SB2025062335 - Dell APEX Cloud Platform for Microsoft Azure update for third-party components
Published: June 23, 2025 Updated: January 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 293 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2025-21727)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the padata_free_shell() function in kernel/padata.c. A local user can escalate privileges on the system.
2) Buffer overflow (CVE-ID: CVE-2025-21735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nci_hci_create_pipe() function in net/nfc/nci/hci.c. A local user can escalate privileges on the system.
3) Out-of-bounds read (CVE-ID: CVE-2025-21734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fastrpc_get_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2025-21733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the trace_sched_migrate_callback() and register_migration_monitor() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2025-21732)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_ib_invalidate_range() function in drivers/infiniband/hw/mlx5/odp.c, within the mlx5_revoke_mr() function in drivers/infiniband/hw/mlx5/mr.c. A local user can escalate privileges on the system.
6) Use-after-free (CVE-ID: CVE-2025-21731)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_disconnect_and_put() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
7) Resource management error (CVE-ID: CVE-2025-21728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_send_signal_common() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2025-21726)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the padata_reorder() and invoke_padata_reorder() functions in kernel/padata.c. A local user can escalate privileges on the system.
9) Buffer overflow (CVE-ID: CVE-2025-21738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ata_pio_sector() function in drivers/ata/libata-sff.c. A local user can perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2025-21725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2025-21724)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iova_bitmap_offset_to_index() function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2025-21723)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mpi3mr_bsg_init() function in drivers/scsi/mpi3mr/mpi3mr_app.c. A local user can perform a denial of service (DoS) attack.
13) Race condition (CVE-ID: CVE-2025-21719)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2025-21718)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_heartbeat_expiry(), rose_timer_expiry() and rose_idletimer_expiry() functions in net/rose/rose_timer.c. A local user can escalate privileges on the system.
15) Use of uninitialized resource (CVE-ID: CVE-2025-21716)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the vxlan_vnifilter_dump() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.
16) Integer overflow (CVE-ID: CVE-2025-21736)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nilfs_fiemap() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.
17) Memory leak (CVE-ID: CVE-2025-21739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ufshcd_pltfrm_init() and ufshcd_pltfrm_remove() functions in drivers/ufs/host/ufshcd-pltfrm.c, within the ufshcd_pci_remove() and ufshcd_pci_probe() functions in drivers/ufs/host/ufshcd-pci.c, within the EXPORT_SYMBOL_GPL(), ufshcd_set_dma_mask() and ufshcd_alloc_host() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2025-21714)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the destroy_unused_implicit_child_mr() and implicit_get_child_mr() functions in drivers/infiniband/hw/mlx5/odp.c. A local user can escalate privileges on the system.
19) Use-after-free (CVE-ID: CVE-2025-21756)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and __vsock_release() functions in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
20) Use-after-free (CVE-ID: CVE-2025-21764)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.
21) Use-after-free (CVE-ID: CVE-2025-21763)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __neigh_notify() function in net/core/neighbour.c. A local user can escalate privileges on the system.
22) Use-after-free (CVE-ID: CVE-2025-21762)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arp_xmit_finish() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
23) Use-after-free (CVE-ID: CVE-2025-21761)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovs_vport_cmd_fill_info() function in net/openvswitch/datapath.c. A local user can escalate privileges on the system.
24) Use-after-free (CVE-ID: CVE-2025-21760)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_nd_hdr() and ndisc_send_skb() functions in net/ipv6/ndisc.c. A local user can escalate privileges on the system.
25) Use-after-free (CVE-ID: CVE-2025-21759)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mld_send_cr() and igmp6_send() functions in net/ipv6/mcast.c. A local user can escalate privileges on the system.
26) Reachable assertion (CVE-ID: CVE-2025-21754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the btrfs_split_ordered_extent() function in fs/btrfs/ordered-data.c. A local user can perform a denial of service (DoS) attack.
