceph_get_primary_affinity(), decode_new_primary_affinity() and decode_new_up_state_weight() functions in net/ceph/osdmap.c. A local user can escalate privileges on the system.
127) Use-after-free (CVE-ID: CVE-2025-68282)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/usb/gadget.h. A local user can escalate privileges on the system.
128) Resource management error (CVE-ID: CVE-2025-68281)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the find_sdca_entity_control() function in sound/soc/sdca/sdca_functions.c. A local user can perform a denial of service (DoS) attack.
129) Buffer overflow (CVE-ID: CVE-2025-68266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bfs_iget() function in fs/bfs/inode.c. A local user can perform a denial of service (DoS) attack.
130) Use-after-free (CVE-ID: CVE-2025-68265)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_remove_admin_tag_set() and nvme_free_ctrl() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
131) Improper locking (CVE-ID: CVE-2025-68264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
132) Use-after-free (CVE-ID: CVE-2025-68263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipc_msg_send_request() function in fs/smb/server/transport_ipc.c. A local user can escalate privileges on the system.
133) Double free (CVE-ID: CVE-2025-68262)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the zstd_init() and zstd_mod_init() functions in crypto/zstd.c. A local user can perform a denial of service (DoS) attack.
134) Reachable assertion (CVE-ID: CVE-2025-68261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ext4_destroy_inline_data_nolock() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
135) Resource management error (CVE-ID: CVE-2025-68259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the is_vmware_backdoor_opcode() and x86_emulate_instruction() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
136) Improper locking (CVE-ID: CVE-2025-68258)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the multiq3_attach() function in drivers/comedi/drivers/multiq3.c. A local user can perform a denial of service (DoS) attack.
137) NULL pointer dereference (CVE-ID: CVE-2025-68257)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the compat_chaninfo(), compat_rangeinfo(), compat_cmd(), compat_cmdtest(), compat_insnlist() and compat_insn() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
138) Out-of-bounds read (CVE-ID: CVE-2025-68256)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_get_ie() function in drivers/staging/rtl8723bs/core/rtw_ieee80211.c. A local user can perform a denial of service (DoS) attack.
139) Buffer overflow (CVE-ID: CVE-2025-68255)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the OnAssocReq() function in drivers/staging/rtl8723bs/core/rtw_mlme_ext.c. A local user can escalate privileges on the system.
140) Out-of-bounds read (CVE-ID: CVE-2025-68254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the OnBeacon() function in drivers/staging/rtl8723bs/core/rtw_mlme_ext.c. A local user can perform a denial of service (DoS) attack.
141) NULL pointer dereference (CVE-ID: CVE-2025-68238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cadence_nand_irq_cleanup() and cadence_nand_init() functions in drivers/mtd/nand/raw/cadence-nand-controller.c. A local user can perform a denial of service (DoS) attack.
142) Integer overflow (CVE-ID: CVE-2025-68237)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the mtdchar_write_ioctl() and mtdchar_read_ioctl() functions in drivers/mtd/mtdchar.c. A local user can execute arbitrary code.
143) Improper locking (CVE-ID: CVE-2025-68236)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufs_qcom_suspend() function in drivers/ufs/host/ufs-qcom.c. A local user can perform a denial of service (DoS) attack.
144) Memory leak (CVE-ID: CVE-2025-68235)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvkm_falcon_fw_dtor() function in drivers/gpu/drm/nouveau/nvkm/falcon/fw.c. A local user can perform a denial of service (DoS) attack.
145) Input validation error (CVE-ID: CVE-2025-68234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_uring_cmd_timestamp() function in io_uring/cmd_net.c. A local user can perform a denial of service (DoS) attack.
146) Memory leak (CVE-ID: CVE-2025-68233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tegra_drm_ioctl_channel_open() function in drivers/gpu/drm/tegra/uapi.c. A local user can perform a denial of service (DoS) attack.
147) Improper locking (CVE-ID: CVE-2025-68232)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the veth_xmit(), veth_xdp_rcv() and veth_poll() functions in drivers/net/veth.c. A local user can perform a denial of service (DoS) attack.
148) Infinite loop (CVE-ID: CVE-2025-68231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the check_element() and poison_element() functions in mm/mempool.c. A local user can perform a denial of service (DoS) attack.
149) Out-of-bounds read (CVE-ID: CVE-2025-68230)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gfx_v9_4_3_cp_resume() function in drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c. A local user can perform a denial of service (DoS) attack.
150) NULL pointer dereference (CVE-ID: CVE-2025-68229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_loop_tpg_address_show() function in drivers/target/loopback/tcm_loop.c. A local user can perform a denial of service (DoS) attack.
151) NULL pointer dereference (CVE-ID: CVE-2025-68228)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the create_in_format_blob() function in drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
152) Resource management error (CVE-ID: CVE-2025-68227)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_wnd_end() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
153) Use of uninitialized resource (CVE-ID: CVE-2025-68225)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the kho_test_init() function in lib/test_kho.c. A local user can perform a denial of service (DoS) attack.
154) Improper locking (CVE-ID: CVE-2025-68223)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the radeon_fence_is_signaled() function in drivers/gpu/drm/radeon/radeon_fence.c. A local user can perform a denial of service (DoS) attack.
155) Use of uninitialized resource (CVE-ID: CVE-2025-68222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the s32_pinctrl_probe() function in drivers/pinctrl/nxp/pinctrl-s32cc.c. A local user can perform a denial of service (DoS) attack.
