SB2026041087 - Ubuntu update for linux-azure-fips
Published: April 10, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 438 secuirty vulnerabilities.
1) Improper Access Control (CVE-ID: CVE-2026-23268)
The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.
The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.
The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.
2) Out-of-bounds read (CVE-ID: CVE-2026-23269)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the AppArmor subsystem's DFA state table validation when processing untrusted policy data. A local user can provide a specially crafted AppArmor policy with an out-of-bounds start state to trigger an out-of-bounds read during policy unpacking.
Exploitation requires the ability to load or modify AppArmor policies, which typically requires privileged access. The out-of-bounds read may expose contents of kernel memory.
3) Memory leak (CVE-ID: CVE-2026-23403)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper memory management in the AppArmor subsystem when processing multiple profiles during profile unpacking. A local user can provide specially crafted profile data to cause a memory leak, leading to resource exhaustion.
Exploitation requires the ability to load AppArmor profiles, which is restricted to users with appropriate privileges.
4) Uncontrolled Recursion (CVE-ID: CVE-2026-23404)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to improper input validation in AppArmor profile removal functionality when handling deeply nested profiles. A local attacker can send a specially crafted request to cause a denial of service.
Exploitation requires the ability to load AppArmor profiles and trigger their removal, which is typically available to unprivileged users on systems where AppArmor is enabled.
5) Resource exhaustion (CVE-ID: CVE-2026-23405)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource management in the AppArmor policy namespace subsystem when creating nested policy namespaces. A local user can create deeply nested policy namespaces to cause a denial of service.
Exploitation requires the ability to create AppArmor policy namespaces, which is available to unprivileged users in a user namespace.
6) Out-of-bounds write (CVE-ID: CVE-2026-23406)
The vulnerability allows a local user to cause a denial of service or potentially execute arbitrary code.
The vulnerability exists due to improper pointer arithmetic in the AppArmor match_char() macro within the Linux kernel's DFA matching logic when processing path permissions during file open operations. A local user can provide a specially crafted file access request that triggers differential encoding chain traversal with a post-incremented string pointer, causing the pointer to advance multiple times per iteration and resulting in out-of-bounds memory reads. This can lead to kernel memory corruption and system instability.
The vulnerability is exploitable during AppArmor policy enforcement when opening files, and may allow privilege escalation or system crash.
7) Out-of-bounds write (CVE-ID: CVE-2026-23407)
The vulnerability allows a local user to execute arbitrary code or cause a denial of service.
The vulnerability exists due to improper bounds checking in the AppArmor verify_dfa() function when parsing a malformed DFA policy. A local user can provide a specially crafted AppArmor policy with differential encoding that triggers out-of-bounds memory access to execute arbitrary code or crash the kernel.
Successful exploitation requires the ability to load a malicious AppArmor profile, which requires user privileges but no special administrative rights beyond those needed to manage AppArmor policies.
8) Double free (CVE-ID: CVE-2026-23408)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a double free in the AppArmor profile replacement component when processing user-supplied profile data. A local user can send a specially crafted request to cause a denial of service.
9) Resource exhaustion (CVE-ID: CVE-2026-23409)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in AppArmor's differential encoding verification when processing encoded profile data. A local user can provide a specially crafted differential-encoded profile that creates loops in the chain to cause a denial of service.
Successful exploitation requires the ability to load AppArmor profiles, which is restricted to privileged users. However, since no additional authentication beyond standard system privileges is required, the attacker capability is considered as a local user with low privileges in the context of the vulnerability.
10) Use-after-free (CVE-ID: CVE-2026-23410)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a use-after-free in AppArmor rawdata inode handling when opening rawdata files while simultaneously removing the corresponding profile. A local attacker can trigger a race condition to access freed memory and cause a denial of service.
11) Race condition (CVE-ID: CVE-2026-23411)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a race condition in the AppArmor i_private data management when accessing filesystem callback functions after reference removal. A local attacker can trigger a use-after-free condition by exploiting the race between freeing data and filesystem access to trigger a denial of service.
The issue arises when the inode persists beyond AppArmor data cleanup and filesystem callbacks are invoked after the reference has been released. This race condition primarily affects data stored in i_private, including rawdata/loaddata interfaces.
12) Use-after-free (CVE-ID: CVE-2026-23111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_map_catchall_activate() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
13) Use-after-free (CVE-ID: CVE-2026-23074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.
14) NULL pointer dereference (CVE-ID: CVE-2026-23060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.
15) Memory leak (CVE-ID: CVE-2025-68734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the setup_instance() and hfcsusb_probe() functions in drivers/isdn/hardware/mISDN/hfcsusb.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2025-68343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gs_usb_receive_bulk_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2025-68342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gs_usb_get_echo_skb() and gs_usb_receive_bulk_callback() functions in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
18) Resource management error (CVE-ID: CVE-2025-68340)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the team_port_add() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
19) Improper locking (CVE-ID: CVE-2025-68339)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fore200e_open() function in drivers/atm/fore200e.c. A local user can perform a denial of service (DoS) attack.
20) Use-after-free (CVE-ID: CVE-2025-68331)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uas_queuecommand_lck() function in drivers/usb/storage/uas.c. A local user can escalate privileges on the system.
21) NULL pointer dereference (CVE-ID: CVE-2025-68330)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/iio/accel/bmc150-accel.h. A local user can perform a denial of service (DoS) attack.
22) Resource management error (CVE-ID: CVE-2025-68328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stratix10_svc_drv_probe() function in drivers/firmware/stratix10-svc.c. A local user can perform a denial of service (DoS) attack.
23) Resource management error (CVE-ID: CVE-2025-68327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
24) Improper locking (CVE-ID: CVE-2025-68322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the unwind_special() and unwind_frame_regs() functions in arch/parisc/kernel/unwind.c. A local user can perform a denial of service (DoS) attack.
25) Buffer overflow (CVE-ID: CVE-2025-68321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __page_pool_alloc_pages_slow() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2025-68320)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lan966x_es0_read_esdx_counter() and lan966x_es0_write_esdx_counter() functions in drivers/net/ethernet/microchip/lan966x/lan966x_vcap_impl.c. A local user can perform a denial of service (DoS) attack.
27) Input validation error (CVE-ID: CVE-2025-68315)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/linux/f2fs_fs.h. A local user can perform a denial of service (DoS) attack.
28) Input validation error (CVE-ID: CVE-2025-68313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
29) Resource management error (CVE-ID: CVE-2025-68312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
30) Input validation error (CVE-ID: CVE-2025-68311)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip22zilog_transmit_chars() and __ip22zilog_reset() functions in drivers/tty/serial/ip22zilog.c. A local user can perform a denial of service (DoS) attack.
31) Improper locking (CVE-ID: CVE-2025-68310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the zpci_event_attempt_error_recovery() function in arch/s390/pci/pci_event.c. A local user can perform a denial of service (DoS) attack.
32) Buffer overflow (CVE-ID: CVE-2025-68308)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvaser_usb_leaf_wait_cmd() and kvaser_usb_leaf_read_bulk_callback() functions in drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c. A local user can escalate privileges on the system.
33) Improper locking (CVE-ID: CVE-2025-68307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gs_usb_xmit_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
34) Use-after-free (CVE-ID: CVE-2025-68305)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_sock_bind() function in net/bluetooth/hci_sock.c. A local user can escalate privileges on the system.
35) Buffer overflow (CVE-ID: CVE-2025-68303)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the intel_punit_ipc_probe() function in drivers/platform/x86/intel/punit_ipc.c. A local user can escalate privileges on the system.
36) NULL pointer dereference (CVE-ID: CVE-2025-68302)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sxgbe_rx() function in drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c. A local user can perform a denial of service (DoS) attack.
37) Out-of-bounds read (CVE-ID: CVE-2025-68301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aq_ring_rx_clean() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c. A local user can perform a denial of service (DoS) attack.
38) Improper locking (CVE-ID: CVE-2025-68297)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the decrypt_control_remainder() and process_v2_sparse_read() functions in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
39) Memory leak (CVE-ID: CVE-2025-68295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_construct_tcon() function in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
40) Use-after-free (CVE-ID: CVE-2025-68290)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdm_probe() function in drivers/most/most_usb.c. A local user can escalate privileges on the system.
41) Memory leak (CVE-ID: CVE-2025-68289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_unwrap() function in drivers/usb/gadget/function/f_eem.c. A local user can perform a denial of service (DoS) attack.
42) Memory leak (CVE-ID: CVE-2025-68288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_stor_Bulk_transport() function in drivers/usb/storage/transport.c. A local user can perform a denial of service (DoS) attack.
43) Use-after-free (CVE-ID: CVE-2025-68287)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dwc3_gadget_giveback() function in drivers/usb/dwc3/gadget.c. A local user can escalate privileges on the system.
44) NULL pointer dereference (CVE-ID: CVE-2025-68286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_scanoutpos() function in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
45) Use-after-free (CVE-ID: CVE-2025-68285)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the monmap_show() and osdmap_show() functions in net/ceph/debugfs.c. A local user can escalate privileges on the system.
46) Out-of-bounds read (CVE-ID: CVE-2025-68284)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_auth_session_key() function in net/ceph/auth_x.c. A local user can perform a denial of service (DoS) attack.