27) Out-of-bounds read (CVE-ID: CVE-2025-21741)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
28) Use-after-free (CVE-ID: CVE-2025-21753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/btrfs/transaction.c. A local user can escalate privileges on the system.
29) Input validation error (CVE-ID: CVE-2025-21750)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the brcmf_of_probe() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c. A local user can perform a denial of service (DoS) attack.
30) Improper locking (CVE-ID: CVE-2025-21749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rose_bind() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.
31) Memory leak (CVE-ID: CVE-2025-21745)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the blkcg_fill_root_iostats() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
32) NULL pointer dereference (CVE-ID: CVE-2025-21744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_txfinalize() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can perform a denial of service (DoS) attack.
33) Out-of-bounds read (CVE-ID: CVE-2025-21743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
34) Out-of-bounds read (CVE-ID: CVE-2025-21742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
35) Use-after-free (CVE-ID: CVE-2025-21715)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dm9000_drv_remove() function in drivers/net/ethernet/davicom/dm9000.c. A local user can escalate privileges on the system.
36) Integer overflow (CVE-ID: CVE-2025-21711)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the rose_setsockopt() function in net/rose/af_rose.c. A local user can execute arbitrary code.
37) Input validation error (CVE-ID: CVE-2025-21766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the out: kfree_skb_reason() and __ip_rt_update_pmtu() functions in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
38) NULL pointer dereference (CVE-ID: CVE-2025-21639)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() and proc_sctp_do_rto_min() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
39) Out-of-bounds read (CVE-ID: CVE-2025-21668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the imx8mp_blk_ctrl_remove() function in drivers/pmdomain/imx/imx8mp-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.
40) Infinite loop (CVE-ID: CVE-2025-21667)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the iomap_write_delalloc_scan() function in fs/iomap/buffered-io.c. A local user can perform a denial of service (DoS) attack.
41) Infinite loop (CVE-ID: CVE-2025-21665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the folio_seek_hole_data() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
42) Input validation error (CVE-ID: CVE-2025-21659)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the netdev_nl_napi_fill_one() and netdev_nl_napi_get_doit() functions in net/core/netdev-genl.c, within the dev_fill_forward_path() and napi_complete_done() functions in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
43) Out-of-bounds read (CVE-ID: CVE-2025-21647)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cake_ddst(), cake_enqueue() and cake_dequeue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
44) NULL pointer dereference (CVE-ID: CVE-2025-21640)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
45) NULL pointer dereference (CVE-ID: CVE-2025-21638)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_alpha_beta() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
46) Double free (CVE-ID: CVE-2025-21673)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the clean_demultiplex_info() and cifs_put_tcp_session() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2025-21637)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
48) NULL pointer dereference (CVE-ID: CVE-2025-21636)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_udp_port() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
49) NULL pointer dereference (CVE-ID: CVE-2025-21635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ATOMIC_INIT(), sizeof(), rds_tcp_sysctl_reset() and rds_tcp_skbuf_handler() functions in net/rds/tcp.c. A local user can perform a denial of service (DoS) attack.
50) Use-after-free (CVE-ID: CVE-2025-21631)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_waker_bfqq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
51) NULL pointer dereference (CVE-ID: CVE-2025-1632)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in bsdunzip.c. A remote attacker can pass specially crafted archive to the application and perform a denial of service (DoS) attack.
52) Stack-based buffer overflow (CVE-ID: CVE-2024-8176)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling XML content. A remote attacker can pass specially crafted XML content to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
53) Use-after-free (CVE-ID: CVE-2025-21671)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zram_meta_alloc() function in drivers/block/zram/zram_drv.c. A local user can escalate privileges on the system.
54) Out-of-bounds read (CVE-ID: CVE-2025-21680)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_imix_entries() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
55) Resource management error (CVE-ID: CVE-2025-21708)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the MSR_SPEED() and rtl8150_probe() functions in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
56) Resource management error (CVE-ID: CVE-2025-21699)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.
