SB2025061637 - SUSE update for the Linux Kernel
Published: June 16, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 339 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2023-53034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the switchtec_ntb_mw_set_trans() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2023-53146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dw2102_i2c_transfer() function in drivers/media/usb/dvb-usb/dw2102.c. A local user can perform a denial of service (DoS) attack.
3) Resource management error (CVE-ID: CVE-2024-27018)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to resource management error within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the br_nf_local_in() function in net/bridge/br_netfilter_hooks.c, within the br_netif_receive_skb(), br_pass_frame_up(), br_handle_frame_finish() and br_handle_frame() functions in net/bridge/br_input.c. A local user can execute arbitrary code.
4) Improper locking (CVE-ID: CVE-2024-27415)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_conntrack_init_end() function in net/netfilter/nf_conntrack_core.c, within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the IS_ENABLED() and br_nf_pre_routing() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2024-28956)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to an error in the hardware support for prediction-domain isolation dubbed "Indirect Target Selection". A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests.
6) Resource management error (CVE-ID: CVE-2024-35840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the subflow_finish_connect() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
7) Memory leak (CVE-ID: CVE-2024-43869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_sched_out(), exclusive_event_installable(), perf_pending_task() and perf_event_alloc() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
8) Improper locking (CVE-ID: CVE-2024-46713)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
9) NULL pointer dereference (CVE-ID: CVE-2024-46763)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
10) Use of uninitialized resource (CVE-ID: CVE-2024-46865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gue_gro_receive() function in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
11) Resource management error (CVE-ID: CVE-2024-50038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.
12) Resource management error (CVE-ID: CVE-2024-50083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.
13) Use-after-free (CVE-ID: CVE-2024-50106)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the destroy_delegation(), nfsd4_revoke_states(), nfs4_laundromat(), nfsd4_free_stateid() and nfsd4_delegreturn() functions in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
14) NULL pointer dereference (CVE-ID: CVE-2024-50162)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_map_hash_get_next_key(), dev_map_bpf_prog_run() and bq_xmit_all() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.
15) Input validation error (CVE-ID: CVE-2024-50163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2024-50223)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vma_next() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
17) Race condition within a thread (CVE-ID: CVE-2024-53124)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_v6_do_rcv() function in net/ipv6/tcp_ipv6.c, within the dccp_v6_do_rcv() function in net/dccp/ipv6.c. A local user can corrupt data.
18) Improper locking (CVE-ID: CVE-2024-53135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the module_param() function in arch/x86/kvm/vmx/vmx.c. A local user can perform a denial of service (DoS) attack.
19) Use-after-free (CVE-ID: CVE-2024-53139)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_v6_available() function in net/sctp/ipv6.c. A local user can escalate privileges on the system.
20) Use-after-free (CVE-ID: CVE-2024-54458)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ufs_bsg_remove() function in drivers/ufs/core/ufs_bsg.c. A local user can escalate privileges on the system.
21) Resource management error (CVE-ID: CVE-2024-56641)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smc_sk_init(), smc_connect_rdma(), smc_connect_ism() and smc_listen_work() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
22) NULL pointer dereference (CVE-ID: CVE-2024-56702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SEC() function in tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c, within the reg_btf_record(), check_ptr_to_btf_access(), check_mem_access(), check_func_arg(), btf_check_func_arg_match(), check_kfunc_args(), sanitize_check_bounds(), adjust_ptr_min_max_vals() and convert_ctx_accesses() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
23) Reachable assertion (CVE-ID: CVE-2024-57924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
24) Reachable assertion (CVE-ID: CVE-2024-57998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the _find_opp_table(), _opp_table_find_key(), _find_key(), _find_key_exact(), _opp_table_find_key_ceil(), _find_key_ceil(), dev_pm_opp_find_freq_exact_indexed(), dev_pm_opp_find_freq_ceil_indexed(), dev_pm_opp_find_freq_floor_indexed(), dev_pm_opp_remove(), _opp_add_v1(), _opp_set_availability() and dev_pm_opp_adjust_voltage() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
25) Resource management error (CVE-ID: CVE-2024-58001)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2024-58018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the r535_gsp_cmdq_push() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c. A local user can perform a denial of service (DoS) attack.
27) NULL pointer dereference (CVE-ID: CVE-2024-58068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the assert_clk_index(), dev_pm_opp_find_bw_ceil() and dev_pm_opp_find_bw_floor() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
28) Improper locking (CVE-ID: CVE-2024-58070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_local_storage_map_alloc() function in kernel/bpf/bpf_local_storage.c. A local user can perform a denial of service (DoS) attack.
29) Improper locking (CVE-ID: CVE-2024-58071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the team_port_add() function in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2024-58088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cgroup_storage_map_alloc() function in kernel/bpf/bpf_cgrp_storage.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2024-58093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.
32) Input validation error (CVE-ID: CVE-2024-58094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_truncate_nolock() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
33) Input validation error (CVE-ID: CVE-2024-58095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the extAlloc() and extRecord() functions in fs/jfs/jfs_extent.c. A local user can perform a denial of service (DoS) attack.
34) Resource management error (CVE-ID: CVE-2024-58096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_dp_rx_mon_dest_process(), ath11k_dp_full_mon_process_rx() and ath11k_hal_srng_access_end() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
35) Infinite loop (CVE-ID: CVE-2024-58097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ath11k_dp_rx_mon_mpdu_pop() and ath11k_dp_rx_full_mon_mpdu_pop() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
36) Resource management error (CVE-ID: CVE-2024-58098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_func_call(), mark_subprog_changes_pkt_data(), visit_func_call_insn() and visit_insn() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
37) Input validation error (CVE-ID: CVE-2024-58099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vmxnet3_xdp_xmit_frame() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
38) Resource management error (CVE-ID: CVE-2024-58100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvfree(), jit_subprogs(), bpf_check_attach_target() and bpf_check() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
39) Resource management error (CVE-ID: CVE-2024-58237)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the subprog_tc() function in tools/testing/selftests/bpf/progs/tc_bpf2bpf.c, within the bpf_helper_changes_pkt_data() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
40) Resource management error (CVE-ID: CVE-2025-21629)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the skb_csum_hwoffload_help() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
41) Buffer overflow (CVE-ID: CVE-2025-21648)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_ct_alloc_hashtable() function in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
42) Memory leak (CVE-ID: CVE-2025-21683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the BPF_CALL_4() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
43) Resource management error (CVE-ID: CVE-2025-21696)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the move_ptes(), move_normal_pmd() and move_normal_pud() functions in mm/mremap.c, within the move_huge_pte() function in mm/hugetlb.c, within the move_soft_dirty_pmd() and move_huge_pmd() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
44) Resource management error (CVE-ID: CVE-2025-21702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
45) Use of uninitialized resource (CVE-ID: CVE-2025-21707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_parse_option() and mptcp_get_options() functions in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
46) Use-after-free (CVE-ID: CVE-2025-21729)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtw89_ops_cancel_hw_scan() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can escalate privileges on the system.
