SB2025052056 - SUSE update for the Linux Kernel
Published: May 20, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 102 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2020-36789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_get_echo_skb() function in drivers/net/can/dev.c. A local user can perform a denial of service (DoS) attack.
2) Memory leak (CVE-ID: CVE-2021-47659)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drm_universal_plane_init() function in drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2021-47668)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the can_restart() function in drivers/net/can/dev.c. A local user can escalate privileges on the system.
4) Input validation error (CVE-ID: CVE-2021-47669)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vxcan_xmit() function in drivers/net/can/vxcan.c. A local user can perform a denial of service (DoS) attack.
5) Buffer overflow (CVE-ID: CVE-2022-49044)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvmalloc_array() function in drivers/md/dm-integrity.c. A local user can escalate privileges on the system.
6) NULL pointer dereference (CVE-ID: CVE-2022-49055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the alloc_event_waiters() function in drivers/gpu/drm/amd/amdkfd/kfd_events.c. A local user can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2022-49060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_pnet_find_ib() function in net/smc/smc_pnet.c. A local user can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2022-49086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nla_alloc_flow_actions() and ovs_nla_free_set_action() functions in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2022-49111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_disconn_phylink_complete_evt() function in net/bluetooth/hci_event.c. A local user can escalate privileges on the system.
10) Improper error handling (CVE-ID: CVE-2022-49118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the cq_interrupt_v3_hw(), interrupt_preinit_v3_hw(), hisi_sas_v3_probe() and hisi_sas_v3_destroy_irqs() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
11) Memory leak (CVE-ID: CVE-2022-49121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pm80xx_chip_phy_ctl_req() function in drivers/scsi/pm8001/pm80xx_hwi.c, within the pm8001_exec_internal_task_abort() function in drivers/scsi/pm8001/pm8001_sas.c, within the pm8001_chip_reg_dev_req(), pm8001_chip_fw_flash_update_req() and pm8001_chip_set_dev_state_req() functions in drivers/scsi/pm8001/pm8001_hwi.c. A local user can perform a denial of service (DoS) attack.
12) Memory leak (CVE-ID: CVE-2022-49137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amdgpu_cs_fence_to_handle_ioctl() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can perform a denial of service (DoS) attack.
13) Resource management error (CVE-ID: CVE-2022-49171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ext4_writepage() and mpage_prepare_extent_to_map() functions in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2022-49175)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm_ops_is_empty() and device_pm_check_callbacks() functions in drivers/base/power/main.c. A local user can escalate privileges on the system.
15) Use-after-free (CVE-ID: CVE-2022-49176)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_dispatch_request() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
16) Use-after-free (CVE-ID: CVE-2022-49179)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_bfqq_move() function in block/bfq-cgroup.c. A local user can escalate privileges on the system.
17) Memory leak (CVE-ID: CVE-2022-49188)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the q6v5_alloc_memory_region() function in drivers/remoteproc/qcom_q6v5_mss.c. A local user can perform a denial of service (DoS) attack.
18) Out-of-bounds read (CVE-ID: CVE-2022-49197)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
19) Improper error handling (CVE-ID: CVE-2022-49205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tcp_bpf_sendmsg_redir() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
20) NULL pointer dereference (CVE-ID: CVE-2022-49232)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_connector_add_common_modes() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
21) Memory leak (CVE-ID: CVE-2022-49290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the copy_mesh_setup() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.
22) Improper locking (CVE-ID: CVE-2022-49305)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_beacons_stop() function in drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c. A local user can perform a denial of service (DoS) attack.
