SB2026041768 - Ubuntu update for linux-gcp
Published: April 17, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 138 secuirty vulnerabilities.
1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2024-36347)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper signature verification of x86 instruction execution. A local privileged user can load malicious microcode and execute it on the system.
2) Use-after-free (CVE-ID: CVE-2026-23209)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macvlan_common_newlink() function in drivers/net/macvlan.c. A local user can escalate privileges on the system.
3) Memory leak (CVE-ID: CVE-2026-23091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_th_output_open() function in drivers/hwtracing/intel_th/core.c. A local user can perform a denial of service (DoS) attack.
4) Incorrect calculation (CVE-ID: CVE-2025-71157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the ib_del_sub_device_and_put() function in drivers/infiniband/core/device.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2025-71156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gve_add_napi() function in drivers/net/ethernet/google/gve/gve_utils.c. A local user can perform a denial of service (DoS) attack.
6) Memory leak (CVE-ID: CVE-2025-71154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the async_set_registers() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
7) Memory leak (CVE-ID: CVE-2025-71153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_file_all_info() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2025-71151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb3_reconfigure() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
9) Memory leak (CVE-ID: CVE-2025-71150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ksmbd_session_lookup_all() function in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.
10) Resource management error (CVE-ID: CVE-2025-71149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_poll_remove() function in io_uring/poll.c. A local user can perform a denial of service (DoS) attack.
11) Memory leak (CVE-ID: CVE-2025-71148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the handshake_req_submit() function in net/handshake/request.c. A local user can perform a denial of service (DoS) attack.
12) Memory leak (CVE-ID: CVE-2025-71147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_load_cmd() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
13) Memory leak (CVE-ID: CVE-2025-71146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __nf_conncount_add() and insert_tree() functions in net/netfilter/nf_conncount.c. A local user can perform a denial of service (DoS) attack.
14) Out-of-bounds read (CVE-ID: CVE-2025-71143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the exynos_clkout_probe() function in drivers/clk/samsung/clk-exynos-clkout.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2025-71140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the handle_enc_encode_msg() function in drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2025-71138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_encoder_phys_wb_setup_ctl() function in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c. A local user can perform a denial of service (DoS) attack.
17) Out-of-bounds read (CVE-ID: CVE-2025-71137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the otx2_set_ringparam() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c. A local user can perform a denial of service (DoS) attack.
18) Out-of-bounds read (CVE-ID: CVE-2025-71136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the adv7842_cp_log_status() function in drivers/media/i2c/adv7842.c. A local user can perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2025-71135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the raid5_store_group_thread_cnt() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
20) Out-of-bounds read (CVE-ID: CVE-2025-71133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the irdma_net_event() function in drivers/infiniband/hw/irdma/utils.c. A local user can perform a denial of service (DoS) attack.
21) Memory leak (CVE-ID: CVE-2025-71132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smc_rcv() function in drivers/net/ethernet/smsc/smc91x.c. A local user can perform a denial of service (DoS) attack.
22) Double free (CVE-ID: CVE-2025-71131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the seqiv_aead_encrypt() function in crypto/seqiv.c. A local user can perform a denial of service (DoS) attack.
23) NULL pointer dereference (CVE-ID: CVE-2025-71130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eb_lookup_vmas(), i915_gem_do_execbuffer() and i915_gem_execbuffer2_ioctl() functions in drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c. A local user can perform a denial of service (DoS) attack.
24) Improper locking (CVE-ID: CVE-2025-71126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __mptcp_retrans() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2025-71125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_event_reg() function in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
26) NULL pointer dereference (CVE-ID: CVE-2025-71124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the a6xx_preempt_init() function in drivers/gpu/drm/msm/adreno/a6xx_preempt.c. A local user can perform a denial of service (DoS) attack.
27) Memory leak (CVE-ID: CVE-2025-71123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_apply_sb_mount_options() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
28) Input validation error (CVE-ID: CVE-2025-71122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iommufd_test_add_reserved() function in drivers/iommu/iommufd/selftest.c. A local user can perform a denial of service (DoS) attack.
29) Input validation error (CVE-ID: CVE-2025-71121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gsc_set_affinity_irq() function in drivers/parisc/gsc.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2025-71120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
31) Resource management error (CVE-ID: CVE-2025-71119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kexec_prepare_cpus_wait() and wake_offline_cpus() functions in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
32) NULL pointer dereference (CVE-ID: CVE-2025-71118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ns_walk_namespace() function in drivers/acpi/acpica/nswalk.c. A local user can perform a denial of service (DoS) attack.