47) Buffer overflow (CVE-ID: CVE-2025-68283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the decode_new_primary_temp(), ceph_get_primary_affinity(), decode_new_primary_affinity() and decode_new_up_state_weight() functions in net/ceph/osdmap.c. A local user can escalate privileges on the system.
48) Use-after-free (CVE-ID: CVE-2025-68282)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/usb/gadget.h. A local user can escalate privileges on the system.
49) Use of uninitialized resource (CVE-ID: CVE-2025-68249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hdm_probe() function in drivers/most/most_usb.c. A local user can perform a denial of service (DoS) attack.
50) Memory leak (CVE-ID: CVE-2025-68246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ksmbd_kthread_fn() function in fs/smb/server/transport_tcp.c. A local user can perform a denial of service (DoS) attack.
51) Memory leak (CVE-ID: CVE-2025-68245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __netpoll_cleanup() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
52) Improper locking (CVE-ID: CVE-2025-68244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i915_vma_pin_ww() function in drivers/gpu/drm/i915/i915_vma.c. A local user can perform a denial of service (DoS) attack.
53) Memory leak (CVE-ID: CVE-2025-68241)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fnhe_remove_oldest() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
54) NULL pointer dereference (CVE-ID: CVE-2025-68238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cadence_nand_irq_cleanup() and cadence_nand_init() functions in drivers/mtd/nand/raw/cadence-nand-controller.c. A local user can perform a denial of service (DoS) attack.
55) Integer overflow (CVE-ID: CVE-2025-68237)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the mtdchar_write_ioctl() and mtdchar_read_ioctl() functions in drivers/mtd/mtdchar.c. A local user can execute arbitrary code.
56) Memory leak (CVE-ID: CVE-2025-68235)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvkm_falcon_fw_dtor() function in drivers/gpu/drm/nouveau/nvkm/falcon/fw.c. A local user can perform a denial of service (DoS) attack.
57) Memory leak (CVE-ID: CVE-2025-68233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tegra_drm_ioctl_channel_open() function in drivers/gpu/drm/tegra/uapi.c. A local user can perform a denial of service (DoS) attack.
58) Infinite loop (CVE-ID: CVE-2025-68231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the check_element() and poison_element() functions in mm/mempool.c. A local user can perform a denial of service (DoS) attack.
59) NULL pointer dereference (CVE-ID: CVE-2025-68229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_loop_tpg_address_show() function in drivers/target/loopback/tcm_loop.c. A local user can perform a denial of service (DoS) attack.
60) Resource management error (CVE-ID: CVE-2025-68227)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_wnd_end() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
61) Improper locking (CVE-ID: CVE-2025-68223)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the radeon_fence_is_signaled() function in drivers/gpu/drm/radeon/radeon_fence.c. A local user can perform a denial of service (DoS) attack.
62) Use of uninitialized resource (CVE-ID: CVE-2025-68222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the s32_pinctrl_probe() function in drivers/pinctrl/nxp/pinctrl-s32cc.c. A local user can perform a denial of service (DoS) attack.
63) Improper error handling (CVE-ID: CVE-2025-68220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the of_channel_match_helper() and knav_dma_open_channel() functions in drivers/soc/ti/knav_dma.c. A local user can perform a denial of service (DoS) attack.
64) Memory leak (CVE-ID: CVE-2025-68219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
65) Improper locking (CVE-ID: CVE-2025-68218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_mpath_set_live() function in drivers/nvme/host/multipath.c. A local user can perform a denial of service (DoS) attack.
66) Out-of-bounds read (CVE-ID: CVE-2025-68217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pegasus_probe() function in drivers/input/tablet/pegasus_notetaker.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2025-68214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __try_to_del_timer_sync() function in kernel/time/timer.c. A local user can perform a denial of service (DoS) attack.
68) NULL pointer dereference (CVE-ID: CVE-2025-68213)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_remove() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
69) Out-of-bounds read (CVE-ID: CVE-2025-68208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the widen_imprecise_scalars() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
70) Memory leak (CVE-ID: CVE-2025-68204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_pd_power_off() and scmi_pm_domain_probe() functions in drivers/firmware/arm_scmi/scmi_pm_domain.c. A local user can perform a denial of service (DoS) attack.
71) Input validation error (CVE-ID: CVE-2025-68201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gfx_v12_0_ring_emit_ib_gfx() function in drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c. A local user can perform a denial of service (DoS) attack.
72) Resource management error (CVE-ID: CVE-2025-68200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cls_bpf_classify() function in net/sched/cls_bpf.c. A local user can perform a denial of service (DoS) attack.
73) NULL pointer dereference (CVE-ID: CVE-2025-68198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __crash_shrink_memory() function in kernel/crash_core.c. A local user can perform a denial of service (DoS) attack.
74) Improper locking (CVE-ID: CVE-2025-68194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the send_packet(), usb_rx_callback_intf0() and usb_rx_callback_intf1() functions in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.
75) Input validation error (CVE-ID: CVE-2025-68192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
76) Improper error handling (CVE-ID: CVE-2025-68191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the udp_tunnel_nic_netdevice_event() function in net/ipv4/udp_tunnel_nic.c. A local user can perform a denial of service (DoS) attack.
77) NULL pointer dereference (CVE-ID: CVE-2025-68190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atom_execute_table_locked() function in drivers/gpu/drm/amd/amdgpu/atom.c. A local user can perform a denial of service (DoS) attack.
78) Improper locking (CVE-ID: CVE-2025-68185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs4_setup_readdir() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
79) Improper locking (CVE-ID: CVE-2025-68184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_plane_format_mod_supported() function in drivers/gpu/drm/mediatek/mtk_plane.c. A local user can perform a denial of service (DoS) attack.
80) Buffer overflow (CVE-ID: CVE-2025-68183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ima_protect_xattr(), ima_reset_appraise_flags(), ima_inode_setxattr() and ima_inode_set_acl() functions in security/integrity/ima/ima_appraise.c. A local user can perform a denial of service (DoS) attack.
81) NULL pointer dereference (CVE-ID: CVE-2025-68180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the odm_combine_segments_show() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.
82) Buffer overflow (CVE-ID: CVE-2025-68179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the function in arch/s390/Kconfig. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2025-68178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blkg_conf_prep() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
84) NULL pointer dereference (CVE-ID: CVE-2025-68177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the longhaul_exit() function in drivers/cpufreq/longhaul.c. A local user can perform a denial of service (DoS) attack.
85) NULL pointer dereference (CVE-ID: CVE-2025-68176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/pci/controller/cadence/pcie-cadence.h. A local user can perform a denial of service (DoS) attack.
86) Improper locking (CVE-ID: CVE-2025-68173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ftrace_module_enable() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
87) Double free (CVE-ID: CVE-2025-68172)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the aspeed_acry_probe() and aspeed_acry_remove() functions in drivers/crypto/aspeed/aspeed-acry.c. A local user can perform a denial of service (DoS) attack.
88) Resource management error (CVE-ID: CVE-2025-68171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fpu__clear_user_states() function in arch/x86/kernel/fpu/core.c. A local user can perform a denial of service (DoS) attack.
89) Improper locking (CVE-ID: CVE-2025-68168)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the txInit() function in fs/jfs/jfs_txnmgr.c. A local user can perform a denial of service (DoS) attack.
90) Resource management error (CVE-ID: CVE-2025-40363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ah6_output_done() and ah6_output() functions in net/ipv6/ah6.c. A local user can perform a denial of service (DoS) attack.
91) NULL pointer dereference (CVE-ID: CVE-2025-40360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL() function in drivers/gpu/drm/drm_gem_atomic_helper.c. A local user can perform a denial of service (DoS) attack.
92) Out-of-bounds read (CVE-ID: CVE-2025-40358)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the walk_stackframe() function in arch/riscv/kernel/stacktrace.c. A local user can perform a denial of service (DoS) attack.
93) Buffer overflow (CVE-ID: CVE-2025-40353)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the copy_highpage() function in arch/arm64/mm/copypage.c. A local user can perform a denial of service (DoS) attack.
94) Improper locking (CVE-ID: CVE-2025-40351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_iget() function in fs/hfsplus/super.c. A local user can perform a denial of service (DoS) attack.
95) Resource management error (CVE-ID: CVE-2025-40350)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlx5e_skb_from_cqe_mpwrq_nonlinear() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
96) Out-of-bounds read (CVE-ID: CVE-2025-40349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/hfsplus/hfsplus_fs.h. A local user can perform a denial of service (DoS) attack.
97) Improper locking (CVE-ID: CVE-2025-40347)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enetc_clean_rx_ring(), enetc_clean_rx_ring_xdp() and enetc_poll() functions in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2025-40346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the topology_parse_cpu_capacity() function in drivers/base/arch_topology.c. A local user can perform a denial of service (DoS) attack.
99) Out-of-bounds read (CVE-ID: CVE-2025-40345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sddr55_write_data() function in drivers/usb/storage/sddr55.c. A local user can perform a denial of service (DoS) attack.
100) Improper locking (CVE-ID: CVE-2025-40343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_fc_delete_assoc_work() and nvmet_fc_delete_target_assoc() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
101) Improper locking (CVE-ID: CVE-2025-40342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_create_association() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
102) Memory leak (CVE-ID: CVE-2025-40341)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the SYSCALL_DEFINE2(), SYSCALL_DEFINE3() and COMPAT_SYSCALL_DEFINE3() functions in kernel/futex/syscalls.c. A local user can perform a denial of service (DoS) attack.