47) NULL pointer dereference (CVE-ID: CVE-2025-21755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __vsock_release() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
48) Buffer overflow (CVE-ID: CVE-2025-21758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
49) Memory leak (CVE-ID: CVE-2025-21768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_output_core() function in net/ipv6/seg6_iptunnel.c, within the rpl_output() function in net/ipv6/rpl_iptunnel.c. A local user can perform a denial of service (DoS) attack.
50) Input validation error (CVE-ID: CVE-2025-21787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the team_nl_options_set_doit() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
51) Memory leak (CVE-ID: CVE-2025-21792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_setsockopt() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
52) Improper error handling (CVE-ID: CVE-2025-21806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.
53) Input validation error (CVE-ID: CVE-2025-21808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dev_xdp_attach() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
54) Use-after-free (CVE-ID: CVE-2025-21812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.
55) NULL pointer dereference (CVE-ID: CVE-2025-21814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ptp_getcycles64() and ptp_clock_register() functions in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.
56) NULL pointer dereference (CVE-ID: CVE-2025-21833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the domain_remove_dev_pasid() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
57) Buffer overflow (CVE-ID: CVE-2025-21836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_destroy_buffers() and io_register_pbuf_ring() functions in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.
58) NULL pointer dereference (CVE-ID: CVE-2025-21852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
59) Use-after-free (CVE-ID: CVE-2025-21853)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_map_mmap() function in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
60) NULL pointer dereference (CVE-ID: CVE-2025-21854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_sk_state_allowed() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
61) Input validation error (CVE-ID: CVE-2025-21863)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_init_req() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2025-21867)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_test_init() function in net/bpf/test_run.c. A local user can escalate privileges on the system.
63) Input validation error (CVE-ID: CVE-2025-21873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ufshcd_rpm_put_sync() function in drivers/ufs/core/ufs_bsg.c. A local user can perform a denial of service (DoS) attack.
64) Improper locking (CVE-ID: CVE-2025-21875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_nl_remove_subflow_and_signal_addr() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
65) Input validation error (CVE-ID: CVE-2025-21881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
66) Resource management error (CVE-ID: CVE-2025-21884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c, within the smc_create_clcsk() function in net/smc/af_smc.c, within the rds_tcp_tune() function in net/rds/tcp.c, within the netlink_release() function in net/netlink/af_netlink.c, within the mptcp_subflow_create_socket() function in net/mptcp/subflow.c, within the sk_alloc(), EXPORT_SYMBOL(), __sk_destruct() and sk_clone_lock() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
67) Use-after-free (CVE-ID: CVE-2025-21887)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovl_link_up() function in fs/overlayfs/copy_up.c. A local user can escalate privileges on the system.
68) Improper locking (CVE-ID: CVE-2025-21889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the perf_event_exec() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
69) Resource management error (CVE-ID: CVE-2025-21894)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the enetc_set_coalesce() and enetc_get_ts_info() functions in drivers/net/ethernet/freescale/enetc/enetc_ethtool.c, within the enetc_hwtstamp_set() function in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.
70) Resource management error (CVE-ID: CVE-2025-21895)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the find_get_pmu_context() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
71) NULL pointer dereference (CVE-ID: CVE-2025-21904)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/caif/caif_virtio.c. A local user can perform a denial of service (DoS) attack.
72) Buffer overflow (CVE-ID: CVE-2025-21905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_parse_tlv_firmware() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.
73) Input validation error (CVE-ID: CVE-2025-21906)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_rx_session_protect_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/time-event.c. A local user can perform a denial of service (DoS) attack.
74) Improper locking (CVE-ID: CVE-2025-21908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kcompactd() function in mm/compaction.c, within the nfs_release_folio() function in fs/nfs/file.c. A local user can perform a denial of service (DoS) attack.
75) Input validation error (CVE-ID: CVE-2025-21909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_monitor_flags() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-21910)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_an_alpha2() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
77) Improper locking (CVE-ID: CVE-2025-21912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gpio_rcar_config_interrupt_input_mode(), gpio_rcar_config_general_input_output_mode(), gpio_rcar_get_multiple(), gpio_rcar_set(), gpio_rcar_set_multiple() and gpio_rcar_probe() functions in drivers/gpio/gpio-rcar.c. A local user can perform a denial of service (DoS) attack.
78) Resource management error (CVE-ID: CVE-2025-21913)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the early_is_amd_nb() and amd_get_mmconfig_range() functions in arch/x86/kernel/amd_nb.c. A local user can perform a denial of service (DoS) attack.
79) Use-after-free (CVE-ID: CVE-2025-21914)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the slim_do_transfer() function in drivers/slimbus/messaging.c. A local user can escalate privileges on the system.
80) Use-after-free (CVE-ID: CVE-2025-21915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the driver_override_show() function in drivers/cdx/cdx.c. A local user can escalate privileges on the system.
81) Resource management error (CVE-ID: CVE-2025-21916)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
82) NULL pointer dereference (CVE-ID: CVE-2025-21917)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
83) NULL pointer dereference (CVE-ID: CVE-2025-21918)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_init() and ucsi_unregister() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
84) Input validation error (CVE-ID: CVE-2025-21919)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the child_cfs_rq_on_list() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
85) Use of uninitialized resource (CVE-ID: CVE-2025-21922)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_send_frame() and ppp_receive_nonmp_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
86) Use-after-free (CVE-ID: CVE-2025-21923)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the steam_remove() function in drivers/hid/hid-steam.c. A local user can escalate privileges on the system.
87) Resource management error (CVE-ID: CVE-2025-21924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hclge_ptp_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
88) Improper error handling (CVE-ID: CVE-2025-21925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the llc_sap_action_unitdata_ind(), llc_sap_action_send_ui() and llc_sap_action_send_test_c() functions in net/llc/llc_s_ac.c. A local user can perform a denial of service (DoS) attack.
89) Improper error handling (CVE-ID: CVE-2025-21926)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
90) Buffer overflow (CVE-ID: CVE-2025-21927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvme_tcp_queue_id() and nvme_tcp_recv_pdu() functions in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
91) Use-after-free (CVE-ID: CVE-2025-21928)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ishtp_hid_remove() function in drivers/hid/intel-ish-hid/ishtp-hid.c. A local user can escalate privileges on the system.
92) Resource management error (CVE-ID: CVE-2025-21930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_dbgfs_fw_dbg_clear_write() function in drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c. A local user can perform a denial of service (DoS) attack.
93) Improper locking (CVE-ID: CVE-2025-21931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_migrate_range() function in mm/memory_hotplug.c. A local user can perform a denial of service (DoS) attack.
94) Use-after-free (CVE-ID: CVE-2025-21934)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rio_mport_add_riodev() function in drivers/rapidio/devices/rio_mport_cdev.c. A local user can escalate privileges on the system.