57) Resource management error (CVE-ID: CVE-2025-21706)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_set_flags() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
58) Improper locking (CVE-ID: CVE-2025-21705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_sendmsg_fastopen() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
59) Buffer overflow (CVE-ID: CVE-2025-21704)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the acm_process_notification() and acm_ctrl_irq() functions in drivers/usb/class/cdc-acm.c. A local user can escalate privileges on the system.
60) Use-after-free (CVE-ID: CVE-2025-21703)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/sched/sch_netem.c. A local user can escalate privileges on the system.
61) Improper locking (CVE-ID: CVE-2025-21701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ethnl_ops_begin() function in net/ethtool/netlink.c. A local user can perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2025-21700)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
63) NULL pointer dereference (CVE-ID: CVE-2025-21697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.
64) Improper locking (CVE-ID: CVE-2025-21681)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_output() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.
65) Use-after-free (CVE-ID: CVE-2025-21693)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zswap_pool_create(), zswap_cpu_comp_prepare(), zswap_cpu_comp_dead(), zswap_compress() and zswap_decompress() functions in mm/zswap.c. A local user can escalate privileges on the system.
66) Out-of-bounds read (CVE-ID: CVE-2025-21692)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
67) Resource management error (CVE-ID: CVE-2025-21690)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dev_warn() and storvsc_on_io_completion() functions in drivers/scsi/storvsc_drv.c. A local user can perform a denial of service (DoS) attack.
68) Out-of-bounds read (CVE-ID: CVE-2025-21689)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qt2_process_read_urb() function in drivers/usb/serial/quatech2.c. A local user can perform a denial of service (DoS) attack.
69) NULL pointer dereference (CVE-ID: CVE-2025-21688)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.
70) Incorrect calculation (CVE-ID: CVE-2025-21687)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the vfio_platform_read_mmio() and vfio_platform_write_mmio() functions in drivers/vfio/platform/vfio_platform_common.c. A local user can perform a denial of service (DoS) attack.
71) Improper locking (CVE-ID: CVE-2025-21684)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DECLARE_BITMAP(), xgpio_set(), xgpio_set_multiple(), xgpio_dir_in(), xgpio_dir_out(), xgpio_irq_mask(), xgpio_irq_unmask(), xgpio_irqhandler() and xgpio_probe() functions in drivers/gpio/gpio-xilinx.c. A local user can perform a denial of service (DoS) attack.
72) Input validation error (CVE-ID: CVE-2025-21765)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip6_default_advmss() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
73) Improper locking (CVE-ID: CVE-2025-21767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clocksource_verify_percpu() function in kernel/time/clocksource.c. A local user can perform a denial of service (DoS) attack.
74) Buffer overflow (CVE-ID: CVE-2024-58085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tomoyo_write_control() function in security/tomoyo/common.c. A local user can perform a denial of service (DoS) attack.
75) Memory leak (CVE-ID: CVE-2025-21864)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_add_backlog() function in net/ipv4/tcp_ipv4.c, within the tcp_ofo_queue(), tcp_queue_rcv(), tcp_data_queue() and tcp_rcv_established() functions in net/ipv4/tcp_input.c, within the tcp_fastopen_add_skb() function in net/ipv4/tcp_fastopen.c. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-21876)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_iommu_init() function in drivers/iommu/intel/iommu.c, within the enable_drhd_fault_handling() function in drivers/iommu/intel/dmar.c. A local user can perform a denial of service (DoS) attack.
77) Improper locking (CVE-ID: CVE-2025-21871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the optee_supp_thrd_req() function in drivers/tee/optee/supp.c. A local user can perform a denial of service (DoS) attack.
78) NULL pointer dereference (CVE-ID: CVE-2025-21870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc4_widget_setup_comp_dai() and sof_ipc4_prepare_copier_module() functions in sound/soc/sof/ipc4-topology.c. A local user can perform a denial of service (DoS) attack.