103) Input validation error (CVE-ID: CVE-2025-40339)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the amdgpu_amdkfd_gpuvm_restore_process_bos() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c. A local user can perform a denial of service (DoS) attack.
104) Input validation error (CVE-ID: CVE-2025-40337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the stmmac_rx() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
105) Improper error handling (CVE-ID: CVE-2025-40333)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __insert_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
106) Out-of-bounds read (CVE-ID: CVE-2025-40331)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the inet_diag_msg_sctpladdrs_fill() function in net/sctp/diag.c. A local user can perform a denial of service (DoS) attack.
107) Improper locking (CVE-ID: CVE-2025-40329)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_sched_entity_error() and drm_sched_entity_kill_jobs_cb() functions in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
108) Use-after-free (CVE-ID: CVE-2025-40328)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the open_cached_dir(), open_cached_dir_by_dentry(), drop_cached_dir_by_name(), cached_dir_offload_close() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.
109) Race condition (CVE-ID: CVE-2025-40324)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the nfsd4_read() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
110) Use-after-free (CVE-ID: CVE-2025-40323)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/fbcon.h. A local user can escalate privileges on the system.
111) Out-of-bounds read (CVE-ID: CVE-2025-40322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bit_putcs_aligned() and bit_putcs_unaligned() functions in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.
112) NULL pointer dereference (CVE-ID: CVE-2025-40321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h. A local user can perform a denial of service (DoS) attack.
113) Use-after-free (CVE-ID: CVE-2025-40320)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_query_info_compound() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
114) Use-after-free (CVE-ID: CVE-2025-40319)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ringbuf_map_alloc() function in kernel/bpf/ringbuf.c. A local user can escalate privileges on the system.
115) Use-after-free (CVE-ID: CVE-2025-40318)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_cmd_sync_dequeue_once() function in net/bluetooth/hci_sync.c. A local user can escalate privileges on the system.
116) Improper error handling (CVE-ID: CVE-2025-40317)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __regmap_init_slimbus() and __devm_regmap_init_slimbus() functions in drivers/base/regmap/regmap-slimbus.c. A local user can perform a denial of service (DoS) attack.
117) NULL pointer dereference (CVE-ID: CVE-2025-40315)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ffs_func_eps_enable() function in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
118) Use-after-free (CVE-ID: CVE-2025-40314)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions in drivers/usb/cdns3/cdnsp-gadget.c. A local user can escalate privileges on the system.
119) Input validation error (CVE-ID: CVE-2025-40313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_read_mft() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
120) Input validation error (CVE-ID: CVE-2025-40312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_iget() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
121) Input validation error (CVE-ID: CVE-2025-40311)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gaudi2_mmap() function in drivers/accel/habanalabs/gaudi2/gaudi2.c. A local user can perform a denial of service (DoS) attack.
122) NULL pointer dereference (CVE-ID: CVE-2025-40310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kgd2kfd_interrupt() function in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
123) Use-after-free (CVE-ID: CVE-2025-40309)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sco_sock_kill() function in net/bluetooth/sco.c. A local user can escalate privileges on the system.
124) NULL pointer dereference (CVE-ID: CVE-2025-40308)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bcsp_recv() function in drivers/bluetooth/hci_bcsp.c. A local user can perform a denial of service (DoS) attack.
125) Buffer overflow (CVE-ID: CVE-2025-40307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the exfat_allocate_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.
126) Memory leak (CVE-ID: CVE-2025-40306)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the convert_to_internal_xattr_flags() and orangefs_inode_getxattr() functions in fs/orangefs/xattr.c. A local user can perform a denial of service (DoS) attack.
127) Resource management error (CVE-ID: CVE-2025-40305)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the p9_poll_mux() and p9_fd_request() functions in net/9p/trans_fd.c. A local user can perform a denial of service (DoS) attack.
128) Out-of-bounds read (CVE-ID: CVE-2025-40304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bit_putcs() function in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.
129) Use-after-free (CVE-ID: CVE-2025-40303)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the write_one_eb() function in fs/btrfs/extent_io.c. A local user can escalate privileges on the system.
130) Input validation error (CVE-ID: CVE-2025-40301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_cmd_complete_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
131) Out-of-bounds read (CVE-ID: CVE-2025-40294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_adv_monitor_pattern() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
132) Division by zero (CVE-ID: CVE-2025-40293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2025-40292)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the page_to_skb() and receive_big() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
134) Input validation error (CVE-ID: CVE-2025-40289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the amdgpu_vram_attrs_is_visible() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c. A local user can perform a denial of service (DoS) attack.
135) NULL pointer dereference (CVE-ID: CVE-2025-40288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_virt_write_vf2pf_data() function in drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c. A local user can perform a denial of service (DoS) attack.
136) Input validation error (CVE-ID: CVE-2025-40287)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.
137) Memory leak (CVE-ID: CVE-2025-40286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
138) Memory leak (CVE-ID: CVE-2025-40285)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb2_sess_setup() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
139) Use-after-free (CVE-ID: CVE-2025-40284)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_index_removed() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.
140) Use-after-free (CVE-ID: CVE-2025-40283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btusb_disconnect() function in drivers/bluetooth/btusb.c. A local user can escalate privileges on the system.
141) Improper error handling (CVE-ID: CVE-2025-40282)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the recv_pkt() function in net/bluetooth/6lowpan.c. A local user can perform a denial of service (DoS) attack.
142) Out-of-bounds read (CVE-ID: CVE-2025-40281)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sctp_transport_update_rto() function in net/sctp/transport.c. A local user can perform a denial of service (DoS) attack.
143) Use-after-free (CVE-ID: CVE-2025-40280)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_net_finalize_work() function in net/tipc/net.c. A local user can escalate privileges on the system.
144) Memory leak (CVE-ID: CVE-2025-40279)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_connmark_dump() function in net/sched/act_connmark.c. A local user can perform a denial of service (DoS) attack.
145) Memory leak (CVE-ID: CVE-2025-40278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_ife_dump() function in net/sched/act_ife.c. A local user can perform a denial of service (DoS) attack.
146) Out-of-bounds read (CVE-ID: CVE-2025-40277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_cmd_check() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
147) NULL pointer dereference (CVE-ID: CVE-2025-40275)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_usb_mixer_controls_badd() function in sound/usb/mixer.c. A local user can perform a denial of service (DoS) attack.
148) Improper locking (CVE-ID: CVE-2025-40273)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs4_free_ol_stateid() function in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
149) Use-after-free (CVE-ID: CVE-2025-40272)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the secretmem_fault() function in mm/secretmem.c. A local user can escalate privileges on the system.
150) Use-after-free (CVE-ID: CVE-2025-40271)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pde_put(), remove_proc_entry() and remove_proc_subtree() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
151) Input validation error (CVE-ID: CVE-2025-40269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_usb_endpoint_set_params() function in sound/usb/endpoint.c. A local user can perform a denial of service (DoS) attack.
152) Memory leak (CVE-ID: CVE-2025-40268)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
153) Out-of-bounds read (CVE-ID: CVE-2025-40266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __do_ffa_mem_xfer() function in arch/arm64/kvm/hyp/nvhe/ffa.c. A local user can perform a denial of service (DoS) attack.
154) NULL pointer dereference (CVE-ID: CVE-2025-40264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_xmit_flush(), be_send_pkt_to_bmc() and be_xmit() functions in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
155) Improper locking (CVE-ID: CVE-2025-40263)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cros_ec_keyb_work() function in drivers/input/keyboard/cros_ec_keyb.c. A local user can perform a denial of service (DoS) attack.
156) Buffer overflow (CVE-ID: CVE-2025-40262)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the imx_sc_key_probe() function in drivers/input/keyboard/imx_sc_key.c. A local user can escalate privileges on the system.
157) Improper locking (CVE-ID: CVE-2025-40261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_delete_ctrl() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
158) Input validation error (CVE-ID: CVE-2025-40259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sg_remove_sfp_usercontext() function in drivers/scsi/sg.c. A local user can perform a denial of service (DoS) attack.
159) Use-after-free (CVE-ID: CVE-2025-40258)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_reset_rtx_timer() function in net/mptcp/protocol.c. A local user can escalate privileges on the system.
160) Use-after-free (CVE-ID: CVE-2025-40257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_remove_anno_list_by_saddr(), mptcp_pm_del_add_timer() and mptcp_pm_free_anno_list() functions in net/mptcp/pm.c. A local user can escalate privileges on the system.
161) NULL pointer dereference (CVE-ID: CVE-2025-40254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the net/openvswitch/flow_netlink.h. A local user can perform a denial of service (DoS) attack.
162) Input validation error (CVE-ID: CVE-2025-40253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mpc_rcvd_sweep_req() function in drivers/s390/net/ctcm_mpc.c. A local user can perform a denial of service (DoS) attack.
163) Out-of-bounds read (CVE-ID: CVE-2025-40252)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qede_tpa_cont() and qede_tpa_end() functions in drivers/net/ethernet/qlogic/qede/qede_fp.c. A local user can perform a denial of service (DoS) attack.
164) Memory leak (CVE-ID: CVE-2025-40251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devl_rate_nodes_destroy() function in net/devlink/rate.c. A local user can perform a denial of service (DoS) attack.
165) Input validation error (CVE-ID: CVE-2025-40250)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_irq_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c. A local user can perform a denial of service (DoS) attack.