95) Use-after-free (CVE-ID: CVE-2025-21935)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rio_scan_alloc_net() function in drivers/rapidio/rio-scan.c. A local user can escalate privileges on the system.
96) NULL pointer dereference (CVE-ID: CVE-2025-21936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_device_connected() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
97) NULL pointer dereference (CVE-ID: CVE-2025-21937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_remote_name() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2025-21941)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resource_build_scaling_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
99) Improper locking (CVE-ID: CVE-2025-21943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the new_device_store(), kfree() and delete_device_store() functions in drivers/gpio/gpio-aggregator.c. A local user can perform a denial of service (DoS) attack.
100) NULL pointer dereference (CVE-ID: CVE-2025-21948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the appleir_raw_event() function in drivers/hid/hid-appleir.c. A local user can perform a denial of service (DoS) attack.
101) Memory leak (CVE-ID: CVE-2025-21950)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pmcmd_ioctl() function in drivers/virt/acrn/hsm.c. A local user can perform a denial of service (DoS) attack.
102) Improper locking (CVE-ID: CVE-2025-21951)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mhi_pci_recovery_work() function in drivers/bus/mhi/host/pci_generic.c. A local user can perform a denial of service (DoS) attack.
103) NULL pointer dereference (CVE-ID: CVE-2025-21953)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mana_cleanup_port_context(), mana_destroy_eq(), mana_destroy_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c, within the debugfs_remove_recursive(), mana_gd_remove(), mana_gd_shutdown(), mana_driver_init() and mana_driver_exit() functions in drivers/net/ethernet/microsoft/mana/gdma_main.c. A local user can perform a denial of service (DoS) attack.
104) Resource management error (CVE-ID: CVE-2025-21956)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_norm_pix_clk() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
105) NULL pointer dereference (CVE-ID: CVE-2025-21957)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla1280_64bit_start_scsi() function in drivers/scsi/qla1280.c. A local user can perform a denial of service (DoS) attack.
106) Reachable assertion (CVE-ID: CVE-2025-21960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the bnxt_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
107) Resource management error (CVE-ID: CVE-2025-21961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_xdp_build_skb() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
108) Integer overflow (CVE-ID: CVE-2025-21962)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
109) Integer overflow (CVE-ID: CVE-2025-21963)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
110) Integer overflow (CVE-ID: CVE-2025-21964)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
111) Buffer overflow (CVE-ID: CVE-2025-21966)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the clone_bio() function in drivers/md/dm-flakey.c. A local user can escalate privileges on the system.
112) Use-after-free (CVE-ID: CVE-2025-21968)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_destroy() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
113) Use-after-free (CVE-ID: CVE-2025-21969)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_get_ident(), l2cap_send_cmd(), l2cap_conn_del(), l2cap_conn_free(), l2cap_recv_reset() and l2cap_recv_acldata() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
114) Input validation error (CVE-ID: CVE-2025-21970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_esw_bridge_lag_rep_get(), mlx5_esw_bridge_is_local() and mlx5_esw_bridge_switchdev_event() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bridge.c. A local user can perform a denial of service (DoS) attack.
115) Incorrect calculation (CVE-ID: CVE-2025-21971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the tc_ctl_tclass() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
116) Memory leak (CVE-ID: CVE-2025-21972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mctp_test_route_input_sk_fail_frag() and KUNIT_CASE() functions in net/mctp/test/route-test.c, within the mctp_frag_queue() function in net/mctp/route.c. A local user can perform a denial of service (DoS) attack.
117) NULL pointer dereference (CVE-ID: CVE-2025-21975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_chains_create_table() function in drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c. A local user can perform a denial of service (DoS) attack.
118) Memory leak (CVE-ID: CVE-2025-21978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hyperv_vmbus_probe() and hyperv_vmbus_remove() functions in drivers/gpu/drm/hyperv/hyperv_drm_drv.c. A local user can perform a denial of service (DoS) attack.
119) Use-after-free (CVE-ID: CVE-2025-21979)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cfg80211_dev_free() function in net/wireless/core.c. A local user can escalate privileges on the system.
120) NULL pointer dereference (CVE-ID: CVE-2025-21980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gred_destroy() function in net/sched/sch_gred.c. A local user can perform a denial of service (DoS) attack.
121) Memory leak (CVE-ID: CVE-2025-21981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ice_init_arfs() function in drivers/net/ethernet/intel/ice/ice_arfs.c. A local user can perform a denial of service (DoS) attack.
122) Out-of-bounds read (CVE-ID: CVE-2025-21985)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the populate_dml_output_cfg_from_stream_state() and map_dc_state_into_dml_display_cfg() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c, within the dml21_map_dc_state_into_dml_display_cfg() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c. A local user can perform a denial of service (DoS) attack.
123) Out-of-bounds read (CVE-ID: CVE-2025-21991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the load_microcode_amd() function in arch/x86/kernel/cpu/microcode/amd.c. A local user can perform a denial of service (DoS) attack.
124) Input validation error (CVE-ID: CVE-2025-21992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
125) Out-of-bounds read (CVE-ID: CVE-2025-21993)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ibft_attr_show_nic() function in drivers/firmware/iscsi_ibft.c. A local user can perform a denial of service (DoS) attack.
126) Memory leak (CVE-ID: CVE-2025-21995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drm_sched_entity_kill() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
127) Use of uninitialized resource (CVE-ID: CVE-2025-21996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the radeon_vce_cs_parse() function in drivers/gpu/drm/radeon/radeon_vce.c. A local user can perform a denial of service (DoS) attack.
128) Use-after-free (CVE-ID: CVE-2025-21999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
129) Integer overflow (CVE-ID: CVE-2025-22001)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the invalid_sem() and qaic_validate_req() functions in drivers/accel/qaic/qaic_data.c. A local user can execute arbitrary code.
130) Out-of-bounds read (CVE-ID: CVE-2025-22003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ucan_ctrl_command_out() and ucan_probe() functions in drivers/net/can/usb/ucan.c. A local user can perform a denial of service (DoS) attack.
131) Use-after-free (CVE-ID: CVE-2025-22004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lec_send() function in net/atm/lec.c. A local user can escalate privileges on the system.
132) Memory leak (CVE-ID: CVE-2025-22005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the in6_dev_put() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2025-22007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the chan_alloc_skb_cb() function in net/bluetooth/6lowpan.c. A local user can perform a denial of service (DoS) attack.
134) Input validation error (CVE-ID: CVE-2025-22008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the regulator_resolve_supply() and _regulator_get_common() functions in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
135) NULL pointer dereference (CVE-ID: CVE-2025-22009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/regulator/dummy.c. A local user can perform a denial of service (DoS) attack.
136) Improper locking (CVE-ID: CVE-2025-22010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hem_list_alloc_root_bt(), hns_roce_hem_list_request() and hns_roce_hem_list_find_mtt() functions in drivers/infiniband/hw/hns/hns_roce_hem.c. A local user can perform a denial of service (DoS) attack.