79) Resource management error (CVE-ID: CVE-2025-21869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __do_patch_instructions_mm() function in arch/powerpc/lib/code-patching.c. A local user can perform a denial of service (DoS) attack.
80) Out-of-bounds read (CVE-ID: CVE-2025-21866)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the text_area_cpu_up() function in arch/powerpc/lib/code-patching.c. A local user can perform a denial of service (DoS) attack.
81) Improper error handling (CVE-ID: CVE-2025-21865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the gtp_net_exit_batch_rtnl() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
82) Improper locking (CVE-ID: CVE-2025-21862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_net_drop_monitor() and exit_net_drop_monitor() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2025-21878)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the npcm_i2c_probe_bus() function in drivers/i2c/busses/i2c-npcm7xx.c. A local user can perform a denial of service (DoS) attack.
84) Resource management error (CVE-ID: CVE-2025-21861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the migrate_device_finalize() function in mm/migrate_device.c. A local user can perform a denial of service (DoS) attack.
85) Improper locking (CVE-ID: CVE-2025-21859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f_midi_complete() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.
86) Use-after-free (CVE-ID: CVE-2025-21858)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the geneve_destroy_tunnels() function in drivers/net/geneve.c. A local user can escalate privileges on the system.
87) NULL pointer dereference (CVE-ID: CVE-2025-21857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcf_exts_miss_cookie_base_alloc() function in net/sched/cls_api.c. A local user can perform a denial of service (DoS) attack.
88) Use-after-free (CVE-ID: CVE-2025-21856)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ism_dev_release(), ism_probe(), device_del() and ism_remove() functions in drivers/s390/net/ism_drv.c. A local user can escalate privileges on the system.
89) Use-after-free (CVE-ID: CVE-2025-21855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmvnic_xmit() and netif_stop_subqueue() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can escalate privileges on the system.
90) Resource management error (CVE-ID: CVE-2025-21877)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the genelink_bind() function in drivers/net/usb/gl620a.c. A local user can perform a denial of service (DoS) attack.
91) Use-after-free (CVE-ID: CVE-2025-21883)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ice_initialize_vf_entry() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c, within the ice_free_vf_entries() and ice_free_vfs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can escalate privileges on the system.
92) NULL pointer dereference (CVE-ID: CVE-2025-21848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_bpf_cmsg_alloc() function in drivers/net/ethernet/netronome/nfp/bpf/cmsg.c. A local user can perform a denial of service (DoS) attack.
93) Inefficient regular expression complexity (CVE-ID: CVE-2025-27220)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions in CGI::Util#escapeElement. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
94) Integer overflow (CVE-ID: CVE-2025-3360)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow with the g_date_time_new_from_iso8601() function when parsing a long invalid ISO 8601 timestamp. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
95) Missing Authentication for Critical Function (CVE-ID: CVE-2025-32433)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing authentication in Erlang/OTP SSH server. A remote non-authenticated attacker can send specially crafted messages to the server and execute arbitrary code on the system.
96) Heap-based buffer overflow (CVE-ID: CVE-2025-31115)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the lzma_stream_decoder_mt() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
97) Input validation error (CVE-ID: CVE-2025-27516)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to sandbox breakout through attr filter selecting format method. A local user can execute arbitrary code on the system.
98) Out-of-bounds write (CVE-ID: CVE-2025-27363)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can pass a specially crafted font to the application that is using an affected version of the library, trigger an out-of-bounds write and execute arbitrary code on the target system.
99) Input validation error (CVE-ID: CVE-2025-27219)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CGI::Cookie.parse. A remote attacker can send a specially crafted HTTP request to the application and perform a denial of service (DoS) attack.
100) Improper locking (CVE-ID: CVE-2025-21885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c. A local user can perform a denial of service (DoS) attack.