33) Improper locking (CVE-ID: CVE-2025-71117)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/linux/blkdev.h. A local user can perform a denial of service (DoS) attack.
34) Out-of-bounds read (CVE-ID: CVE-2025-71116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_pool() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
35) Input validation error (CVE-ID: CVE-2025-71115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in arch/um/kernel/um_arch.c. A local user can perform a denial of service (DoS) attack.
36) Buffer overflow (CVE-ID: CVE-2025-71114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the wdt_probe() function in drivers/watchdog/via_wdt.c. A local user can perform a denial of service (DoS) attack.
37) Use of uninitialized resource (CVE-ID: CVE-2025-71113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the rng_accept_parent() function in crypto/algif_rng.c. A local user can perform a denial of service (DoS) attack.
38) Out-of-bounds read (CVE-ID: CVE-2025-71112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hclge_set_vlan_filter() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
39) Race condition (CVE-ID: CVE-2025-71111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/hwmon/w83791d.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
40) Integer overflow (CVE-ID: CVE-2025-71109)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ftrace_dyn_arch_init_insns() and ftrace_make_call() functions in arch/mips/kernel/ftrace.c. A local user can execute arbitrary code.
41) Input validation error (CVE-ID: CVE-2025-71108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ucsi_init() function in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
42) Memory leak (CVE-ID: CVE-2025-71107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the f2fs_put_super() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
43) Resource management error (CVE-ID: CVE-2025-71105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fs/f2fs/xattr.h. A local user can perform a denial of service (DoS) attack.
44) Improper locking (CVE-ID: CVE-2025-71104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the advance_periodic_target_expiration() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
45) Input validation error (CVE-ID: CVE-2025-71102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the scs_check_usage() function in kernel/scs.c. A local user can perform a denial of service (DoS) attack.
46) Out-of-bounds read (CVE-ID: CVE-2025-71101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hp_populate_string_elements_from_package() function in drivers/platform/x86/hp/hp-bioscfg/string-attributes.c. A local user can perform a denial of service (DoS) attack.
47) Out-of-bounds read (CVE-ID: CVE-2025-71100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl92cu_tx_fill_desc() function in drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c. A local user can perform a denial of service (DoS) attack.
48) Use-after-free (CVE-ID: CVE-2025-71099)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xe_oa_add_config_ioctl() function in drivers/gpu/drm/xe/xe_oa.c. A local user can escalate privileges on the system.
49) Improper error handling (CVE-ID: CVE-2025-71098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ip6gre_header() function in net/ipv6/ip6_gre.c. A local user can perform a denial of service (DoS) attack.
50) Memory leak (CVE-ID: CVE-2025-71097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fib_table_flush() function in net/ipv4/fib_trie.c. A local user can perform a denial of service (DoS) attack.
51) NULL pointer dereference (CVE-ID: CVE-2025-71096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ib_nl_handle_ip_res_resp() function in drivers/infiniband/core/addr.c. A local user can perform a denial of service (DoS) attack.
52) Race condition (CVE-ID: CVE-2025-71095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the MODULE_PARM_DESC(), stmmac_xdp_get_tx_queue(), stmmac_xdp_xmit_back() and stmmac_rx_zc() functions in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
53) Resource management error (CVE-ID: CVE-2025-71094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the asix_read_phy_addr() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
54) Buffer overflow (CVE-ID: CVE-2025-71093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the e1000_tbi_should_accept() function in drivers/net/ethernet/intel/e1000/e1000_main.c. A local user can escalate privileges on the system.
55) Improper error handling (CVE-ID: CVE-2025-71091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __team_queue_override_enabled_check() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
56) Double free (CVE-ID: CVE-2025-71089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the iommu_sva_bind_device() function in drivers/iommu/iommu-sva.c. A local user can perform a denial of service (DoS) attack.
57) Off-by-one (CVE-ID: CVE-2025-71087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the iavf_config_rss_reg() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
58) Memory leak (CVE-ID: CVE-2025-71086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rose_kill_by_device() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.