166) Use-after-free (CVE-ID: CVE-2025-40248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vsock_connect() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
167) Improper Initialization (CVE-ID: CVE-2025-40245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the find_limits() and setup_arch() functions in arch/nios2/kernel/setup.c. A local user can perform a denial of service (DoS) attack.
168) Improper locking (CVE-ID: CVE-2025-40244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfs_find_init() and hfs_brec_find() functions in fs/hfsplus/bfind.c. A local user can perform a denial of service (DoS) attack.
169) Use-after-free (CVE-ID: CVE-2025-40243)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfs_mdb_get() function in fs/hfs/mdb.c. A local user can escalate privileges on the system.
170) Improper locking (CVE-ID: CVE-2025-40242)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gdlm_put_lock() function in fs/gfs2/lock_dlm.c. A local user can perform a denial of service (DoS) attack.
171) NULL pointer dereference (CVE-ID: CVE-2025-40240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_inq_pop() function in net/sctp/inqueue.c. A local user can perform a denial of service (DoS) attack.
172) NULL pointer dereference (CVE-ID: CVE-2025-40238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_devcom_cleanup_mpv() and mlx5e_nic_disable() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
173) NULL pointer dereference (CVE-ID: CVE-2025-40237)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
174) NULL pointer dereference (CVE-ID: CVE-2025-40235)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_get_tree_subvol() function in fs/btrfs/super.c. A local user can perform a denial of service (DoS) attack.
175) Incorrect calculation (CVE-ID: CVE-2025-40233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __ocfs2_move_extents_range() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
176) Improper locking (CVE-ID: CVE-2025-40231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_assign_transport() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
177) Incorrect calculation (CVE-ID: CVE-2025-40226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the scmi_xfer_command_acquire(), scmi_handle_notification(), scmi_handle_response(), scmi_wait_for_reply() and do_xfer() functions in drivers/firmware/arm_scmi/driver.c. A local user can perform a denial of service (DoS) attack.
178) Use-after-free (CVE-ID: CVE-2025-40223)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the release_mdev() and hdm_disconnect() functions in drivers/most/most_usb.c. A local user can escalate privileges on the system.
179) Memory leak (CVE-ID: CVE-2025-40221)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the trigger_handler() function in drivers/media/pci/mgb4/mgb4_trigger.c. A local user can perform a denial of service (DoS) attack.
180) Improper locking (CVE-ID: CVE-2025-40220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fuse_file_release() function in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.
181) Improper locking (CVE-ID: CVE-2025-40219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sriov_add_vfs() and sriov_del_vfs() functions in drivers/pci/iov.c. A local user can perform a denial of service (DoS) attack.
182) Improper locking (CVE-ID: CVE-2025-40218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the damon_mkold_pmd_entry() and damon_young_pmd_entry() functions in mm/damon/vaddr.c. A local user can perform a denial of service (DoS) attack.
183) Use-after-free (CVE-ID: CVE-2025-40211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_video_bus_remove_notify_handler() function in drivers/acpi/acpi_video.c. A local user can escalate privileges on the system.
184) Input validation error (CVE-ID: CVE-2025-40207)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/media/v4l2-subdev.h. A local user can perform a denial of service (DoS) attack.
185) Input validation error (CVE-ID: CVE-2025-40206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_objref_eval() and nft_objref_map_destroy() functions in net/netfilter/nft_objref.c. A local user can perform a denial of service (DoS) attack.
186) Out-of-bounds read (CVE-ID: CVE-2025-40205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_encode_fh() function in fs/btrfs/export.c. A local user can perform a denial of service (DoS) attack.
187) Resource management error (CVE-ID: CVE-2025-40204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
188) Use-after-free (CVE-ID: CVE-2025-40202)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the deliver_response(), ipmi_set_gets_events(), i_ipmi_request(), handle_ipmb_get_msg_cmd(), handle_ipmb_direct_rcv_cmd(), handle_lan_get_msg_cmd(), handle_oem_get_msg_cmd(), handle_read_event_rsp(), smi_work() and free_recv_msg() functions in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
189) Improper locking (CVE-ID: CVE-2025-40201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SYSCALL_DEFINE4() function in kernel/sys.c. A local user can perform a denial of service (DoS) attack.
190) Resource management error (CVE-ID: CVE-2025-40200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
191) Out-of-bounds read (CVE-ID: CVE-2025-40198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_apply_sb_mount_options() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
192) Resource management error (CVE-ID: CVE-2025-40196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dqput() and dquot_init() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
193) Resource management error (CVE-ID: CVE-2025-40194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the update_qos_request() function in drivers/cpufreq/intel_pstate.c. A local user can perform a denial of service (DoS) attack.
194) Input validation error (CVE-ID: CVE-2025-40193)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_read_simdisk() function in arch/xtensa/platforms/iss/simdisk.c. A local user can perform a denial of service (DoS) attack.
195) Infinite loop (CVE-ID: CVE-2025-40192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the init_kcs_data_with_state(), start_kcs_transaction() and kcs_event() functions in drivers/char/ipmi/ipmi_kcs_sm.c. A local user can perform a denial of service (DoS) attack.
196) Input validation error (CVE-ID: CVE-2025-40188)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the berlin_pwm_suspend() and berlin_pwm_resume() functions in drivers/pwm/pwm-berlin.c. A local user can perform a denial of service (DoS) attack.
197) NULL pointer dereference (CVE-ID: CVE-2025-40187)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_sf_do_5_1D_ce() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
198) Memory leak (CVE-ID: CVE-2025-40183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __bpf_redirect_neigh_v6() and __bpf_redirect_neigh_v4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
199) Out-of-bounds read (CVE-ID: CVE-2025-40180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zynqmp_ipi_free_mboxes() function in drivers/mailbox/zynqmp-ipi-mailbox.c. A local user can perform a denial of service (DoS) attack.
200) Resource management error (CVE-ID: CVE-2025-40179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ext4_init_orphan_info() function in fs/ext4/orphan.c. A local user can perform a denial of service (DoS) attack.
201) NULL pointer dereference (CVE-ID: CVE-2025-40178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pid_nr_ns() function in kernel/pid.c. A local user can perform a denial of service (DoS) attack.
202) Use-after-free (CVE-ID: CVE-2025-40176)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_decrypt_sg() function in net/tls/tls_sw.c. A local user can escalate privileges on the system.
203) Input validation error (CVE-ID: CVE-2025-40173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip6_tnl_xmit() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.
204) Buffer overflow (CVE-ID: CVE-2025-40172)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the find_and_map_user_pages() function in drivers/accel/qaic/qaic_control.c. A local user can perform a denial of service (DoS) attack.
205) Memory leak (CVE-ID: CVE-2025-40171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req(), __nvmet_fc_send_ls_req(), nvmet_fc_disconnect_assoc_done() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
206) Input validation error (CVE-ID: CVE-2025-40169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the check_alu_op() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
207) Input validation error (CVE-ID: CVE-2025-40167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __ext4_iget() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
208) Improper locking (CVE-ID: CVE-2025-40166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __guc_exec_queue_process_msg_cleanup() function in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
209) Resource management error (CVE-ID: CVE-2025-40165)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mxc_isi_m2m_vb2_buffer_queue(), mxc_isi_m2m_vb2_stop_streaming() and mxc_isi_m2m_s_fmt_vid() functions in drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c. A local user can perform a denial of service (DoS) attack.
210) Resource management error (CVE-ID: CVE-2025-40160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bind_interdomain_evtchn_to_irq_lateeoi(), find_virq() and bind_virq_to_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
211) Input validation error (CVE-ID: CVE-2025-40159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/xdp/xsk_queue.h. A local user can perform a denial of service (DoS) attack.
212) NULL pointer dereference (CVE-ID: CVE-2025-40156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_ccifreq_probe() function in drivers/devfreq/mtk-cci-devfreq.c. A local user can perform a denial of service (DoS) attack.
213) Use of uninitialized resource (CVE-ID: CVE-2025-40155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the domain_translation_struct_show() function in drivers/iommu/intel/debugfs.c. A local user can perform a denial of service (DoS) attack.
214) Out-of-bounds read (CVE-ID: CVE-2025-40154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the log_quirks() function in sound/soc/intel/boards/bytcr_rt5640.c. A local user can perform a denial of service (DoS) attack.
215) Improper locking (CVE-ID: CVE-2025-40153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hugetlb_change_protection() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
216) Use-after-free (CVE-ID: CVE-2025-40141)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iso_sock_kill() function in net/bluetooth/iso.c. A local user can escalate privileges on the system.
217) Improper locking (CVE-ID: CVE-2025-40140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtl8150_set_multicast() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
218) Input validation error (CVE-ID: CVE-2025-40137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_truncate() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
219) NULL pointer dereference (CVE-ID: CVE-2025-40134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __dm_suspend() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
220) NULL pointer dereference (CVE-ID: CVE-2025-40129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svcauth_gss_verify_header() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
221) Use of uninitialized resource (CVE-ID: CVE-2025-40127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ks_sa_rng_probe() function in drivers/char/hw_random/ks-sa-rng.c. A local user can perform a denial of service (DoS) attack.
222) Input validation error (CVE-ID: CVE-2025-40126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ENTRY() function in arch/sparc/lib/U1memcpy.S. A local user can perform a denial of service (DoS) attack.