101) Uncontrolled memory allocation (CVE-ID: CVE-2025-26618)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of SFTP packets. A remote attacker can send multiple SFTP packets to the application and consume large amount of memory, resulting in a denial of service.
102) Buffer overflow (CVE-ID: CVE-2025-25724)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing .tar files within the list_item_verbose() function in tar/util.c. A remote attacker can create a specially crafted archive, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
103) Improper locking (CVE-ID: CVE-2025-21892)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5r_umr_cleanup(), mlx5r_umr_recover() and mlx5r_umr_post_send_wait() functions in drivers/infiniband/hw/mlx5/umr.c. A local user can perform a denial of service (DoS) attack.
104) Use of uninitialized resource (CVE-ID: CVE-2025-21891)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ipvlan_addr_lookup() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
105) Resource management error (CVE-ID: CVE-2025-21890)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idpf_rx_rsc() function in drivers/net/ethernet/intel/idpf/idpf_txrx.c. A local user can perform a denial of service (DoS) attack.
106) Use-after-free (CVE-ID: CVE-2025-21888)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_free_priv_descs() function in drivers/infiniband/hw/mlx5/mr.c. A local user can escalate privileges on the system.
107) Improper locking (CVE-ID: CVE-2025-21886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the destroy_unused_implicit_child_mr() function in drivers/infiniband/hw/mlx5/odp.c. A local user can perform a denial of service (DoS) attack.
108) NULL pointer dereference (CVE-ID: CVE-2025-21850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_ns_enable(), nvmet_ns_disable(), nvmet_ns_free() and nvmet_ns_alloc() functions in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
109) NULL pointer dereference (CVE-ID: CVE-2025-21847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc_msg_data() function in sound/soc/sof/stream-ipc.c. A local user can perform a denial of service (DoS) attack.
110) Out-of-bounds read (CVE-ID: CVE-2025-21772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mac_partition() function in block/partitions/mac.c. A local user can perform a denial of service (DoS) attack.
111) Input validation error (CVE-ID: CVE-2025-21784)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the psp_init_cap_microcode() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.
112) Input validation error (CVE-ID: CVE-2025-21795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_run_cb_work() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.
113) Out-of-bounds read (CVE-ID: CVE-2025-21794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.
114) Division by zero (CVE-ID: CVE-2025-21793)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the f_ospi_get_dummy_cycle() function in drivers/spi/spi-sn-f-ospi.c. A local user can perform a denial of service (DoS) attack.
115) Use-after-free (CVE-ID: CVE-2025-21791)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/net/l3mdev.h. A local user can escalate privileges on the system.
116) NULL pointer dereference (CVE-ID: CVE-2025-21790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vxlan_init() function in drivers/net/vxlan/vxlan_core.c. A local user can perform a denial of service (DoS) attack.
117) Out-of-bounds read (CVE-ID: CVE-2025-21785)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the populate_cache_leaves() function in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.
118) Out-of-bounds read (CVE-ID: CVE-2025-21782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the orangefs_debug_write() function in fs/orangefs/orangefs-debugfs.c. A local user can perform a denial of service (DoS) attack.
119) Improper error handling (CVE-ID: CVE-2025-21799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the am65_cpsw_nuss_remove_tx_chns() function in drivers/net/ethernet/ti/am65-cpsw-nuss.c. A local user can perform a denial of service (DoS) attack.
120) Resource management error (CVE-ID: CVE-2025-21781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the batadv_v_elp_start_timer() and batadv_v_elp_get_throughput() functions in net/batman-adv/bat_v_elp.c. A local user can perform a denial of service (DoS) attack.
121) Buffer overflow (CVE-ID: CVE-2025-21780)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the smu_sys_set_pp_table() function in drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c. A local user can escalate privileges on the system.
122) NULL pointer dereference (CVE-ID: CVE-2025-21779)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_hv_send_ipi() and kvm_get_hv_cpuid() functions in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.