137) Resource management error (CVE-ID: CVE-2025-22013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_arch_vcpu_load_fp() function in arch/arm64/kvm/fpsimd.c, within the fpsimd_signal_preserve_current_state() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
138) Improper locking (CVE-ID: CVE-2025-22014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pdr_locator_new_server() function in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.
139) NULL pointer dereference (CVE-ID: CVE-2025-22015)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the folio_migrate_mapping() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
140) Improper error handling (CVE-ID: CVE-2025-22016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dpll_pin_alloc() function in drivers/dpll/dpll_core.c. A local user can perform a denial of service (DoS) attack.
141) NULL pointer dereference (CVE-ID: CVE-2025-22017)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devlink_rel_alloc() function in net/devlink/core.c. A local user can perform a denial of service (DoS) attack.
142) NULL pointer dereference (CVE-ID: CVE-2025-22018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the MPOA_cache_impos_rcvd() function in net/atm/mpc.c. A local user can perform a denial of service (DoS) attack.
143) Use-after-free (CVE-ID: CVE-2025-22020)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtsx_usb_ms_drv_remove() function in drivers/memstick/host/rtsx_usb_ms.c. A local user can escalate privileges on the system.
144) Resource management error (CVE-ID: CVE-2025-22021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_sk_lookup_slow_v6() function in net/ipv6/netfilter/nf_socket_ipv6.c. A local user can perform a denial of service (DoS) attack.
145) Memory leak (CVE-ID: CVE-2025-22025)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_alloc_open_stateid() and nfsd_break_one_deleg() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
146) NULL pointer dereference (CVE-ID: CVE-2025-22027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the streamzap_disconnect() function in drivers/media/rc/streamzap.c. A local user can perform a denial of service (DoS) attack.
147) Improper locking (CVE-ID: CVE-2025-22029)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the begin_new_exec(), free_bprm(), check_unsafe_exec(), bprm_execve() and sched_mm_cid_after_execve() functions in fs/exec.c. A local user can perform a denial of service (DoS) attack.
148) Use-after-free (CVE-ID: CVE-2025-22030)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zswap_cpu_comp_dead() function in mm/zswap.c. A local user can escalate privileges on the system.
149) NULL pointer dereference (CVE-ID: CVE-2025-22033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_compat_alignment_fixup() function in arch/arm64/kernel/compat_alignment.c. A local user can perform a denial of service (DoS) attack.
150) Use-after-free (CVE-ID: CVE-2025-22036)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the exfat_get_block() function in fs/exfat/inode.c. A local user can escalate privileges on the system.
151) Resource management error (CVE-ID: CVE-2025-22044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.
152) Input validation error (CVE-ID: CVE-2025-22045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/x86/include/asm/tlbflush.h. A local user can perform a denial of service (DoS) attack.
153) NULL pointer dereference (CVE-ID: CVE-2025-22050)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
154) Improper locking (CVE-ID: CVE-2025-22053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the veth_pool_store() function in drivers/net/ethernet/ibm/ibmveth.c. A local user can perform a denial of service (DoS) attack.
155) Out-of-bounds read (CVE-ID: CVE-2025-22055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nft_tunnel_obj_erspan_init() function in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
156) Resource management error (CVE-ID: CVE-2025-22056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_tunnel_obj_geneve_init() and nft_tunnel_opts_dump() functions in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
157) Use-after-free (CVE-ID: CVE-2025-22057)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dst_count_dec() function in net/core/dst.c. A local user can escalate privileges on the system.
158) Memory leak (CVE-ID: CVE-2025-22058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the udp_skb_has_head_state(), udp_rmem_release(), EXPORT_SYMBOL_GPL() and first_packet_length() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
159) Use-after-free (CVE-ID: CVE-2025-22060)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvpp2_prs_hw_write(), mvpp2_prs_init_from_hw(), mvpp2_prs_flow_find(), mvpp2_prs_mac_drop_all_set(), mvpp2_prs_mac_promisc_set(), mvpp2_prs_dsa_tag_set(), mvpp2_prs_dsa_tag_ethertype_set(), mvpp2_prs_vlan_find(), mvpp2_prs_vlan_add(), mvpp2_prs_double_vlan_find(), mvpp2_prs_double_vlan_add(), mvpp2_prs_mac_init(), mvpp2_prs_vlan_init(), mvpp2_prs_vid_range_find(), mvpp2_prs_vid_entry_add(), mvpp2_prs_vid_entry_remove(), mvpp2_prs_vid_remove_all(), mvpp2_prs_vid_disable_filtering(), mvpp2_prs_vid_enable_filtering(), mvpp2_prs_default_init(), mvpp2_prs_mac_da_range_find(), mvpp2_prs_mac_da_accept(), mvpp2_prs_mac_del_all(), mvpp2_prs_tag_mode_set(), mvpp2_prs_add_flow(), mvpp2_prs_def_flow() and mvpp2_prs_hits() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c, within the mvpp2_probe() function in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can escalate privileges on the system.
160) NULL pointer dereference (CVE-ID: CVE-2025-22062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() and proc_sctp_do_udp_port() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
161) NULL pointer dereference (CVE-ID: CVE-2025-22063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the calipso_sock_getattr() and calipso_sock_setattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
162) Incorrect calculation (CVE-ID: CVE-2025-22064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_updchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
163) NULL pointer dereference (CVE-ID: CVE-2025-22065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_shutdown() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2025-22066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imx_card_probe() function in sound/soc/fsl/imx-card.c. A local user can perform a denial of service (DoS) attack.
165) NULL pointer dereference (CVE-ID: CVE-2025-22070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v9fs_vfs_mkdir_dotl() function in fs/9p/vfs_inode_dotl.c. A local user can perform a denial of service (DoS) attack.
166) Improper locking (CVE-ID: CVE-2025-22075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtnl_vfinfo_size() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
167) Integer overflow (CVE-ID: CVE-2025-22080)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fs/ntfs3/ntfs.h. A local user can execute arbitrary code.
168) NULL pointer dereference (CVE-ID: CVE-2025-22086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntohl() function in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.
169) Use-after-free (CVE-ID: CVE-2025-22088)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the erdma_cancel_mpatimer() function in drivers/infiniband/hw/erdma/erdma_cm.c. A local user can escalate privileges on the system.
170) NULL pointer dereference (CVE-ID: CVE-2025-22089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ib_setup_device_attrs() function in drivers/infiniband/core/sysfs.c, within the rdma_init_coredev() function in drivers/infiniband/core/device.c. A local user can perform a denial of service (DoS) attack.
171) Resource management error (CVE-ID: CVE-2025-22090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the copy_page_range() function in mm/memory.c, within the vm_area_dup() function in kernel/fork.c, within the get_pat_info() and untrack_pfn() functions in arch/x86/mm/pat/memtype.c. A local user can perform a denial of service (DoS) attack.
172) NULL pointer dereference (CVE-ID: CVE-2025-22093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dmub_hw_lock_mgr_inbox0_cmd() function in drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c. A local user can perform a denial of service (DoS) attack.