223) Improper locking (CVE-ID: CVE-2025-40125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blk_mq_unregister_hctx() function in block/blk-mq-sysfs.c. A local user can perform a denial of service (DoS) attack.
224) Infinite loop (CVE-ID: CVE-2025-40124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the function in arch/sparc/lib/U3memcpy.S. A local user can perform a denial of service (DoS) attack.
225) NULL pointer dereference (CVE-ID: CVE-2025-40123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
226) Out-of-bounds read (CVE-ID: CVE-2025-40121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.
227) Improper locking (CVE-ID: CVE-2025-40120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ax88772_suspend(), ax88772_bind() and ax88772_unbind() functions in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.
228) Out-of-bounds read (CVE-ID: CVE-2025-40118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pm8001_dev_gone_notify() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.
229) NULL pointer dereference (CVE-ID: CVE-2025-40116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3421_probe() function in drivers/usb/host/max3421-hcd.c. A local user can perform a denial of service (DoS) attack.
230) Double free (CVE-ID: CVE-2025-40115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mpt3sas_transport_port_remove() function in drivers/scsi/mpt3sas/mpt3sas_transport.c. A local user can perform a denial of service (DoS) attack.
231) Buffer overflow (CVE-ID: CVE-2025-40112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ENTRY() function in arch/sparc/lib/NGmemcpy.S. A local user can perform a denial of service (DoS) attack.
232) Use-after-free (CVE-ID: CVE-2025-40111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_validation_add_resource() function in drivers/gpu/drm/vmwgfx/vmwgfx_validation.c. A local user can escalate privileges on the system.
233) Input validation error (CVE-ID: CVE-2025-40110)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vmw_cmd_dma() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
234) Input validation error (CVE-ID: CVE-2025-40109)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the crypto_del_default_rng() and crypto_register_rng() functions in crypto/rng.c. A local user can perform a denial of service (DoS) attack.
235) Memory leak (CVE-ID: CVE-2025-40107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hi3110_stop(), hi3110_open(), hi3110_can_probe() and hi3110_can_remove() functions in drivers/net/can/spi/hi311x.c. A local user can perform a denial of service (DoS) attack.
236) Improper error handling (CVE-ID: CVE-2025-40106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the comedi_buf_munge() function in drivers/comedi/comedi_buf.c. A local user can perform a denial of service (DoS) attack.
237) Memory leak (CVE-ID: CVE-2025-40105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the d_alloc() function in fs/dcache.c. A local user can perform a denial of service (DoS) attack.
238) Input validation error (CVE-ID: CVE-2025-40104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/ixgbevf/vf.h. A local user can perform a denial of service (DoS) attack.
239) Memory leak (CVE-ID: CVE-2025-40103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_smb2_acl_by_path() and set_smb2_acl() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
240) Memory leak (CVE-ID: CVE-2025-40101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_load_block_group_zone_info() function in fs/btrfs/zoned.c. A local user can perform a denial of service (DoS) attack.
241) Reachable assertion (CVE-ID: CVE-2025-40100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
242) Out-of-bounds read (CVE-ID: CVE-2025-40099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_dfs_referrals() function in fs/smb/client/misc.c. A local user can perform a denial of service (DoS) attack.
243) Double free (CVE-ID: CVE-2025-40096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drm_sched_job_add_implicit_dependencies() function in drivers/gpu/drm/scheduler/sched_main.c. A local user can perform a denial of service (DoS) attack.
244) NULL pointer dereference (CVE-ID: CVE-2025-40095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rndis_bind() function in drivers/usb/gadget/function/f_rndis.c. A local user can perform a denial of service (DoS) attack.
245) NULL pointer dereference (CVE-ID: CVE-2025-40094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acm_bind() function in drivers/usb/gadget/function/f_acm.c. A local user can perform a denial of service (DoS) attack.
246) NULL pointer dereference (CVE-ID: CVE-2025-40093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ecm_bind() function in drivers/usb/gadget/function/f_ecm.c. A local user can perform a denial of service (DoS) attack.
247) NULL pointer dereference (CVE-ID: CVE-2025-40092)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ncm_bind() function in drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.
248) Out-of-bounds read (CVE-ID: CVE-2025-40088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_strcasecmp() and hfsplus_strcmp() functions in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
249) Resource management error (CVE-ID: CVE-2025-40087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nfsd4_ff_proc_getdeviceinfo() function in fs/nfsd/flexfilelayout.c. A local user can perform a denial of service (DoS) attack.
250) NULL pointer dereference (CVE-ID: CVE-2025-40085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_alias_quirk() function in sound/usb/card.c. A local user can perform a denial of service (DoS) attack.
251) Input validation error (CVE-ID: CVE-2025-40084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipc_msg_handle_free() function in fs/smb/server/transport_ipc.c. A local user can perform a denial of service (DoS) attack.
252) NULL pointer dereference (CVE-ID: CVE-2025-40083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the agg_dequeue() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
253) Buffer overflow (CVE-ID: CVE-2025-40081)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/perf/arm_spe_pmu.c. A local user can escalate privileges on the system.
254) Input validation error (CVE-ID: CVE-2025-40080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nbd_get_socket() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
255) Resource management error (CVE-ID: CVE-2025-40079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the emit_atomic_rmw() and __arch_prepare_bpf_trampoline() functions in arch/riscv/net/bpf_jit_comp64.c. A local user can perform a denial of service (DoS) attack.
256) Resource management error (CVE-ID: CVE-2025-40078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_addr_is_valid_access() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
257) Buffer overflow (CVE-ID: CVE-2025-40077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_truncate_partial_cluster() function in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
258) Improper locking (CVE-ID: CVE-2025-40071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gsm_send_packet(), gsm_dlci_open() and gsm_modem_upd_via_msc() functions in drivers/tty/n_gsm.c. A local user can perform a denial of service (DoS) attack.
259) Use-after-free (CVE-ID: CVE-2025-40070)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pps_register_cdev() function in drivers/pps/pps.c. A local user can escalate privileges on the system.
260) Input validation error (CVE-ID: CVE-2025-40068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the run_unpack() and run_get_highest_vcn() functions in fs/ntfs3/run.c. A local user can perform a denial of service (DoS) attack.
261) Buffer overflow (CVE-ID: CVE-2025-40067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the indx_add_allocate() function in fs/ntfs3/index.c. A local user can perform a denial of service (DoS) attack.
262) Double free (CVE-ID: CVE-2025-40062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the qm_diff_regs_init() function in drivers/crypto/hisilicon/debugfs.c. A local user can perform a denial of service (DoS) attack.
263) Use-after-free (CVE-ID: CVE-2025-40061)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_task() function in drivers/infiniband/sw/rxe/rxe_task.c. A local user can escalate privileges on the system.
264) NULL pointer dereference (CVE-ID: CVE-2025-40060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_trbe_alloc_buffer() function in drivers/hwtracing/coresight/coresight-trbe.c. A local user can perform a denial of service (DoS) attack.
265) NULL pointer dereference (CVE-ID: CVE-2025-40059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_trbe_register_coresight_cpu() function in drivers/hwtracing/coresight/coresight-trbe.c. A local user can perform a denial of service (DoS) attack.
266) Incorrect calculation (CVE-ID: CVE-2025-40058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the drivers/iommu/intel/iommu.h. A local user can perform a denial of service (DoS) attack.
267) Resource management error (CVE-ID: CVE-2025-40057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can perform a denial of service (DoS) attack.
268) Input validation error (CVE-ID: CVE-2025-40056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the copy_to_iotlb() function in drivers/vhost/vringh.c. A local user can perform a denial of service (DoS) attack.
269) Double free (CVE-ID: CVE-2025-40055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the user_cluster_connect() function in fs/ocfs2/stack_user.c. A local user can perform a denial of service (DoS) attack.
270) NULL pointer dereference (CVE-ID: CVE-2025-40053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the function in drivers/net/ethernet/dlink/dl2k.c. A local user can perform a denial of service (DoS) attack.
271) Use-after-free (CVE-ID: CVE-2025-40052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fill_transform_hdr(), smb2_aead_req_alloc() and crypt_message() functions in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
272) Input validation error (CVE-ID: CVE-2025-40051)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the copy_from_iotlb() function in drivers/vhost/vringh.c. A local user can perform a denial of service (DoS) attack.
273) Use of uninitialized resource (CVE-ID: CVE-2025-40049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the fs/squashfs/squashfs_fs_i.h. A local user can perform a denial of service (DoS) attack.
274) Memory leak (CVE-ID: CVE-2025-40048)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_channel_cb(), hv_uio_new_channel() and hv_uio_open() functions in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
275) Improper locking (CVE-ID: CVE-2025-40047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_waitid_wait() function in io_uring/waitid.c. A local user can perform a denial of service (DoS) attack.
276) Use-after-free (CVE-ID: CVE-2025-40044)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.
277) Input validation error (CVE-ID: CVE-2025-40043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_core_reset_ntf_packet(), nci_core_conn_credits_ntf_packet(), nci_core_generic_error_ntf_packet(), nci_core_conn_intf_error_ntf_packet(), nci_clear_target_list(), nci_rf_discover_ntf_packet(), nci_store_general_bytes_nfc_dep(), nci_rf_intf_activated_ntf_packet(), nci_rf_deactivate_ntf_packet(), nci_nfcee_discover_ntf_packet() and nci_ntf_packet() functions in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
278) NULL pointer dereference (CVE-ID: CVE-2025-40042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uprobe_dispatcher() and uretprobe_dispatcher() functions in kernel/trace/trace_uprobe.c. A local user can perform a denial of service (DoS) attack.