23) Input validation error (CVE-ID: CVE-2022-49325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the get_tcp6_sock() function in net/ipv6/tcp_ipv6.c, within the tcp_yeah_cong_avoid(), tcp_snd_cwnd() and tcp_yeah_ssthresh() functions in net/ipv4/tcp_yeah.c, within the tcp_westwood_event() function in net/ipv4/tcp_westwood.c, within the tcp_veno_cong_avoid() and tcp_veno_ssthresh() functions in net/ipv4/tcp_veno.c, within the EXPORT_SYMBOL_GPL() and tcp_vegas_cong_avoid() functions in net/ipv4/tcp_vegas.c, within the tcp_scalable_cong_avoid() and tcp_scalable_ssthresh() functions in net/ipv4/tcp_scalable.c, within the tcp_rate_check_app_limited() function in net/ipv4/tcp_rate.c, within the tcp_cwnd_restart(), tcp_tsq_write(), tcp_cwnd_application_limited(), tcp_cwnd_test(), tcp_tso_should_defer(), tcp_mtu_probe(), tcp_chrono_stop(), tcp_send_loss_probe() and tcp_xmit_retransmit_queue() functions in net/ipv4/tcp_output.c, within the tcpnv_cong_avoid(), tcpnv_recalc_ssthresh() and tcpnv_acked() functions in net/ipv4/tcp_nv.c, within the tcp_update_metrics() function in net/ipv4/tcp_metrics.c, within the tcp_lp_pkts_acked() function in net/ipv4/tcp_lp.c, within the get_tcp4_sock() function in net/ipv4/tcp_ipv4.c, within the tcp_sndbuf_expand(), tcp_update_pacing_rate(), tcp_enter_loss(), DBGUNDO(), tcp_undo_cwnd_reduction(), tcp_init_cwnd_reduction(), tcp_cwnd_reduction(), tcp_end_cwnd_reduction(), tcp_mtup_probe_success(), tcp_fastretrans_alert(), tcp_should_expand_sndbuf() and tcp_init_transfer() functions in net/ipv4/tcp_input.c, within the update_params(), tcp_illinois_cong_avoid() and tcp_illinois_ssthresh() functions in net/ipv4/tcp_illinois.c, within the hybla_init() and hybla_cong_avoid() functions in net/ipv4/tcp_hybla.c, within the measure_achieved_throughput(), htcp_recalc_ssthresh() and htcp_cong_avoid() functions in net/ipv4/tcp_htcp.c, within the hstcp_cong_avoid() and hstcp_ssthresh() functions in net/ipv4/tcp_highspeed.c, within the dctcp_ssthresh(), dctcp_react_to_loss() and dctcp_get_info() functions in net/ipv4/tcp_dctcp.c, within the cubictcp_cong_avoid(), cubictcp_recalc_ssthresh(), hystart_update() and cubictcp_acked() functions in net/ipv4/tcp_cubic.c, within the tcp_set_congestion_control(), tcp_cong_avoid_ai(), tcp_reno_cong_avoid(), tcp_reno_ssthresh() and tcp_reno_undo_cwnd() functions in net/ipv4/tcp_cong.c, within the tcp_cdg_hystart_update(), tcp_cdg_backoff(), tcp_cdg_cong_avoid(), tcp_cdg_ssthresh(), tcp_cdg_cwnd_event() and tcp_cdg_init() functions in net/ipv4/tcp_cdg.c, within the bictcp_cong_avoid() and bictcp_recalc_ssthresh() functions in net/ipv4/tcp_bic.c, within the bbr_init_pacing_rate_from_rtt(), bbr_save_cwnd(), bbr_set_cwnd_to_recover_or_restore(), bbr_set_cwnd(), bbr_update_ack_aggregation(), bbr_check_probe_rtt_done() and bbr_undo_cwnd() functions in net/ipv4/tcp_bbr.c, within the tcp_init_sock(), tcp_disconnect(), tcp_get_info() and tcp_get_timestamping_opt_stats() functions in net/ipv4/tcp.c, within the _bpf_setsockopt() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
24) NULL pointer dereference (CVE-ID: CVE-2022-49335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_cs_parser_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can perform a denial of service (DoS) attack.
25) Memory leak (CVE-ID: CVE-2022-49351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the altera_tse_mdio_create() function in drivers/net/ethernet/altera/altera_tse_main.c. A local user can perform a denial of service (DoS) attack.
26) Use-after-free (CVE-ID: CVE-2022-49385)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bus_add_driver() function in drivers/base/bus.c. A local user can escalate privileges on the system.
27) Use-after-free (CVE-ID: CVE-2022-49390)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macsec_dev_init() and macsec_free_netdev() functions in drivers/net/macsec.c. A local user can escalate privileges on the system.
28) Use-after-free (CVE-ID: CVE-2022-49411)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_link_bfqg() function in block/bfq-cgroup.c. A local user can escalate privileges on the system.
29) Memory leak (CVE-ID: CVE-2022-49442)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the register_node() function in drivers/base/node.c. A local user can perform a denial of service (DoS) attack.