123) NULL pointer dereference (CVE-ID: CVE-2025-21776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hub_probe() function in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
124) NULL pointer dereference (CVE-ID: CVE-2025-21775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ctucan_err_interrupt() function in drivers/net/can/ctucanfd/ctucanfd_base.c. A local user can perform a denial of service (DoS) attack.
125) NULL pointer dereference (CVE-ID: CVE-2025-21773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the es58x_devlink_info_get() function in drivers/net/can/usb/etas_es58x/es58x_devlink.c. A local user can perform a denial of service (DoS) attack.
126) Use-after-free (CVE-ID: CVE-2025-21796)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the posix_acl_release() function in fs/nfsd/nfs3acl.c, within the posix_acl_release() function in fs/nfsd/nfs2acl.c. A local user can escalate privileges on the system.
127) Input validation error (CVE-ID: CVE-2025-21802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hclgevf_init() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c, within the module_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c, within the EXPORT_SYMBOL() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.
128) NULL pointer dereference (CVE-ID: CVE-2025-21846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_acct_process(), acct_pin_kill(), close_work(), encode_float() and fill_ac() functions in kernel/acct.c. A local user can perform a denial of service (DoS) attack.
129) Resource management error (CVE-ID: CVE-2025-21829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __rxe_cleanup() function in drivers/infiniband/sw/rxe/rxe_pool.c. A local user can perform a denial of service (DoS) attack.
130) NULL pointer dereference (CVE-ID: CVE-2025-21844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
131) Input validation error (CVE-ID: CVE-2025-21838)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_del_gadget() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
132) Memory leak (CVE-ID: CVE-2025-21835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the f_midi_bind() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.
133) Incorrect calculation (CVE-ID: CVE-2025-21832)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the blkdev_read_iter() function in block/fops.c. A local user can perform a denial of service (DoS) attack.
134) Input validation error (CVE-ID: CVE-2025-21831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_PCI_FIXUP_SUSPEND() function in arch/x86/pci/fixup.c. A local user can perform a denial of service (DoS) attack.
135) Resource management error (CVE-ID: CVE-2025-21830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_mode_access() function in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.
136) Input validation error (CVE-ID: CVE-2025-21828)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/mac80211/driver-ops.h. A local user can perform a denial of service (DoS) attack.
137) Buffer overflow (CVE-ID: CVE-2025-21804)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rcar_pcie_parse_outbound_ranges() function in drivers/pci/controller/pcie-rcar-ep.c. A local user can perform a denial of service (DoS) attack.
138) Improper locking (CVE-ID: CVE-2025-21825)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_timer_cancel_and_free() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
139) Improper locking (CVE-ID: CVE-2025-21823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_v_elp_start_timer(), batadv_v_elp_get_throughput(), batadv_v_elp_throughput_metric_update(), batadv_v_elp_wifi_neigh_probe() and batadv_v_elp_periodic_work() functions in net/batman-adv/bat_v_elp.c, within the batadv_v_hardif_neigh_init() function in net/batman-adv/bat_v.c. A local user can perform a denial of service (DoS) attack.
140) Resource management error (CVE-ID: CVE-2025-21821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the omap_init_lcd_dma() function in drivers/video/fbdev/omap/lcd_dma.c. A local user can perform a denial of service (DoS) attack.
141) Improper locking (CVE-ID: CVE-2025-21820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns_uart_handle_rx(), cdns_uart_isr() and cdns_uart_console_write() functions in drivers/tty/serial/xilinx_uartps.c. A local user can perform a denial of service (DoS) attack.
142) Improper locking (CVE-ID: CVE-2025-21819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dmub_hw_lock_mgr_inbox0_cmd() function in drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c. A local user can perform a denial of service (DoS) attack.
143) Out-of-bounds read (CVE-ID: CVE-2025-21815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isolate_freepages_block() function in mm/compaction.c. A local user can perform a denial of service (DoS) attack.