279) Improper locking (CVE-ID: CVE-2025-40038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the svm_vcpu_pre_run() function in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
280) Use-after-free (CVE-ID: CVE-2025-40037)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the simplefb_destroy(), simplefb_detach_genpds(), simplefb_attach_genpds() and simplefb_probe() functions in drivers/video/fbdev/simplefb.c. A local user can escalate privileges on the system.
281) Memory leak (CVE-ID: CVE-2025-40036)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fastrpc_put_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
282) Memory leak (CVE-ID: CVE-2025-40035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uinput_ff_upload_to_user() function in drivers/input/misc/uinput.c. A local user can perform a denial of service (DoS) attack.
283) NULL pointer dereference (CVE-ID: CVE-2025-40033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and pru_rproc_set_ctable() functions in drivers/remoteproc/pru_rproc.c. A local user can perform a denial of service (DoS) attack.
284) NULL pointer dereference (CVE-ID: CVE-2025-40032)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_clean_dma_chan() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
285) NULL pointer dereference (CVE-ID: CVE-2025-40031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the register_shm_helper() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
286) NULL pointer dereference (CVE-ID: CVE-2025-40030)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pinmux_func_name_to_selector() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
287) NULL pointer dereference (CVE-ID: CVE-2025-40029)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fsl_mc_bus_probe() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
288) Improper locking (CVE-ID: CVE-2025-40027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the p9_fd_cancelled() function in net/9p/trans_fd.c. A local user can perform a denial of service (DoS) attack.
289) Resource management error (CVE-ID: CVE-2025-40026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the emulator_is_smm() and x86_emulate_instruction() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
290) Resource management error (CVE-ID: CVE-2025-40024)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vhost_task_stop() and vhost_task_create() functions in kernel/vhost_task.c. A local user can perform a denial of service (DoS) attack.
291) Improper locking (CVE-ID: CVE-2025-40021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dyn_event_open() function in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.
292) Out-of-bounds read (CVE-ID: CVE-2025-40020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the peak_usb_update_ts_now() function in drivers/net/can/usb/peak_usb/pcan_usb_core.c. A local user can perform a denial of service (DoS) attack.
293) Resource management error (CVE-ID: CVE-2025-40016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/media/usb/uvc/uvcvideo.h. A local user can perform a denial of service (DoS) attack.
294) NULL pointer dereference (CVE-ID: CVE-2025-40013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the audioreach_widget_load_module_common() function in sound/soc/qcom/qdsp6/topology.c. A local user can perform a denial of service (DoS) attack.
295) NULL pointer dereference (CVE-ID: CVE-2025-40011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the oaktrail_hdmi_teardown() function in drivers/gpu/drm/gma500/oaktrail_hdmi.c. A local user can perform a denial of service (DoS) attack.
296) NULL pointer dereference (CVE-ID: CVE-2025-40010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the afs_use_server() function in fs/afs/server.c. A local user can perform a denial of service (DoS) attack.
297) NULL pointer dereference (CVE-ID: CVE-2025-40009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pagemap_scan_backout_range() function in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
298) Out-of-bounds read (CVE-ID: CVE-2025-40008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEFINE_TEST_MEMSETXX() function in mm/kmsan/kmsan_test.c. A local user can perform a denial of service (DoS) attack.
299) Improper locking (CVE-ID: CVE-2025-40006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the remove_inode_single_folio() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
300) Use-after-free (CVE-ID: CVE-2025-40001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvs_free() function in drivers/scsi/mvsas/mv_init.c. A local user can escalate privileges on the system.
301) Use-after-free (CVE-ID: CVE-2025-40000)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ser_reset_trx_st_hdl() function in drivers/net/wireless/realtek/rtw89/ser.c. A local user can escalate privileges on the system.
302) Buffer overflow (CVE-ID: CVE-2025-39998)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the target_lu_gp_members_show() function in drivers/target/target_core_configfs.c. A local user can escalate privileges on the system.
303) Use-after-free (CVE-ID: CVE-2025-39996)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the flexcop_pci_remove() function in drivers/media/pci/b2c2/flexcop-pci.c. A local user can escalate privileges on the system.
304) Use-after-free (CVE-ID: CVE-2025-39995)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can escalate privileges on the system.
305) Use-after-free (CVE-ID: CVE-2025-39994)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xc5000_release() function in drivers/media/tuners/xc5000.c. A local user can escalate privileges on the system.
306) NULL pointer dereference (CVE-ID: CVE-2025-39992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the unuse_mm() function in mm/swapfile.c. A local user can perform a denial of service (DoS) attack.
307) NULL pointer dereference (CVE-ID: CVE-2025-39991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath11k_qmi_m3_load() function in drivers/net/wireless/ath/ath11k/qmi.c. A local user can perform a denial of service (DoS) attack.
308) Buffer overflow (CVE-ID: CVE-2025-39988)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/usb/etas_es58x/es58x_core.c. A local user can escalate privileges on the system.
309) Buffer overflow (CVE-ID: CVE-2025-39987)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.
310) Buffer overflow (CVE-ID: CVE-2025-39986)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/sun4i_can.c. A local user can escalate privileges on the system.
311) Buffer overflow (CVE-ID: CVE-2025-39985)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/usb/mcba_usb.c. A local user can escalate privileges on the system.
312) Use-after-free (CVE-ID: CVE-2025-39982)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_conn_complete_evt() and le_conn_complete_evt() functions in net/bluetooth/hci_event.c. A local user can escalate privileges on the system.
313) Use-after-free (CVE-ID: CVE-2025-39981)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/bluetooth/mgmt_util.h. A local user can escalate privileges on the system.
314) NULL pointer dereference (CVE-ID: CVE-2025-39980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the replace_nexthop_single() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
315) Use-after-free (CVE-ID: CVE-2025-39978)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the otx2_tc_add_flow() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c. A local user can escalate privileges on the system.
316) Use-after-free (CVE-ID: CVE-2025-39977)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the function in kernel/futex/requeue.c. A local user can escalate privileges on the system.
317) Input validation error (CVE-ID: CVE-2025-39973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_config_vsi_tx_queue() and i40e_config_vsi_rx_queue() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
318) Input validation error (CVE-ID: CVE-2025-39972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_validate_queue_map() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
319) Input validation error (CVE-ID: CVE-2025-39971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_vc_config_queues_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
320) Out-of-bounds read (CVE-ID: CVE-2025-39970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the i40e_validate_cloud_filter() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
321) Input validation error (CVE-ID: CVE-2025-39969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h. A local user can perform a denial of service (DoS) attack.
322) Buffer overflow (CVE-ID: CVE-2025-39968)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the i40e_vc_del_cloud_filter() and i40e_vc_add_cloud_filter() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can escalate privileges on the system.
323) Integer overflow (CVE-ID: CVE-2025-39967)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fbcon_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can execute arbitrary code.
324) Use-after-free (CVE-ID: CVE-2025-39965)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrm_alloc_spi() function in net/xfrm/xfrm_state.c. A local user can escalate privileges on the system.
325) NULL pointer dereference (CVE-ID: CVE-2025-39961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the increase_address_space(), alloc_pte(), fetch_pte() and v1_alloc_pgtable() functions in drivers/iommu/amd/io_pgtable.c. A local user can perform a denial of service (DoS) attack.
326) Input validation error (CVE-ID: CVE-2025-39957)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_register_hw() function in net/mac80211/main.c. A local user can perform a denial of service (DoS) attack.
327) Resource management error (CVE-ID: CVE-2025-39955)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_disconnect() function in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
328) Use-after-free (CVE-ID: CVE-2025-39953)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_PERCPU_RWSEM(), css_release_work_fn(), css_release(), css_create(), css_killed_ref_fn() and cgroup_wq_init() functions in kernel/cgroup/cgroup.c. A local user can escalate privileges on the system.
329) Buffer overflow (CVE-ID: CVE-2025-39952)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/net/wireless/microchip/wilc1000/wlan_cfg.h. A local user can escalate privileges on the system.
330) Use-after-free (CVE-ID: CVE-2025-39951)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_uml_probe() function in arch/um/drivers/virtio_uml.c. A local user can escalate privileges on the system.
331) NULL pointer dereference (CVE-ID: CVE-2025-39950)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcp_ao_finish_connect() function in net/ipv4/tcp_ao.c. A local user can perform a denial of service (DoS) attack.
332) Improper error handling (CVE-ID: CVE-2025-39949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qed_protection_override_dump() function in drivers/net/ethernet/qlogic/qed/qed_debug.c. A local user can perform a denial of service (DoS) attack.
333) Memory leak (CVE-ID: CVE-2025-39948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/net/ethernet/intel/ice/ice_txrx.h. A local user can perform a denial of service (DoS) attack.
334) NULL pointer dereference (CVE-ID: CVE-2025-39947)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mlx5/driver.h. A local user can perform a denial of service (DoS) attack.
335) Use-after-free (CVE-ID: CVE-2025-39945)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cnic_cm_stop_bnx2x_hw() function in drivers/net/ethernet/broadcom/cnic.c. A local user can escalate privileges on the system.