59) Resource management error (CVE-ID: CVE-2025-71085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the calipso_skbuff_setattr() function in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
60) Improper resource shutdown or release (CVE-ID: CVE-2025-71084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the destroy_mc() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
61) NULL pointer dereference (CVE-ID: CVE-2025-71083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ttm_bo_vm_access() function in drivers/gpu/drm/ttm/ttm_bo_vm.c. A local user can perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2025-71082)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btusb_probe() and btusb_disconnect() functions in drivers/bluetooth/btusb.c. A local user can escalate privileges on the system.
63) Memory leak (CVE-ID: CVE-2025-71081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_sai_sub_parse_of(), stm32_sai_sub_probe() and stm32_sai_sub_remove() functions in sound/soc/stm/stm32_sai_sub.c. A local user can perform a denial of service (DoS) attack.
64) Improper locking (CVE-ID: CVE-2025-71079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() and nfc_unregister_device() functions in net/nfc/core.c. A local user can perform a denial of service (DoS) attack.
65) Resource management error (CVE-ID: CVE-2025-71078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the preload_age() function in arch/powerpc/mm/book3s64/slb.c. A local user can perform a denial of service (DoS) attack.
66) Out-of-bounds read (CVE-ID: CVE-2025-71077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/tpm.h. A local user can perform a denial of service (DoS) attack.
67) Resource management error (CVE-ID: CVE-2025-71076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xe_oa_set_no_preempt() function in drivers/gpu/drm/xe/xe_oa.c. A local user can perform a denial of service (DoS) attack.
68) Race condition (CVE-ID: CVE-2025-71075)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the asd_pci_remove() function in drivers/scsi/aic94xx/aic94xx_init.c. A local user can escalate privileges on the system.
69) Use-after-free (CVE-ID: CVE-2025-71073)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lkkbd_connect() and lkkbd_disconnect() functions in drivers/input/keyboard/lkkbd.c. A local user can escalate privileges on the system.
70) Input validation error (CVE-ID: CVE-2025-71072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the shmem_rename2() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
71) Use-after-free (CVE-ID: CVE-2025-71071)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_iommu_mm_dts_parse(), mtk_iommu_probe() and mtk_iommu_remove() functions in drivers/iommu/mtk_iommu.c. A local user can escalate privileges on the system.
72) Memory leak (CVE-ID: CVE-2025-71070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ublk_check_and_reset_active_ref() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
73) Buffer overflow (CVE-ID: CVE-2025-71069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_rename() function in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
74) Buffer overflow (CVE-ID: CVE-2025-71068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the svc_rdma_copy_inline_range() function in net/sunrpc/xprtrdma/svc_rdma_rw.c. A local user can perform a denial of service (DoS) attack.
75) Improper error handling (CVE-ID: CVE-2025-71067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ntfs_init_from_boot() function in fs/ntfs3/super.c. A local user can perform a denial of service (DoS) attack.
76) Use-after-free (CVE-ID: CVE-2025-71066)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can escalate privileges on the system.
77) Improper locking (CVE-ID: CVE-2025-71065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_save_errors() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
78) Use of uninitialized resource (CVE-ID: CVE-2025-71064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hclgevf_knic_setup() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c. A local user can perform a denial of service (DoS) attack.
79) Improper locking (CVE-ID: CVE-2025-68823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ublk_get_uring_cmd_pdu(), __ublk_complete_rq(), __ublk_abort_rq() and __ublk_do_auto_buf_reg() functions in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
80) Use-after-free (CVE-ID: CVE-2025-68822)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alps_disconnect() function in drivers/input/mouse/alps.c. A local user can escalate privileges on the system.
81) Use-after-free (CVE-ID: CVE-2025-68821)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fuse_file_put() and fuse_file_open() functions in fs/fuse/file.c. A local user can escalate privileges on the system.
82) NULL pointer dereference (CVE-ID: CVE-2025-68820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
83) Out-of-bounds read (CVE-ID: CVE-2025-68819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtv5100_i2c_msg() function in drivers/media/usb/dvb-usb/dtv5100.c. A local user can perform a denial of service (DoS) attack.
84) Input validation error (CVE-ID: CVE-2025-68818)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
85) Use-after-free (CVE-ID: CVE-2025-68817)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_tree_disconnect() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
86) Input validation error (CVE-ID: CVE-2025-68816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.h. A local user can perform a denial of service (DoS) attack.