173) Resource management error (CVE-ID: CVE-2025-22095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the brcm_pcie_add_bus() function in drivers/pci/controller/pcie-brcmstb.c. A local user can perform a denial of service (DoS) attack.
174) Use-after-free (CVE-ID: CVE-2025-22097)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vkms_init() and vkms_destroy() functions in drivers/gpu/drm/vkms/vkms_drv.c. A local user can escalate privileges on the system.
175) Improper locking (CVE-ID: CVE-2025-22102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nxp_download_firmware() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
176) NULL pointer dereference (CVE-ID: CVE-2025-22103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ipvlan_l3s_unregister() function in drivers/net/ipvlan/ipvlan_l3s.c. A local user can perform a denial of service (DoS) attack.
177) Out-of-bounds read (CVE-ID: CVE-2025-22104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vnic_add_client_data(), send_login(), handle_query_ip_offload_rsp() and handle_login_rsp() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
178) Resource management error (CVE-ID: CVE-2025-22105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bond_set_xfrm_features() function in drivers/net/bonding/bond_options.c, within the bond_sk_check(), bond_xdp_set_features() and bond_xdp_set() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
179) Resource management error (CVE-ID: CVE-2025-22106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmxnet3_rq_cleanup() and vmxnet3_rq_destroy() functions in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
180) Out-of-bounds read (CVE-ID: CVE-2025-22107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sja1105_table_delete_entry() function in drivers/net/dsa/sja1105/sja1105_static_config.c. A local user can perform a denial of service (DoS) attack.
181) Input validation error (CVE-ID: CVE-2025-22108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnxt_xmit_bd() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_start_xmit() and dma_unmap_addr_set() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
182) Memory leak (CVE-ID: CVE-2025-22109)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_get_route() function in net/ax25/ax25_route.c, within the ax25_connect() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
183) Use-after-free (CVE-ID: CVE-2025-22115)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_create_pending_block_groups() function in fs/btrfs/block-group.c. A local user can escalate privileges on the system.
184) Improper error handling (CVE-ID: CVE-2025-22116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idpf_stop() and idpf_init_task() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
185) Improper locking (CVE-ID: CVE-2025-22119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the INIT_WORK() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.
186) Use-after-free (CVE-ID: CVE-2025-22121)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_xattr_check_block(), __xattr_check_inode(), ext4_xattr_ibody_get(), ext4_xattr_ibody_list(), ext4_get_inode_usage(), ext4_xattr_ibody_find() and sizeof() functions in fs/ext4/xattr.c, within the ext4_iget_extra_inode() function in fs/ext4/inode.c. A local user can escalate privileges on the system.
187) Input validation error (CVE-ID: CVE-2025-22124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __write_sb_page() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
188) Improper locking (CVE-ID: CVE-2025-22125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid10_read_request() and raid10_write_one_disk() functions in drivers/md/raid10.c, within the raid1_read_request() and raid1_write_request() functions in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.
189) Use-after-free (CVE-ID: CVE-2025-22126)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mddev_put(), md_seq_show(), EXPORT_SYMBOL_GPL(), md_notify_reboot(), md_autostart_arrays() and md_exit() functions in drivers/md/md.c. A local user can escalate privileges on the system.
190) Resource management error (CVE-ID: CVE-2025-22128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath12k_pci_probe() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
191) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2025-2312)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exist due to cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments when trying to obtain Kerberos credentials. A local user can gain access to sensitive information.
192) Resource management error (CVE-ID: CVE-2025-23129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __free_irq() function in drivers/net/wireless/ath/ath11k/pci.c. A local user can perform a denial of service (DoS) attack.
193) NULL pointer dereference (CVE-ID: CVE-2025-23131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the new_lockspace() function in fs/dlm/lockspace.c. A local user can perform a denial of service (DoS) attack.
194) Out-of-bounds read (CVE-ID: CVE-2025-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath11k_reg_notifier(), ath11k_regd_update() and ath11k_regd_update_work() functions in drivers/net/wireless/ath/ath11k/reg.c. A local user can perform a denial of service (DoS) attack.
195) NULL pointer dereference (CVE-ID: CVE-2025-23136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the int3402_thermal_probe() function in drivers/thermal/intel/int340x_thermal/int3402_thermal.c. A local user can perform a denial of service (DoS) attack.
196) Integer underflow (CVE-ID: CVE-2025-23138)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the watch_queue_set_size() function in kernel/watch_queue.c. A local user can execute arbitrary code.
197) Memory leak (CVE-ID: CVE-2025-23140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_endpoint_test_release_irq() function in drivers/misc/pci_endpoint_test.c. A local user can perform a denial of service (DoS) attack.
198) Improper locking (CVE-ID: CVE-2025-23141)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl_get_mpstate() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
199) Use-after-free (CVE-ID: CVE-2025-23142)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_transport_free() function in net/sctp/transport.c, within the sctp_writeable(), sctp_sendmsg_to_asoc(), sctp_sock_rfree() and sctp_wait_for_sndbuf() functions in net/sctp/socket.c. A local user can escalate privileges on the system.
200) Improper locking (CVE-ID: CVE-2025-23144)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the led_bl_remove() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.
201) NULL pointer dereference (CVE-ID: CVE-2025-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subflow_hmac_valid() and subflow_syn_recv_sock() functions in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
202) NULL pointer dereference (CVE-ID: CVE-2025-23146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kb3930_probe() function in drivers/mfd/ene-kb3930.c. A local user can perform a denial of service (DoS) attack.
203) NULL pointer dereference (CVE-ID: CVE-2025-23147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i3c_master_unregister_i3c_devs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
204) NULL pointer dereference (CVE-ID: CVE-2025-23148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the exynos_chipid_probe() function in drivers/soc/samsung/exynos-chipid.c. A local user can perform a denial of service (DoS) attack.
205) Improper error handling (CVE-ID: CVE-2025-23149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tpm_get_random() function in drivers/char/tpm/tpm-interface.c, within the tpm_try_get_ops() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.
206) Use-after-free (CVE-ID: CVE-2025-23150)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_split() function in fs/ext4/namei.c. A local user can escalate privileges on the system.
207) Improper locking (CVE-ID: CVE-2025-23151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mhi_gen_tre() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
208) Out-of-bounds read (CVE-ID: CVE-2025-23156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fill_buf_mode(), parse_alloc_mode(), fill_profile_level(), parse_profile_level(), fill_caps(), parse_caps(), fill_raw_fmts(), parse_raw_formats(), parse_codecs(), hfi_platform_parser() and hfi_parser() functions in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.
209) Out-of-bounds read (CVE-ID: CVE-2025-23157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the init_codecs() function in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.
210) Out-of-bounds write (CVE-ID: CVE-2025-23158)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the venus_write_queue() and venus_read_queue() functions in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can execute arbitrary code.
211) Buffer overflow (CVE-ID: CVE-2025-23159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the venus_sfr_print() function in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.