336) Use-after-free (CVE-ID: CVE-2025-39944)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the otx2_ptp_destroy() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp.c. A local user can escalate privileges on the system.
337) Out-of-bounds read (CVE-ID: CVE-2025-39943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the recv_done() function in fs/smb/server/transport_rdma.c. A local user can perform a denial of service (DoS) attack.
338) Buffer overflow (CVE-ID: CVE-2025-39942)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the recv_done() function in fs/smb/server/transport_rdma.c. A local user can perform a denial of service (DoS) attack.
339) Integer overflow (CVE-ID: CVE-2025-39940)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the stripe_io_hints() function in drivers/md/dm-stripe.c. A local user can execute arbitrary code.
340) NULL pointer dereference (CVE-ID: CVE-2025-39938)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the q6apm_lpass_dai_prepare() function in sound/soc/qcom/qdsp6/q6apm-lpass-dais.c. A local user can perform a denial of service (DoS) attack.
341) NULL pointer dereference (CVE-ID: CVE-2025-39937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfkill_gpio_acpi_probe() function in net/rfkill/rfkill-gpio.c. A local user can perform a denial of service (DoS) attack.
342) NULL pointer dereference (CVE-ID: CVE-2025-39934)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the anx7625_i2c_probe() function in drivers/gpu/drm/bridge/analogix/anx7625.c. A local user can perform a denial of service (DoS) attack.
343) Improper locking (CVE-ID: CVE-2025-39932)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smbd_destroy() function in fs/smb/client/smbdirect.c. A local user can perform a denial of service (DoS) attack.
344) Infinite loop (CVE-ID: CVE-2025-39931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the af_alg_sendmsg() function in crypto/af_alg.c. A local user can perform a denial of service (DoS) attack.
345) Memory leak (CVE-ID: CVE-2025-39929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smbd_negotiate() function in fs/smb/client/smbdirect.c. A local user can perform a denial of service (DoS) attack.
346) Memory leak (CVE-ID: CVE-2025-39927)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fs/ceph/mds_client.h. A local user can perform a denial of service (DoS) attack.
347) Improper error handling (CVE-ID: CVE-2025-39923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bam_dma_probe() function in drivers/dma/qcom/bam_dma.c. A local user can perform a denial of service (DoS) attack.
348) NULL pointer dereference (CVE-ID: CVE-2025-39920)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_validate_mem() function in drivers/pcmcia/rsrc_nonstatic.c. A local user can perform a denial of service (DoS) attack.
349) Division by zero (CVE-ID: CVE-2025-39916)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the damon_reclaim_apply_parameters() function in mm/damon/reclaim.c. A local user can perform a denial of service (DoS) attack.
350) Resource management error (CVE-ID: CVE-2025-39914)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the trace_pid_write() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
351) Resource management error (CVE-ID: CVE-2025-39913)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_bpf_send_verdict() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
352) Resource management error (CVE-ID: CVE-2025-39911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_vsi_request_irq_msix() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
353) Input validation error (CVE-ID: CVE-2025-39909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the damon_lru_sort_apply_parameters() function in mm/damon/lru_sort.c. A local user can perform a denial of service (DoS) attack.
354) Out-of-bounds read (CVE-ID: CVE-2025-39907)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stm32_fmc2_nfc_xfer() and stm32_fmc2_nfc_dma_setup() functions in drivers/mtd/nand/raw/stm32_fmc2_nand.c. A local user can perform a denial of service (DoS) attack.
355) NULL pointer dereference (CVE-ID: CVE-2025-39902)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the object_err() function in mm/slub.c. A local user can perform a denial of service (DoS) attack.
356) Use-after-free (CVE-ID: CVE-2025-39901)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i40e_dbg_find_vsi(), i40e_dbg_command_write() and i40e_dbg_netdev_ops_write() functions in drivers/net/ethernet/intel/i40e/i40e_debugfs.c. A local user can escalate privileges on the system.
357) Resource management error (CVE-ID: CVE-2025-39899)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the move_pages_pte() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
358) Input validation error (CVE-ID: CVE-2025-39897)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the axienet_dma_rx_cb() function in drivers/net/ethernet/xilinx/xilinx_axienet_main.c. A local user can perform a denial of service (DoS) attack.
359) NULL pointer dereference (CVE-ID: CVE-2025-39895)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sched_numa_find_nth_cpu() function in kernel/sched/topology.c. A local user can perform a denial of service (DoS) attack.
360) Resource management error (CVE-ID: CVE-2025-39894)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the br_nf_local_in() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
361) Memory leak (CVE-ID: CVE-2025-39891)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the _mwifiex_fw_dpc() and mwifiex_uninit_sw() functions in drivers/net/wireless/marvell/mwifiex/main.c. A local user can perform a denial of service (DoS) attack.
362) Improper locking (CVE-ID: CVE-2025-39886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __bpf_async_init() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
363) Improper locking (CVE-ID: CVE-2025-39885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_extent_map_get_blocks(), ocfs2_fiemap_inline() and ocfs2_fiemap() functions in fs/ocfs2/extent_map.c. A local user can perform a denial of service (DoS) attack.
364) Improper error handling (CVE-ID: CVE-2025-39883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
365) Use-after-free (CVE-ID: CVE-2025-39881)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the of_on(), kernfs_seq_stop_active(), kernfs_seq_start(), kernfs_file_read_iter(), kernfs_fop_write_iter(), kernfs_vma_open(), kernfs_vma_fault(), kernfs_vma_page_mkwrite(), kernfs_vma_access(), kernfs_fop_mmap() and kernfs_fop_poll() functions in fs/kernfs/file.c. A local user can escalate privileges on the system.
366) Input validation error (CVE-ID: CVE-2025-39880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the con_fault_finish() and clear_standby() functions in net/ceph/messenger.c. A local user can perform a denial of service (DoS) attack.
367) Use-after-free (CVE-ID: CVE-2025-39877)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the state_show() function in mm/damon/sysfs.c. A local user can escalate privileges on the system.
368) NULL pointer dereference (CVE-ID: CVE-2025-39876)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fec_enet_phy_reset_after_clk_enable() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
369) Use-after-free (CVE-ID: CVE-2025-39873)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xcan_write_frame() function in drivers/net/can/xilinx_can.c. A local user can escalate privileges on the system.
370) Use-after-free (CVE-ID: CVE-2025-39871)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the idxd_remove() function in drivers/dma/idxd/init.c. A local user can escalate privileges on the system.
371) Double free (CVE-ID: CVE-2025-39870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the idxd_setup_wqs() function in drivers/dma/idxd/init.c. A local user can perform a denial of service (DoS) attack.
372) Out-of-bounds read (CVE-ID: CVE-2025-39869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the edma_setup_from_hw() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.
373) Use-after-free (CVE-ID: CVE-2025-39866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.
374) NULL pointer dereference (CVE-ID: CVE-2025-39865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
375) Use-after-free (CVE-ID: CVE-2025-39864)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cfg80211_update_known_bss() function in net/wireless/scan.c. A local user can escalate privileges on the system.
376) Use-after-free (CVE-ID: CVE-2025-39863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_btcoex_detach() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/btcoex.c. A local user can escalate privileges on the system.
377) Use-after-free (CVE-ID: CVE-2025-39861)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vhci_create_device(), vhci_open() and vhci_release() functions in drivers/bluetooth/hci_vhci.c. A local user can escalate privileges on the system.
378) Use-after-free (CVE-ID: CVE-2025-39860)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
379) NULL pointer dereference (CVE-ID: CVE-2025-39857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_ib_is_sg_need_sync() function in net/smc/smc_ib.c. A local user can perform a denial of service (DoS) attack.
380) Use-after-free (CVE-ID: CVE-2025-39854)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ice_ll_ts_intr() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can escalate privileges on the system.
381) NULL pointer dereference (CVE-ID: CVE-2025-39853)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_client_add_instance() function in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.
382) Memory leak (CVE-ID: CVE-2025-39852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_v6_syn_recv_sock() function in net/ipv6/tcp_ipv6.c. A local user can perform a denial of service (DoS) attack.
383) NULL pointer dereference (CVE-ID: CVE-2025-39851)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/vxlan/vxlan_private.h. A local user can perform a denial of service (DoS) attack.
384) NULL pointer dereference (CVE-ID: CVE-2025-39850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arp_reduce() and neigh_reduce() functions in drivers/net/vxlan/vxlan_core.c. A local user can perform a denial of service (DoS) attack.
385) Buffer overflow (CVE-ID: CVE-2025-39849)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the __cfg80211_connect_result() function in net/wireless/sme.c. A local user can escalate privileges on the system.
386) Input validation error (CVE-ID: CVE-2025-39848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ax25_rcv() function in net/ax25/ax25_in.c. A local user can perform a denial of service (DoS) attack.
387) Memory leak (CVE-ID: CVE-2025-39847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pad_compress_skb() and ppp_send_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
388) NULL pointer dereference (CVE-ID: CVE-2025-39846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __iodyn_find_io_region() function in drivers/pcmcia/rsrc_iodyn.c. A local user can perform a denial of service (DoS) attack.
389) Resource management error (CVE-ID: CVE-2025-39845)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sync_global_pgds() function in arch/x86/mm/init_64.c. A local user can perform a denial of service (DoS) attack.
390) Improper Initialization (CVE-ID: CVE-2025-39844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the include/linux/vmalloc.h. A local user can perform a denial of service (DoS) attack.