30) Use-after-free (CVE-ID: CVE-2022-49465)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the block/blk-throttle.c. A local user can escalate privileges on the system.
31) Out-of-bounds read (CVE-ID: CVE-2022-49478)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pvr2_hdw_create() function in drivers/media/usb/pvrusb2/pvrusb2-hdw.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2022-49489)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the _dpu_kms_hw_destroy() function in drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c. A local user can escalate privileges on the system.
33) Out-of-bounds read (CVE-ID: CVE-2022-49504)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the lpfc_sli_issue_abort_iotag(), lpfc_sli_abort_taskmgmt() and lpfc_sli4_issue_abort_iotag() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_linkdown() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_issue_els_flogi() and lpfc_els_rcv_flogi() functions in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
34) Memory leak (CVE-ID: CVE-2022-49521)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_fc_frame_check() and lpfc_sli4_send_seq_to_ulp() functions in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
35) Memory leak (CVE-ID: CVE-2022-49525)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cx25821_finidev() function in drivers/media/pci/cx25821/cx25821-core.c. A local user can perform a denial of service (DoS) attack.
36) Memory leak (CVE-ID: CVE-2022-49534)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_ignore_els_cmpl() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_rcv_plogi() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.
37) Use-after-free (CVE-ID: CVE-2022-49535)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_initial_flogi(), lpfc_initial_fdisc(), lpfc_cmpl_els_plogi(), lpfc_cmpl_els_prli() and lpfc_cmpl_els_adisc() functions in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.
38) Improper locking (CVE-ID: CVE-2022-49536)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c. A local user can perform a denial of service (DoS) attack.
39) Input validation error (CVE-ID: CVE-2022-49537)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the lpfc_update_cmf_cmpl() and lpfc_update_cmf_cmd() functions in drivers/scsi/lpfc/lpfc_scsi.c. A local user can perform a denial of service (DoS) attack.
40) Improper locking (CVE-ID: CVE-2022-49542)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_dmp_dbg() function in drivers/scsi/lpfc/lpfc_init.c. A local user can perform a denial of service (DoS) attack.
41) Input validation error (CVE-ID: CVE-2022-49561)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/net/netfilter/nf_conntrack_core.h. A local user can perform a denial of service (DoS) attack.
42) Race condition within a thread (CVE-ID: CVE-2022-49590)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the add_grec(), igmpv3_send_report(), igmp_send_report(), igmp_heard_report(), igmp_heard_query(), __igmp_group_dropped(), igmp_group_added() and ip_mc_rejoin_groups() functions in net/ipv4/igmp.c. A local user can corrupt data.
43) Memory leak (CVE-ID: CVE-2022-49658)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __reg_bound_offset(), __reg_combine_32_into_64(), __reg64_bound_u32(), __reg_combine_64_into_32(), do_refine_retval_range(), adjust_ptr_min_max_vals(), adjust_scalar_min_max_vals(), check_alu_op() and __reg_combine_min_max() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
44) Memory leak (CVE-ID: CVE-2022-49668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the of_get_devfreq_events() function in drivers/devfreq/event/exynos-ppmu.c. A local user can perform a denial of service (DoS) attack.
45) Memory leak (CVE-ID: CVE-2022-49693)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mdp4_modeset_init_intf() function in drivers/gpu/drm/msm/disp/mdp4/mdp4_kms.c. A local user can perform a denial of service (DoS) attack.
46) Input validation error (CVE-ID: CVE-2022-49725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_diag_test() function in drivers/net/ethernet/intel/i40e/i40e_ethtool.c. A local user can perform a denial of service (DoS) attack.
47) Integer overflow (CVE-ID: CVE-2022-49728)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __ip6_append_data(), ip6_append_data() and EXPORT_SYMBOL_GPL() functions in net/ipv6/ip6_output.c. A local user can execute arbitrary code.
48) Use-after-free (CVE-ID: CVE-2022-49730)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_cmpl_els_logo(), lpfc_els_free_iocb() and lpfc_disc_state_machine() functions in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.
49) Integer overflow (CVE-ID: CVE-2022-49749)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the i2c_dw_scl_hcnt() and i2c_dw_scl_lcnt() functions in drivers/i2c/busses/i2c-designware-common.c. A local user can execute arbitrary code.
50) Use-after-free (CVE-ID: CVE-2022-49753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dma_chan_get() function in drivers/dma/dmaengine.c. A local user can escalate privileges on the system.