144) NULL pointer dereference (CVE-ID: CVE-2025-21810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the class_dev_iter_init() and class_dev_iter_next() functions in drivers/base/class.c. A local user can perform a denial of service (DoS) attack.
145) Input validation error (CVE-ID: CVE-2024-58086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the v3d_perfmon_destroy_ioctl() function in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.
146) Use-after-free (CVE-ID: CVE-2024-58083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/kvm_host.h. A local user can escalate privileges on the system.
147) Integer overflow (CVE-ID: CVE-2024-38796)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in PeCoffLoaderRelocateImage. A remote user on the local network can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
148) Use-after-free (CVE-ID: CVE-2024-47701)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.
149) NULL pointer dereference (CVE-ID: CVE-2024-49940)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pppol2tp_session_setsockopt() function in net/l2tp/l2tp_ppp.c, within the l2tp_nl_cmd_session_modify() function in net/l2tp/l2tp_netlink.c, within the l2tp_v3_session_get(), l2tp_session_register(), l2tp_recv_common(), EXPORT_SYMBOL_GPL(), l2tp_session_set_header_len() and l2tp_session_create() functions in net/l2tp/l2tp_core.c. A local user can perform a denial of service (DoS) attack.
150) Use-after-free (CVE-ID: CVE-2024-49924)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.
151) Use-after-free (CVE-ID: CVE-2024-49884)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
152) Memory leak (CVE-ID: CVE-2024-49881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
153) Input validation error (CVE-ID: CVE-2024-49571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_msg_prop_valid() function in net/smc/smc_clc.c, within the smc_listen_prfx_check() and smc_find_ism_v1_device_serv() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
154) Infinite loop (CVE-ID: CVE-2024-47794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the bpf_attach_type_to_tramp(), __bpf_trampoline_link_prog(), __bpf_trampoline_unlink_prog(), bpf_shim_tramp_link_release() and bpf_trampoline_link_cgroup_shim() functions in kernel/bpf/trampoline.c, within the bpf_tracing_link_release() and bpf_tracing_prog_attach() functions in kernel/bpf/syscall.c, within the bpf_prog_alloc_no_stats() function in kernel/bpf/core.c, within the prog_fd_array_get_ptr() function in kernel/bpf/arraymap.c. A local user can perform a denial of service (DoS) attack.
155) Input validation error (CVE-ID: CVE-2024-47408)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_find_ism_v2_device_serv() function in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
156) Integer overflow (CVE-ID: CVE-2024-49994)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the blk_ioctl_discard() and blk_ioctl_secure_erase() functions in block/ioctl.c. A local user can execute arbitrary code.
157) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2024-47220)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request containing both a Content-Length header and a Transfer-Encoding header to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
158) Use-after-free (CVE-ID: CVE-2024-46796)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_set_path_size() function in fs/smb/client/smb2inode.c. A local user can escalate privileges on the system.
159) Use-after-free (CVE-ID: CVE-2024-46782)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.
160) Input validation error (CVE-ID: CVE-2024-46736)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smb2_rename_path() function in fs/smb/client/smb2inode.c. A local user can perform a denial of service (DoS) attack.
161) Resource management error (CVE-ID: CVE-2024-45010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow(), mptcp_pm_remove_anno_addr(), mptcp_nl_remove_subflow_and_signal_addr(), mptcp_nl_remove_id_zero_address() and mptcp_pm_nl_fullmesh() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
162) Resource management error (CVE-ID: CVE-2024-45009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
163) Use-after-free (CVE-ID: CVE-2024-49950)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
164) Double free (CVE-ID: CVE-2024-50029)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the hci_enhanced_setup_sync() function in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
165) Resource management error (CVE-ID: CVE-2024-43820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the raid_resume() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
166) Reachable assertion (CVE-ID: CVE-2024-50185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.