87) Resource management error (CVE-ID: CVE-2025-68815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
88) Memory leak (CVE-ID: CVE-2025-68814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __io_openat_prep() function in io_uring/openclose.c. A local user can perform a denial of service (DoS) attack.
89) NULL pointer dereference (CVE-ID: CVE-2025-68813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __ip_vs_get_out_rt() function in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
90) Input validation error (CVE-ID: CVE-2025-68811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the svc_rdma_copy_inline_range() function in net/sunrpc/xprtrdma/svc_rdma_rw.c. A local user can perform a denial of service (DoS) attack.
91) Use-after-free (CVE-ID: CVE-2025-68810)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __kvm_set_memory_region() function in virt/kvm/kvm_main.c. A local user can escalate privileges on the system.
92) Race condition within a thread (CVE-ID: CVE-2025-68809)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the ksmbd_query_inode_status() and __ksmbd_inode_close() functions in fs/smb/server/vfs_cache.c. A local user can corrupt data.
93) Use-after-free (CVE-ID: CVE-2025-68808)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vidtv_channel_si_init() function in drivers/media/test-drivers/vidtv/vidtv_channel.c. A local user can escalate privileges on the system.
94) Improper locking (CVE-ID: CVE-2025-68807)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the block/elevator.h. A local user can perform a denial of service (DoS) attack.
95) Input validation error (CVE-ID: CVE-2025-68806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smb2_set_ea() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
96) Use-after-free (CVE-ID: CVE-2025-68805)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fuse_uring_req_end() function in fs/fuse/dev_uring.c. A local user can escalate privileges on the system.
97) Use-after-free (CVE-ID: CVE-2025-68804)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cros_ec_ishtp_remove() function in drivers/platform/chrome/cros_ec_ishtp.c. A local user can escalate privileges on the system.
98) Input validation error (CVE-ID: CVE-2025-68803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/nfsd/vfs.h. A local user can perform a denial of service (DoS) attack.
99) Resource management error (CVE-ID: CVE-2025-68802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/uapi/drm/xe_drm.h. A local user can perform a denial of service (DoS) attack.
100) Use-after-free (CVE-ID: CVE-2025-68801)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_neigh_entry_alloc(), mlxsw_sp_nexthop_dead_neigh_replace(), mlxsw_sp_nexthop_neigh_init() and mlxsw_sp_nexthop_neigh_fini() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c. A local user can escalate privileges on the system.
101) Use-after-free (CVE-ID: CVE-2025-68800)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_mr_route_add() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c. A local user can escalate privileges on the system.
102) Use of uninitialized resource (CVE-ID: CVE-2025-68799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cffrml_receive() function in net/caif/cffrml.c. A local user can perform a denial of service (DoS) attack.
103) NULL pointer dereference (CVE-ID: CVE-2025-68798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_pmu_enable_all() function in arch/x86/events/amd/core.c. A local user can perform a denial of service (DoS) attack.
104) NULL pointer dereference (CVE-ID: CVE-2025-68797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ac_ioctl() function in drivers/char/applicom.c. A local user can perform a denial of service (DoS) attack.
105) Improper error handling (CVE-ID: CVE-2025-68796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_do_zero_range() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
106) Buffer overflow (CVE-ID: CVE-2025-68795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ethtool_get_strings(), ethtool_get_stats(), ethtool_get_phy_stats_phydev(), ethtool_get_phy_stats_ethtool() and ethtool_get_phy_stats() functions in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.
107) Integer underflow (CVE-ID: CVE-2025-68794)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the iomap_adjust_read_range() function in fs/iomap/buffered-io.c. A local user can execute arbitrary code.
108) Use-after-free (CVE-ID: CVE-2025-68793)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can escalate privileges on the system.
109) Buffer overflow (CVE-ID: CVE-2025-68792)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tpm2_seal_trusted(), tpm2_load_cmd() and tpm2_unseal_cmd() functions in security/keys/trusted-keys/trusted_tpm2.c. A local user can escalate privileges on the system.
110) Memory leak (CVE-ID: CVE-2025-68791)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fs/fuse/fuse_dev_i.h. A local user can perform a denial of service (DoS) attack.
111) Input validation error (CVE-ID: CVE-2025-68788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __fsnotify_parent() function in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.