212) Memory leak (CVE-ID: CVE-2025-23160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
213) Improper locking (CVE-ID: CVE-2025-23161)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmd_pci_read(), vmd_pci_write() and vmd_probe() functions in drivers/pci/controller/vmd.c. A local user can perform a denial of service (DoS) attack.
214) Input validation error (CVE-ID: CVE-2025-37740)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
215) Improper locking (CVE-ID: CVE-2025-37741)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the diReadSpecial() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
216) Use-after-free (CVE-ID: CVE-2025-37742)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the diMount() function in fs/jfs/jfs_imap.c. A local user can escalate privileges on the system.
217) Memory leak (CVE-ID: CVE-2025-37747)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exclusive_event_installable(), _free_event(), perf_remove_from_owner(), list_del(), perf_pending_task(), __perf_event_overflow(), perf_event_alloc(), perf_event_exit_event() and perf_free_event() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
218) NULL pointer dereference (CVE-ID: CVE-2025-37748)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_iommu_probe() function in drivers/iommu/mtk_iommu.c. A local user can perform a denial of service (DoS) attack.
219) Out-of-bounds read (CVE-ID: CVE-2025-37749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ppp_sync_txmunge() function in drivers/net/ppp/ppp_synctty.c. A local user can perform a denial of service (DoS) attack.
220) Use-after-free (CVE-ID: CVE-2025-37750)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the decrypt_raw_data() function in fs/smb/client/smb2ops.c, within the cifs_crypto_secmech_release() function in fs/smb/client/cifsencrypt.c. A local user can escalate privileges on the system.
221) Buffer overflow (CVE-ID: CVE-2025-37754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the intel_uc_init_late() function in drivers/gpu/drm/i915/gt/uc/intel_uc.c, within the intel_huc_init_early() and intel_huc_fini() functions in drivers/gpu/drm/i915/gt/uc/intel_huc.c. A local user can perform a denial of service (DoS) attack.
222) NULL pointer dereference (CVE-ID: CVE-2025-37755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wx_alloc_mapped_page() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
223) NULL pointer dereference (CVE-ID: CVE-2025-37758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pxa_ata_probe() function in drivers/ata/pata_pxa.c. A local user can perform a denial of service (DoS) attack.
224) Use-after-free (CVE-ID: CVE-2025-37765)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nouveau_gem_object_del() function in drivers/gpu/drm/nouveau/nouveau_gem.c, within the nouveau_bo_del_ttm() function in drivers/gpu/drm/nouveau/nouveau_bo.c. A local user can escalate privileges on the system.
225) Input validation error (CVE-ID: CVE-2025-37766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vega20_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c. A local user can perform a denial of service (DoS) attack.
226) Division by zero (CVE-ID: CVE-2025-37767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu_v13_0_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c. A local user can perform a denial of service (DoS) attack.
227) Division by zero (CVE-ID: CVE-2025-37768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu7_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c. A local user can perform a denial of service (DoS) attack.
228) Division by zero (CVE-ID: CVE-2025-37769)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu_v11_0_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c. A local user can perform a denial of service (DoS) attack.
229) Division by zero (CVE-ID: CVE-2025-37770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the vega10_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c. A local user can perform a denial of service (DoS) attack.
230) Division by zero (CVE-ID: CVE-2025-37771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the arcturus_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c. A local user can perform a denial of service (DoS) attack.
231) NULL pointer dereference (CVE-ID: CVE-2025-37772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.
232) Input validation error (CVE-ID: CVE-2025-37773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c. A local user can perform a denial of service (DoS) attack.
233) Out-of-bounds read (CVE-ID: CVE-2025-37780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_fh_to_parent() function in fs/isofs/export.c. A local user can perform a denial of service (DoS) attack.
234) Resource management error (CVE-ID: CVE-2025-37781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.
235) Out-of-bounds read (CVE-ID: CVE-2025-37782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfs_bnode_read_key() function in fs/hfsplus/bnode.c, within the hfs_bnode_read_key() function in fs/hfs/bnode.c. A local user can perform a denial of service (DoS) attack.
236) Use-after-free (CVE-ID: CVE-2025-37785)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_check_dir_entry() function in fs/ext4/dir.c. A local user can escalate privileges on the system.
237) Input validation error (CVE-ID: CVE-2025-37787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv88e6xxx_teardown_devlink_regions_global() function in drivers/net/dsa/mv88e6xxx/devlink.c. A local user can perform a denial of service (DoS) attack.
238) Memory leak (CVE-ID: CVE-2025-37788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cxgb4_init_ethtool_filters() function in drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c. A local user can perform a denial of service (DoS) attack.
239) Input validation error (CVE-ID: CVE-2025-37789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
240) Input validation error (CVE-ID: CVE-2025-37790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_sk_hash() function in net/mctp/af_mctp.c. A local user can perform a denial of service (DoS) attack.
241) NULL pointer dereference (CVE-ID: CVE-2025-37792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl_dev_err() function in drivers/bluetooth/btrtl.c. A local user can perform a denial of service (DoS) attack.
242) Improper error handling (CVE-ID: CVE-2025-37793)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the avs_component_probe() function in sound/soc/intel/avs/pcm.c. A local user can perform a denial of service (DoS) attack.
243) NULL pointer dereference (CVE-ID: CVE-2025-37794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
244) Memory leak (CVE-ID: CVE-2025-37796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at76_disconnect() function in drivers/net/wireless/atmel/at76c50x-usb.c. A local user can perform a denial of service (DoS) attack.
245) Input validation error (CVE-ID: CVE-2025-37797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
246) Input validation error (CVE-ID: CVE-2025-37798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_bstats_update() function in net/sched/sch_fq_codel.c, within the codel_qdisc_dequeue() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
247) Memory leak (CVE-ID: CVE-2025-37799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
248) Buffer overflow (CVE-ID: CVE-2025-37803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udmabuf_create() function in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.
249) Race condition within a thread (CVE-ID: CVE-2025-37804)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the io_wq_free_work() function in io_uring/io_uring.c. A local user can corrupt data.
250) Improper locking (CVE-ID: CVE-2025-37805)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtsnd_pcm_parse_cfg() function in sound/virtio/virtio_pcm.c. A local user can perform a denial of service (DoS) attack.
251) NULL pointer dereference (CVE-ID: CVE-2025-37809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the typec_register_partner(), typec_unregister_partner(), typec_get_partner(), typec_partner_attach(), typec_partner_deattach() and typec_register_port() functions in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.
252) Out-of-bounds read (CVE-ID: CVE-2025-37810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dwc3_check_event_buf() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
253) Improper locking (CVE-ID: CVE-2025-37812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns3_device_thread_irq_handler() function in drivers/usb/cdns3/cdns3-gadget.c. A local user can perform a denial of service (DoS) attack.
254) Improper locking (CVE-ID: CVE-2025-37815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci1xxxx_gpio_irq_handler() function in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c. A local user can perform a denial of service (DoS) attack.