51) Use-after-free (CVE-ID: CVE-2023-53023)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the local_cleanup() function in net/nfc/llcp_core.c. A local user can escalate privileges on the system.
52) Buffer overflow (CVE-ID: CVE-2023-53032)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bitmap_ip_create() function in net/netfilter/ipset/ip_set_bitmap_ip.c. A local user can escalate privileges on the system.
53) NULL pointer dereference (CVE-ID: CVE-2024-46763)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
54) Use of uninitialized resource (CVE-ID: CVE-2024-46865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gue_gro_receive() function in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
55) Integer overflow (CVE-ID: CVE-2024-49994)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the blk_ioctl_discard() and blk_ioctl_secure_erase() functions in block/ioctl.c. A local user can execute arbitrary code.
56) Resource management error (CVE-ID: CVE-2024-50038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.
57) Infinite loop (CVE-ID: CVE-2024-50272)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the filemap_read() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
58) Integer overflow (CVE-ID: CVE-2024-52559)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the msm_ioctl_gem_submit() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can execute arbitrary code.
59) Improper locking (CVE-ID: CVE-2024-54683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the idletimer_tg_destroy() and idletimer_tg_destroy_v1() functions in net/netfilter/xt_IDLETIMER.c. A local user can perform a denial of service (DoS) attack.
60) Input validation error (CVE-ID: CVE-2024-56590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_tx_work() and hci_acldata_packet() functions in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
61) Resource management error (CVE-ID: CVE-2024-56641)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smc_sk_init(), smc_connect_rdma(), smc_connect_ism() and smc_listen_work() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
62) Reachable assertion (CVE-ID: CVE-2024-57924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
63) Use-after-free (CVE-ID: CVE-2024-57980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_status_init() function in drivers/media/usb/uvc/uvc_status.c. A local user can escalate privileges on the system.
64) NULL pointer dereference (CVE-ID: CVE-2024-57981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
65) Resource management error (CVE-ID: CVE-2024-58005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tpm_is_tpm2_log() and tpm_read_log_acpi() functions in drivers/char/tpm/eventlog/acpi.c. A local user can perform a denial of service (DoS) attack.
66) NULL pointer dereference (CVE-ID: CVE-2024-58009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
67) Integer overflow (CVE-ID: CVE-2024-58017)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __alignof__() function in kernel/printk/printk.c. A local user can execute arbitrary code.
68) Memory leak (CVE-ID: CVE-2024-58063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtl_pci_probe() function in drivers/net/wireless/realtek/rtlwifi/pci.c. A local user can perform a denial of service (DoS) attack.
69) Use-after-free (CVE-ID: CVE-2024-58093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.
70) NULL pointer dereference (CVE-ID: CVE-2025-21635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ATOMIC_INIT(), sizeof(), rds_tcp_sysctl_reset() and rds_tcp_skbuf_handler() functions in net/rds/tcp.c. A local user can perform a denial of service (DoS) attack.
71) Buffer overflow (CVE-ID: CVE-2025-21735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nci_hci_create_pipe() function in net/nfc/nci/hci.c. A local user can escalate privileges on the system.
72) Input validation error (CVE-ID: CVE-2025-21750)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the brcmf_of_probe() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c. A local user can perform a denial of service (DoS) attack.
73) Buffer overflow (CVE-ID: CVE-2025-21758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
74) Use-after-free (CVE-ID: CVE-2025-21764)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.
75) Memory leak (CVE-ID: CVE-2025-21768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_output_core() function in net/ipv6/seg6_iptunnel.c, within the rpl_output() function in net/ipv6/rpl_iptunnel.c. A local user can perform a denial of service (DoS) attack.
76) Out-of-bounds read (CVE-ID: CVE-2025-21772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mac_partition() function in block/partitions/mac.c. A local user can perform a denial of service (DoS) attack.
77) NULL pointer dereference (CVE-ID: CVE-2025-21779)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_hv_send_ipi() and kvm_get_hv_cpuid() functions in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.
78) Improper error handling (CVE-ID: CVE-2025-21806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.