391) Improper locking (CVE-ID: CVE-2025-39843)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the get_track(), set_track_update(), free_debug_processing(), ___slab_alloc() and free_to_partial_list() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
392) NULL pointer dereference (CVE-ID: CVE-2025-39842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_clear_inode() function in fs/ocfs2/inode.c. A local user can perform a denial of service (DoS) attack.
393) Use-after-free (CVE-ID: CVE-2025-39841)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_nvmet_defer_rcv() function in drivers/scsi/lpfc/lpfc_nvmet.c. A local user can escalate privileges on the system.
394) Out-of-bounds read (CVE-ID: CVE-2025-39839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the batadv_nc_skb_decode_packet() function in net/batman-adv/network-coding.c. A local user can perform a denial of service (DoS) attack.
395) NULL pointer dereference (CVE-ID: CVE-2025-39838)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cifs_strndup_to_utf16() function in fs/smb/client/cifs_unicode.c. A local user can perform a denial of service (DoS) attack.
396) Buffer overflow (CVE-ID: CVE-2025-39836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mm_communicate(), setup_mm_hdr(), get_max_payload(), get_property_int(), tee_get_variable(), tee_get_next_variable(), tee_set_variable() and tee_query_variable_info() functions in drivers/firmware/efi/stmm/tee_stmm_efi.c. A local user can perform a denial of service (DoS) attack.
397) Memory leak (CVE-ID: CVE-2025-39835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xfs_da_read_buf() function in fs/xfs/libxfs/xfs_da_btree.c. A local user can perform a denial of service (DoS) attack.
398) Improper locking (CVE-ID: CVE-2025-39832)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h. A local user can perform a denial of service (DoS) attack.
399) Resource management error (CVE-ID: CVE-2025-39829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the register_ftrace_graph() function in kernel/trace/fgraph.c. A local user can perform a denial of service (DoS) attack.
400) Out-of-bounds write (CVE-ID: CVE-2025-39828)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the vcc_sendmsg() function in net/atm/common.c. A local user can execute arbitrary code.
401) Resource management error (CVE-ID: CVE-2025-39827)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rose_add_node(), rose_del_node(), rose_add_loopback_node(), rose_del_loopback_node(), rose_rt_device_down(), rose_clear_routes(), rose_neigh_show() and rose_rt_free() functions in net/rose/rose_route.c. A local user can perform a denial of service (DoS) attack.
402) Race condition (CVE-ID: CVE-2025-39826)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rose_timer_expiry() function in net/rose/rose_timer.c. A local user can escalate privileges on the system.
403) Race condition (CVE-ID: CVE-2025-39825)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the cifs_rename2() function in fs/smb/client/inode.c. A local user can escalate privileges on the system.
404) Resource management error (CVE-ID: CVE-2025-39824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the asus_probe() function in drivers/hid/hid-asus.c. A local user can perform a denial of service (DoS) attack.
405) Input validation error (CVE-ID: CVE-2025-39823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_sched_yield() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
406) Resource management error (CVE-ID: CVE-2025-39819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smb2_compound_op() function in fs/smb/client/smb2inode.c. A local user can perform a denial of service (DoS) attack.
407) Buffer overflow (CVE-ID: CVE-2025-39817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efivarfs_d_compare() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
408) Buffer overflow (CVE-ID: CVE-2025-39815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the kvm_riscv_vcpu_set_reg_vector() function in arch/riscv/kvm/vcpu_vector.c. A local user can perform a denial of service (DoS) attack.
409) Resource management error (CVE-ID: CVE-2025-39813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ftrace_dump() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
410) Input validation error (CVE-ID: CVE-2025-39812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sctp_v6_from_sk() function in net/sctp/ipv6.c. A local user can perform a denial of service (DoS) attack.
411) Input validation error (CVE-ID: CVE-2025-39811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xe_vm_create_scratch() function in drivers/gpu/drm/xe/xe_vm.c. A local user can perform a denial of service (DoS) attack.
412) Buffer overflow (CVE-ID: CVE-2025-39810)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bnxt_set_xps_mapping(), bnxt_trim_dflt_sh_rings(), bnxt_set_dflt_rings() and bnxt_init_dflt_ring_mode() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can escalate privileges on the system.
413) Resource management error (CVE-ID: CVE-2025-39808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ntrig_report_version() function in drivers/hid/hid-ntrig.c. A local user can perform a denial of service (DoS) attack.
414) Input validation error (CVE-ID: CVE-2025-39807)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mtk_plane_atomic_disable() function in drivers/gpu/drm/mediatek/mtk_plane.c. A local user can perform a denial of service (DoS) attack.
415) Input validation error (CVE-ID: CVE-2025-39806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt_report_fixup() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.
416) Resource management error (CVE-ID: CVE-2025-39805)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the macb_remove() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.
417) Improper locking (CVE-ID: CVE-2025-39697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_page_set_inode_ref(), nfs_page_group_lock() and nfs_inode_remove_request() functions in fs/nfs/write.c, within the nfs_page_group_unlock() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
418) NULL pointer dereference (CVE-ID: CVE-2025-39678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hsmp_metric_tbl_read() function in drivers/platform/x86/amd/hsmp/hsmp.c. A local user can perform a denial of service (DoS) attack.
419) Buffer overflow (CVE-ID: CVE-2025-38709)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the loop_set_dio(), loop_set_block_size(), lo_simple_ioctl() and lo_ioctl() functions in drivers/block/loop.c. A local user can escalate privileges on the system.
420) Improper locking (CVE-ID: CVE-2025-38643)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cfg80211_check_and_end_cac() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
421) Use-after-free (CVE-ID: CVE-2025-38627)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lzo_decompress_pages(), lz4_decompress_pages(), zstd_init_decompress_ctx(), zstd_decompress_pages(), f2fs_release_decomp_mem(), f2fs_end_read_compressed_page(), allow_memalloc_for_decomp(), f2fs_prepare_decomp_mem(), f2fs_alloc_dic(), f2fs_free_dic() and f2fs_put_dic() functions in fs/f2fs/compress.c. A local user can escalate privileges on the system.
422) Out-of-bounds read (CVE-ID: CVE-2025-38556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
423) Out-of-bounds read (CVE-ID: CVE-2025-38502)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
424) Input validation error (CVE-ID: CVE-2025-38105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_usbmidi_free() and snd_usbmidi_disconnect() functions in sound/usb/midi.c. A local user can perform a denial of service (DoS) attack.
425) NULL pointer dereference (CVE-ID: CVE-2025-37860)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ef100_process_design_param() and ef100_check_design_params() functions in drivers/net/ethernet/sfc/ef100_nic.c, within the ef100_probe_netdev() function in drivers/net/ethernet/sfc/ef100_netdev.c. A local user can perform a denial of service (DoS) attack.
426) NULL pointer dereference (CVE-ID: CVE-2025-23143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_lock_init() and sk_prot_free() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
427) Out-of-bounds read (CVE-ID: CVE-2025-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath11k_reg_notifier(), ath11k_regd_update() and ath11k_regd_update_work() functions in drivers/net/wireless/ath/ath11k/reg.c. A local user can perform a denial of service (DoS) attack.
428) Improper locking (CVE-ID: CVE-2025-23130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the MAIN_SECS(), spin_unlock(), __get_next_segno(), new_curseg() and f2fs_randomize_chunk() functions in fs/f2fs/segment.c, within the f2fs_expand_inode_data() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
429) Resource management error (CVE-ID: CVE-2025-23129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __free_irq() function in drivers/net/wireless/ath/ath11k/pci.c. A local user can perform a denial of service (DoS) attack.
430) Improper locking (CVE-ID: CVE-2025-22125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid10_read_request() and raid10_write_one_disk() functions in drivers/md/raid10.c, within the raid1_read_request() and raid1_write_request() functions in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.
431) Input validation error (CVE-ID: CVE-2025-22124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __write_sb_page() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
432) Use-after-free (CVE-ID: CVE-2025-22121)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_xattr_check_block(), __xattr_check_inode(), ext4_xattr_ibody_get(), ext4_xattr_ibody_list(), ext4_get_inode_usage(), ext4_xattr_ibody_find() and sizeof() functions in fs/ext4/xattr.c, within the ext4_iget_extra_inode() function in fs/ext4/inode.c. A local user can escalate privileges on the system.
433) Improper locking (CVE-ID: CVE-2025-22113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_handle_error(), ext4_put_super() and ext4_load_and_init_journal() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
434) Out-of-bounds read (CVE-ID: CVE-2025-22107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sja1105_table_delete_entry() function in drivers/net/dsa/sja1105/sja1105_static_config.c. A local user can perform a denial of service (DoS) attack.
435) Resource management error (CVE-ID: CVE-2025-22106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmxnet3_rq_cleanup() and vmxnet3_rq_destroy() functions in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
436) Resource management error (CVE-ID: CVE-2025-22105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bond_set_xfrm_features() function in drivers/net/bonding/bond_options.c, within the bond_sk_check(), bond_xdp_set_features() and bond_xdp_set() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
437) NULL pointer dereference (CVE-ID: CVE-2025-22103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ipvlan_l3s_unregister() function in drivers/net/ipvlan/ipvlan_l3s.c. A local user can perform a denial of service (DoS) attack.
438) NULL pointer dereference (CVE-ID: CVE-2025-21833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the domain_remove_dev_pasid() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.