255) Double free (CVE-ID: CVE-2025-37819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gicv2m_of_init() function in drivers/irqchip/irq-gic-v2m.c. A local user can perform a denial of service (DoS) attack.
256) Memory leak (CVE-ID: CVE-2025-37820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xennet_run_xdp() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
257) Input validation error (CVE-ID: CVE-2025-37823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
258) NULL pointer dereference (CVE-ID: CVE-2025-37824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_mon_reinit_self() function in net/tipc/monitor.c. A local user can perform a denial of service (DoS) attack.
259) NULL pointer dereference (CVE-ID: CVE-2025-37829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_cpufreq_get_rate() function in drivers/cpufreq/scpi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
260) NULL pointer dereference (CVE-ID: CVE-2025-37830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scmi_cpufreq_get_rate() function in drivers/cpufreq/scmi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
261) NULL pointer dereference (CVE-ID: CVE-2025-37831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_soc_cpufreq_get_rate() function in drivers/cpufreq/apple-soc-cpufreq.c. A local user can perform a denial of service (DoS) attack.
262) Resource management error (CVE-ID: CVE-2025-37833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the niu_try_msix() function in drivers/net/ethernet/sun/niu.c. A local user can perform a denial of service (DoS) attack.
263) Memory leak (CVE-ID: CVE-2025-37836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_register_host_bridge() function in drivers/pci/probe.c. A local user can perform a denial of service (DoS) attack.
264) Input validation error (CVE-ID: CVE-2025-37839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jbd2_journal_update_sb_log_tail() function in fs/jbd2/journal.c. A local user can perform a denial of service (DoS) attack.
265) Use of uninitialized resource (CVE-ID: CVE-2025-37840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the brcmnand_resume() function in drivers/mtd/nand/raw/brcmnand/brcmnand.c. A local user can perform a denial of service (DoS) attack.
266) NULL pointer dereference (CVE-ID: CVE-2025-37841)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prepare_default_config() function in tools/power/cpupower/bench/parse.c. A local user can perform a denial of service (DoS) attack.
267) Resource management error (CVE-ID: CVE-2025-37842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fsl_qspi_cleanup(), fsl_qspi_probe(), fsl_qspi_remove() and module_platform_driver() functions in drivers/spi/spi-fsl-qspi.c. A local user can perform a denial of service (DoS) attack.
268) Memory leak (CVE-ID: CVE-2025-37849)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_arch_vcpu_create() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.
269) Division by zero (CVE-ID: CVE-2025-37850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pwm_mediatek_config() function in drivers/pwm/pwm-mediatek.c. A local user can perform a denial of service (DoS) attack.
270) Use of uninitialized resource (CVE-ID: CVE-2025-37851)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the dispc_ovl_setup() function in drivers/video/fbdev/omap2/omapfb/dss/dispc.c. A local user can perform a denial of service (DoS) attack.
271) NULL pointer dereference (CVE-ID: CVE-2025-37852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_powerplay_create() function in drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c. A local user can perform a denial of service (DoS) attack.
272) NULL pointer dereference (CVE-ID: CVE-2025-37853)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kfd_debugfs_hang_hws() function in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
273) Improper locking (CVE-ID: CVE-2025-37854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kfd_process_remove_sysfs() and kfd_process_wq_release() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.
274) Integer overflow (CVE-ID: CVE-2025-37858)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the dbExtendFS() function in fs/jfs/jfs_dmap.c. A local user can execute arbitrary code.
275) NULL pointer dereference (CVE-ID: CVE-2025-37860)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ef100_process_design_param() and ef100_check_design_params() functions in drivers/net/ethernet/sfc/ef100_nic.c, within the ef100_probe_netdev() function in drivers/net/ethernet/sfc/ef100_netdev.c. A local user can perform a denial of service (DoS) attack.
276) Buffer overflow (CVE-ID: CVE-2025-37867)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ib_init_umem_odp() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.
277) Input validation error (CVE-ID: CVE-2025-37870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dcn401_enable_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c, within the dcn20_enable_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
278) Improper locking (CVE-ID: CVE-2025-37871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfsd_break_one_deleg() function in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
279) Buffer overflow (CVE-ID: CVE-2025-37873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dev_kfree_skb_any() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
280) Resource management error (CVE-ID: CVE-2025-37875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the igc_ptm_log_error(), igc_phc_get_syncdevicetime(), igc_ptp_stop() and igc_ptp_reset() functions in drivers/net/ethernet/intel/igc/igc_ptp.c. A local user can perform a denial of service (DoS) attack.
281) Incorrect calculation (CVE-ID: CVE-2025-37879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the p9_client_read_once(), p9_client_write(), EXPORT_SYMBOL_GPL() and p9_client_readdir() functions in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
282) Improper error handling (CVE-ID: CVE-2025-37881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ast_vhub_init_dev() function in drivers/usb/gadget/udc/aspeed-vhub/dev.c. A local user can perform a denial of service (DoS) attack.
283) Buffer overflow (CVE-ID: CVE-2025-37886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_q_map() function in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pdsc_adminq_isr(), __pdsc_adminq_post() and pdsc_adminq_post() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.
284) Buffer overflow (CVE-ID: CVE-2025-37887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_dl_info_get() function in drivers/net/ethernet/amd/pds_core/devlink.c. A local user can perform a denial of service (DoS) attack.
285) NULL pointer dereference (CVE-ID: CVE-2025-37889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_msi_set_enable(), msi_setup_msi_desc(), msix_map_region() and msix_capability_init() functions in drivers/pci/msi/msi.c. A local user can perform a denial of service (DoS) attack.
286) Use-after-free (CVE-ID: CVE-2025-37890)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
287) Buffer overflow (CVE-ID: CVE-2025-37891)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the include/sound/ump_convert.h. A local user can escalate privileges on the system.
288) Out-of-bounds read (CVE-ID: CVE-2025-37892)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the INFTL_findwriteunit() function in drivers/mtd/inftlcore.c. A local user can perform a denial of service (DoS) attack.
289) Improper locking (CVE-ID: CVE-2025-37897)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the plfxlc_mac_init_hw() function in drivers/net/wireless/purelifi/plfxlc/mac.c. A local user can perform a denial of service (DoS) attack.
290) NULL pointer dereference (CVE-ID: CVE-2025-37900)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
291) Input validation error (CVE-ID: CVE-2025-37901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qcom_mpm_alloc() function in drivers/irqchip/irq-qcom-mpm.c. A local user can perform a denial of service (DoS) attack.
292) Use-after-free (CVE-ID: CVE-2025-37903)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_update_display(), hdcp_remove_display(), hdcp_reset_display() and update_config() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
293) Memory leak (CVE-ID: CVE-2025-37905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_child_dev_find() function in drivers/firmware/arm_scmi/bus.c. A local user can perform a denial of service (DoS) attack.
294) Out-of-bounds read (CVE-ID: CVE-2025-37911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.