79) Improper locking (CVE-ID: CVE-2025-21862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_net_drop_monitor() and exit_net_drop_monitor() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
80) Input validation error (CVE-ID: CVE-2025-21881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
81) Input validation error (CVE-ID: CVE-2025-21909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_monitor_flags() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
82) Improper locking (CVE-ID: CVE-2025-21910)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_an_alpha2() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
83) Improper error handling (CVE-ID: CVE-2025-21926)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
84) Buffer overflow (CVE-ID: CVE-2025-21927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvme_tcp_queue_id() and nvme_tcp_recv_pdu() functions in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
85) Improper locking (CVE-ID: CVE-2025-21931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_migrate_range() function in mm/memory_hotplug.c. A local user can perform a denial of service (DoS) attack.
86) NULL pointer dereference (CVE-ID: CVE-2025-21941)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resource_build_scaling_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
87) NULL pointer dereference (CVE-ID: CVE-2025-21948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the appleir_raw_event() function in drivers/hid/hid-appleir.c. A local user can perform a denial of service (DoS) attack.
88) Resource management error (CVE-ID: CVE-2025-21956)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_norm_pix_clk() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
89) NULL pointer dereference (CVE-ID: CVE-2025-21957)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla1280_64bit_start_scsi() function in drivers/scsi/qla1280.c. A local user can perform a denial of service (DoS) attack.
90) Integer overflow (CVE-ID: CVE-2025-21963)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
91) Integer overflow (CVE-ID: CVE-2025-21964)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
92) Resource management error (CVE-ID: CVE-2025-21976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hvfb_putmem(), hvfb_ops_damage_area(), hvfb_probe() and hvfb_remove() functions in drivers/video/fbdev/hyperv_fb.c. A local user can perform a denial of service (DoS) attack.
93) Use-after-free (CVE-ID: CVE-2025-22004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lec_send() function in net/atm/lec.c. A local user can escalate privileges on the system.
94) Input validation error (CVE-ID: CVE-2025-22008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the regulator_resolve_supply() and _regulator_get_common() functions in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
95) Improper locking (CVE-ID: CVE-2025-22010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hem_list_alloc_root_bt(), hns_roce_hem_list_request() and hns_roce_hem_list_find_mtt() functions in drivers/infiniband/hw/hns/hns_roce_hem.c. A local user can perform a denial of service (DoS) attack.
96) NULL pointer dereference (CVE-ID: CVE-2025-22018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the MPOA_cache_impos_rcvd() function in net/atm/mpc.c. A local user can perform a denial of service (DoS) attack.
97) Improper locking (CVE-ID: CVE-2025-22053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the veth_pool_store() function in drivers/net/ethernet/ibm/ibmveth.c. A local user can perform a denial of service (DoS) attack.
98) Out-of-bounds read (CVE-ID: CVE-2025-22055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nft_tunnel_obj_erspan_init() function in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
99) Use-after-free (CVE-ID: CVE-2025-22060)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvpp2_prs_hw_write(), mvpp2_prs_init_from_hw(), mvpp2_prs_flow_find(), mvpp2_prs_mac_drop_all_set(), mvpp2_prs_mac_promisc_set(), mvpp2_prs_dsa_tag_set(), mvpp2_prs_dsa_tag_ethertype_set(), mvpp2_prs_vlan_find(), mvpp2_prs_vlan_add(), mvpp2_prs_double_vlan_find(), mvpp2_prs_double_vlan_add(), mvpp2_prs_mac_init(), mvpp2_prs_vlan_init(), mvpp2_prs_vid_range_find(), mvpp2_prs_vid_entry_add(), mvpp2_prs_vid_entry_remove(), mvpp2_prs_vid_remove_all(), mvpp2_prs_vid_disable_filtering(), mvpp2_prs_vid_enable_filtering(), mvpp2_prs_default_init(), mvpp2_prs_mac_da_range_find(), mvpp2_prs_mac_da_accept(), mvpp2_prs_mac_del_all(), mvpp2_prs_tag_mode_set(), mvpp2_prs_add_flow(), mvpp2_prs_def_flow() and mvpp2_prs_hits() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c, within the mvpp2_probe() function in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can escalate privileges on the system.
100) NULL pointer dereference (CVE-ID: CVE-2025-22086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntohl() function in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.
101) NULL pointer dereference (CVE-ID: CVE-2025-23131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the new_lockspace() function in fs/dlm/lockspace.c. A local user can perform a denial of service (DoS) attack.
102) Use-after-free (CVE-ID: CVE-2025-37785)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_check_dir_entry() function in fs/ext4/dir.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.