112) Memory leak (CVE-ID: CVE-2025-68787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_output() function in net/netrom/nr_out.c. A local user can perform a denial of service (DoS) attack.
113) Improper locking (CVE-ID: CVE-2025-68786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_lock_range() and ksmbd_vfs_truncate() functions in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
114) Out-of-bounds read (CVE-ID: CVE-2025-68785)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_and_copy_set_tun() and __ovs_nla_copy_actions() functions in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
115) Use-after-free (CVE-ID: CVE-2025-68784)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xrep_xattr_salvage_remote_attr() function in fs/xfs/scrub/attr_repair.c. A local user can escalate privileges on the system.
116) Input validation error (CVE-ID: CVE-2025-68783)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the get_meter_levels_from_urb() function in sound/usb/mixer_us16x08.c. A local user can perform a denial of service (DoS) attack.
117) NULL pointer dereference (CVE-ID: CVE-2025-68782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the target_cmd_init_cdb() function in drivers/target/target_core_transport.c. A local user can perform a denial of service (DoS) attack.
118) Use-after-free (CVE-ID: CVE-2025-68781)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fsl_otg_remove() function in drivers/usb/phy/phy-fsl-usb.c. A local user can escalate privileges on the system.
119) Improper locking (CVE-ID: CVE-2025-68780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dec_dl_deadline(), rq_online_dl() and rq_offline_dl() functions in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
120) Use-after-free (CVE-ID: CVE-2025-68778)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the conflicting_inode_is_dir(), add_conflicting_inode() and log_conflicting_inodes() functions in fs/btrfs/tree-log.c. A local user can escalate privileges on the system.
121) Out-of-bounds read (CVE-ID: CVE-2025-68777)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the titsc_config_wires() function in drivers/input/touchscreen/ti_am335x_tsc.c. A local user can perform a denial of service (DoS) attack.
122) NULL pointer dereference (CVE-ID: CVE-2025-68776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prp_get_untagged_frame() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
123) Memory leak (CVE-ID: CVE-2025-68775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the handshake_req_cancel() function in net/handshake/request.c. A local user can perform a denial of service (DoS) attack.
124) Incorrect calculation (CVE-ID: CVE-2025-68774)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __hfs_bnode_create() function in fs/hfsplus/bnode.c. A local user can perform a denial of service (DoS) attack.
125) Buffer overflow (CVE-ID: CVE-2025-68773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the fsl_spi_prepare_message() function in drivers/spi/spi-fsl-spi.c. A local user can perform a denial of service (DoS) attack.
126) Improper locking (CVE-ID: CVE-2025-68772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_alloc_inode() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
127) Improper error handling (CVE-ID: CVE-2025-68771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_claim_suballoc_bits() function in fs/ocfs2/suballoc.c. A local user can perform a denial of service (DoS) attack.
128) Resource management error (CVE-ID: CVE-2025-68770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_rx_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
129) Improper error handling (CVE-ID: CVE-2025-68769)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_fill_super() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
130) Improper locking (CVE-ID: CVE-2025-68768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip_expire() function in net/ipv4/ip_fragment.c. A local user can perform a denial of service (DoS) attack.
131) Improper privilege management (CVE-ID: CVE-2025-68767)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the hfsplus_get_perms() and hfsplus_cat_read_inode() functions in fs/hfsplus/inode.c. A local user can read and manipulate data.
132) Double free (CVE-ID: CVE-2025-68745)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drivers/scsi/qla2xxx/qla_target.h. A local user can perform a denial of service (DoS) attack.
133) Incorrect calculation (CVE-ID: CVE-2025-68736)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the is_access_to_paths_allowed(), maybe_remove() and collect_domain_accesses() functions in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.
134) Infinite loop (CVE-ID: CVE-2025-68725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
135) NULL pointer dereference (CVE-ID: CVE-2025-68368)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mddev_clear_bitmap_ops(), mddev_init(), md_run() and __md_stop() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
136) Use of uninitialized resource (CVE-ID: CVE-2025-68365)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ntfs_create_inode(), ntfs_link_inode() and ntfs_unlink_inode() functions in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
137) NULL pointer dereference (CVE-ID: CVE-2025-68353)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vxlan_xmit_one() function in drivers/net/vxlan/vxlan_core.c. A local user can perform a denial of service (DoS) attack.
138) Memory leak (CVE-ID: CVE-2025-68351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.