156) Resource management error (CVE-ID: CVE-2025-68221)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_add_addr_received() function in net/mptcp/pm_kernel.c. A local user can perform a denial of service (DoS) attack.
157) Improper error handling (CVE-ID: CVE-2025-68220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the of_channel_match_helper() and knav_dma_open_channel() functions in drivers/soc/ti/knav_dma.c. A local user can perform a denial of service (DoS) attack.
158) Memory leak (CVE-ID: CVE-2025-68219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
159) Improper locking (CVE-ID: CVE-2025-68218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_mpath_set_live() function in drivers/nvme/host/multipath.c. A local user can perform a denial of service (DoS) attack.
160) Out-of-bounds read (CVE-ID: CVE-2025-68217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pegasus_probe() function in drivers/input/tablet/pegasus_notetaker.c. A local user can perform a denial of service (DoS) attack.
161) Use of uninitialized resource (CVE-ID: CVE-2025-68215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ice_ptp_init() function in drivers/net/ethernet/intel/ice/ice_ptp.c. A local user can perform a denial of service (DoS) attack.
162) NULL pointer dereference (CVE-ID: CVE-2025-68214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __try_to_del_timer_sync() function in kernel/time/timer.c. A local user can perform a denial of service (DoS) attack.
163) NULL pointer dereference (CVE-ID: CVE-2025-68213)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_remove() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2025-68212)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the statmount_string() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
165) Out-of-bounds read (CVE-ID: CVE-2025-40345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sddr55_write_data() function in drivers/usb/storage/sddr55.c. A local user can perform a denial of service (DoS) attack.
166) NULL pointer dereference (CVE-ID: CVE-2025-40290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xsk_cq_reserve_locked(), xsk_cq_cancel_locked(), xsk_destruct_skb(), xsk_build_skb_zerocopy(), xsk_build_skb() and xsk_init() functions in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
167) Out-of-bounds read (CVE-ID: CVE-2025-40266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __do_ffa_mem_xfer() function in arch/arm64/kvm/hyp/nvhe/ffa.c. A local user can perform a denial of service (DoS) attack.
168) Improper error handling (CVE-ID: CVE-2025-40265)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fat_fill_super() function in fs/fat/inode.c. A local user can perform a denial of service (DoS) attack.
169) NULL pointer dereference (CVE-ID: CVE-2025-40264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_xmit_flush(), be_send_pkt_to_bmc() and be_xmit() functions in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
170) Improper locking (CVE-ID: CVE-2025-40263)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cros_ec_keyb_work() function in drivers/input/keyboard/cros_ec_keyb.c. A local user can perform a denial of service (DoS) attack.
171) Buffer overflow (CVE-ID: CVE-2025-40262)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the imx_sc_key_probe() function in drivers/input/keyboard/imx_sc_key.c. A local user can escalate privileges on the system.
172) Improper locking (CVE-ID: CVE-2025-40261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_delete_ctrl() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
173) NULL pointer dereference (CVE-ID: CVE-2025-40260)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scx_alloc_and_add_sched() function in kernel/sched/ext.c. A local user can perform a denial of service (DoS) attack.
174) Input validation error (CVE-ID: CVE-2025-40259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sg_remove_sfp_usercontext() function in drivers/scsi/sg.c. A local user can perform a denial of service (DoS) attack.
175) Use-after-free (CVE-ID: CVE-2025-40258)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_reset_rtx_timer() function in net/mptcp/protocol.c. A local user can escalate privileges on the system.
176) Use-after-free (CVE-ID: CVE-2025-40257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_remove_anno_list_by_saddr(), mptcp_pm_del_add_timer() and mptcp_pm_free_anno_list() functions in net/mptcp/pm.c. A local user can escalate privileges on the system.
177) NULL pointer dereference (CVE-ID: CVE-2025-40255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the generic_hwtstamp_ioctl_lower() function in net/core/dev_ioctl.c. A local user can perform a denial of service (DoS) attack.
178) NULL pointer dereference (CVE-ID: CVE-2025-40254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the net/openvswitch/flow_netlink.h. A local user can perform a denial of service (DoS) attack.
179) Input validation error (CVE-ID: CVE-2025-40253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mpc_rcvd_sweep_req() function in drivers/s390/net/ctcm_mpc.c. A local user can perform a denial of service (DoS) attack.
180) Out-of-bounds read (CVE-ID: CVE-2025-40252)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qede_tpa_cont() and qede_tpa_end() functions in drivers/net/ethernet/qlogic/qede/qede_fp.c. A local user can perform a denial of service (DoS) attack.
181) Memory leak (CVE-ID: CVE-2025-40251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devl_rate_nodes_destroy() function in net/devlink/rate.c. A local user can perform a denial of service (DoS) attack.
182) Input validation error (CVE-ID: CVE-2025-40250)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_irq_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c. A local user can perform a denial of service (DoS) attack.
183) Use-after-free (CVE-ID: CVE-2025-40249)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lineinfo_changed_notify() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.
184) Use-after-free (CVE-ID: CVE-2025-40248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vsock_connect() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
185) NULL pointer dereference (CVE-ID: CVE-2025-40247)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_iommu_pagetable_prealloc_allocate() and msm_iommu_pagetable_prealloc_cleanup() functions in drivers/gpu/drm/msm/msm_iommu.c. A local user can perform a denial of service (DoS) attack.
186) Out-of-bounds read (CVE-ID: CVE-2025-40246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xrep_symlink_salvage_inline() function in fs/xfs/scrub/symlink_repair.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.