295) NULL pointer dereference (CVE-ID: CVE-2025-37912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vc_add_fdir_fltr() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.
296) Use-after-free (CVE-ID: CVE-2025-37913)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and qfq_enqueue() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
297) Use-after-free (CVE-ID: CVE-2025-37914)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and ets_qdisc_enqueue() functions in net/sched/sch_ets.c. A local user can escalate privileges on the system.
298) Use-after-free (CVE-ID: CVE-2025-37915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.
299) NULL pointer dereference (CVE-ID: CVE-2025-37918)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btusb_coredump_qca(), handle_dump_pkt_qca() and acl_pkt_is_dump_qca() functions in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.
300) Improper locking (CVE-ID: CVE-2025-37925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the duplicateIXtree() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
301) Improper error handling (CVE-ID: CVE-2025-37928)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
302) Improper error handling (CVE-ID: CVE-2025-37929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
303) Resource management error (CVE-ID: CVE-2025-37930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.
304) Infinite loop (CVE-ID: CVE-2025-37931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the submit_eb_subpage() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
305) Resource management error (CVE-ID: CVE-2025-37932)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the htb_qlen_notify() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
306) Division by zero (CVE-ID: CVE-2025-37937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the dib8000_set_dds() function in drivers/media/dvb-frontends/dib8000.c. A local user can perform a denial of service (DoS) attack.
307) Input validation error (CVE-ID: CVE-2025-37943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_dp_rx_deliver_msdu(), ath12k_dp_rx_process_msdu(), skb_pull(), ath12k_dp_rx_h_null_q_desc(), ath12k_dp_rx_h_reo_err(), ath12k_dp_rx_h_tkip_mic_err() and ath12k_dp_rx_h_rxdma_err() functions in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
308) Buffer overflow (CVE-ID: CVE-2025-37944)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ath12k_dp_mon_srng_process() function in drivers/net/wireless/ath/ath12k/dp_mon.c. A local user can perform a denial of service (DoS) attack.
309) Input validation error (CVE-ID: CVE-2025-37948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
310) Improper locking (CVE-ID: CVE-2025-37949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_suspend_exit(), xs_send(), xs_wait_for_reply(), xenbus_dev_request_and_reply() and xs_talkv() functions in drivers/xen/xenbus/xenbus_xs.c, within the xenbus_dev_queue_reply() function in drivers/xen/xenbus/xenbus_dev_frontend.c, within the process_msg() and process_writes() functions in drivers/xen/xenbus/xenbus_comms.c. A local user can perform a denial of service (DoS) attack.
311) Memory leak (CVE-ID: CVE-2025-37951)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v3d_gpu_reset_for_timeout(), v3d_cl_job_timedout() and v3d_csd_job_timedout() functions in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.
312) NULL pointer dereference (CVE-ID: CVE-2025-37953)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the htb_add_to_wait_tree(), htb_activate(), htb_qlen_notify(), htb_delete() and htb_change_class() functions in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
313) Memory leak (CVE-ID: CVE-2025-37954)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the find_or_create_cached_dir() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
314) Use-after-free (CVE-ID: CVE-2025-37957)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shutdown_interception() function in arch/x86/kvm/svm/svm.c, within the kvm_smm_changed() function in arch/x86/kvm/smm.c. A local user can escalate privileges on the system.
315) Improper locking (CVE-ID: CVE-2025-37958)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_huge_pmd_locked() and split_huge_pmd_locked() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
316) Input validation error (CVE-ID: CVE-2025-37959)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the skb_do_redirect() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
317) Resource management error (CVE-ID: CVE-2025-37960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the memblock_double_array() function in mm/memblock.c. A local user can perform a denial of service (DoS) attack.
318) Input validation error (CVE-ID: CVE-2025-37963)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_bhb_mitigation() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
319) Infinite loop (CVE-ID: CVE-2025-37969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the st_lsm6dsx_read_tagged_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
320) Improper locking (CVE-ID: CVE-2025-37970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the st_lsm6dsx_read_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
321) NULL pointer dereference (CVE-ID: CVE-2025-37972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_pmic_keys_lp_reset_setup() function in drivers/input/keyboard/mtk-pmic-keys.c. A local user can perform a denial of service (DoS) attack.
322) Input validation error (CVE-ID: CVE-2025-37974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __clp_add() function in arch/s390/pci/pci_clp.c. A local user can perform a denial of service (DoS) attack.
323) Buffer overflow (CVE-ID: CVE-2025-37978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bio_integrity_alloc(), bio_integrity_uncopy_user(), bio_integrity_unmap_user(), bio_integrity_copy_user() and bio_integrity_map_user() functions in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
324) Out-of-bounds read (CVE-ID: CVE-2025-37979)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sound/soc/qcom/lpass.h. A local user can perform a denial of service (DoS) attack.
325) Memory leak (CVE-ID: CVE-2025-37980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the blk_debugfs_remove() function in block/blk-sysfs.c. A local user can perform a denial of service (DoS) attack.
326) Memory leak (CVE-ID: CVE-2025-37982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wl1251_tx_work() function in drivers/net/wireless/ti/wl1251/tx.c. A local user can perform a denial of service (DoS) attack.
327) Memory leak (CVE-ID: CVE-2025-37983)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qibfs_mknod() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
328) Race condition (CVE-ID: CVE-2025-37985)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can escalate privileges on the system.
329) Input validation error (CVE-ID: CVE-2025-37986)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the typec_unregister_partner() function in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.
330) Use-after-free (CVE-ID: CVE-2025-37989)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_led_triggers_register() and phy_led_triggers_unregister() functions in drivers/net/phy/phy_led_triggers.c. A local user can escalate privileges on the system.
331) Improper error handling (CVE-ID: CVE-2025-37990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.
332) Improper locking (CVE-ID: CVE-2025-38104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_virt_rlcg_reg_rw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c, within the amdgpu_device_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
333) NULL pointer dereference (CVE-ID: CVE-2025-38152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rproc_shutdown() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
334) NULL pointer dereference (CVE-ID: CVE-2025-38240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_dp_parse_capabilities() and mtk_dp_wait_hpd_asserted() functions in drivers/gpu/drm/mediatek/mtk_dp.c. A local user can perform a denial of service (DoS) attack.
335) Improper locking (CVE-ID: CVE-2025-38637)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the skbprio_enqueue() and skbprio_dequeue() functions in net/sched/sch_skbprio.c. A local user can perform a denial of service (DoS) attack.
336) Resource management error (CVE-ID: CVE-2025-39728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the samsung_clk_init() function in drivers/clk/samsung/clk.c. A local user can perform a denial of service (DoS) attack.
337) Out-of-bounds read (CVE-ID: CVE-2025-39735)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
338) Out-of-bounds read (CVE-ID: CVE-2025-40014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amd_set_spi_freq() function in drivers/spi/spi-amd.c. A local user can perform a denial of service (DoS) attack.
339) Resource management error (CVE-ID: CVE-2025-40325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the raid10_handle_discard() function in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.