167) Division by zero (CVE-ID: CVE-2024-53123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the mptcp_recvmsg() and pr_debug() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
168) Resource management error (CVE-ID: CVE-2024-53063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
169) Use-after-free (CVE-ID: CVE-2024-53057)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
170) Integer overflow (CVE-ID: CVE-2024-52559)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the msm_ioctl_gem_submit() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can execute arbitrary code.
171) Improper locking (CVE-ID: CVE-2024-50294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_connect_client_calls() and rxrpc_disconnect_client_call() functions in net/rxrpc/conn_client.c. A local user can perform a denial of service (DoS) attack.
172) Integer underflow (CVE-ID: CVE-2024-50290)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.
173) Use-after-free (CVE-ID: CVE-2024-50152)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_set_ea() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
174) Incorrect calculation (CVE-ID: CVE-2024-50036)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.
175) Input validation error (CVE-ID: CVE-2024-50142)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the verify_newsa_info() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.
176) Improper locking (CVE-ID: CVE-2024-50140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the task_work_add() function in kernel/task_work.c, within the task_tick_mm_cid() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
177) Use-after-free (CVE-ID: CVE-2024-50126)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_dump() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
178) Out-of-bounds read (CVE-ID: CVE-2024-50115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
179) Use-after-free (CVE-ID: CVE-2024-50085)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
180) Use-after-free (CVE-ID: CVE-2024-50073)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.
181) Input validation error (CVE-ID: CVE-2024-50056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the find_format_by_pix(), uvc_v4l2_try_format() and uvc_v4l2_enum_format() functions in drivers/usb/gadget/function/uvc_v4l2.c. A local user can perform a denial of service (DoS) attack.
182) Use-after-free (CVE-ID: CVE-2024-44974)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
183) NULL pointer dereference (CVE-ID: CVE-2024-42307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_cifs(), destroy_mids() and destroy_workqueue() functions in fs/smb/client/cifsfs.c. A local user can perform a denial of service (DoS) attack.
184) Integer overflow (CVE-ID: CVE-2024-53146)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the decode_cb_compound4res() function in fs/nfsd/nfs4callback.c. A local user can execute arbitrary code.
185) Input validation error (CVE-ID: CVE-2024-25571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
186) Resource management error (CVE-ID: CVE-2023-52925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_pipapo_get(), nft_pipapo_activate() and nft_pipapo_remove() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
187) Memory leak (CVE-ID: CVE-2023-52924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_rbtree_walk() function in net/netfilter/nft_set_rbtree.c, within the nft_rhash_walk() function in net/netfilter/nft_set_hash.c, within the nf_tables_dump_setelem() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
188) Improper error handling (CVE-ID: CVE-2023-52831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the cpu_down_maps_locked() function in kernel/cpu.c. A local user can perform a denial of service (DoS) attack.
189) Input validation error (CVE-ID: CVE-2024-11168)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to insufficient validation of bracketed hosts (e.g. []) within the urllib.parse.urlsplit() and urlparse() functions allowing hosts that weren't IPv6 or IPvFuture. A remote attacker can pass specially crafted IP address to the application to bypass implemented IP-based security checks or perform SSRF attacks.
190) Out-of-bounds read (CVE-ID: CVE-2024-37371)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling GSS message token. A remote attacker can send specially crafted token to the application, trigger an out-of-bounds read error and read contents of memory on the system.
191) Input validation error (CVE-ID: CVE-2024-37370)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
192) Sequence of processor instructions leads to unexpected behavior (CVE-ID: CVE-2024-37020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error related to processing of Sequence of processor instructions. A local user can cause a denial of service condition on the target system.
193) Input validation error (CVE-ID: CVE-2023-52927)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_ct_set_zone_eval() and nft_ct_tmpl_alloc_pcpu() functions in net/netfilter/nft_ct.c, within the EXPORT_SYMBOL_GPL() and nf_ct_find_expectation() functions in net/netfilter/nf_conntrack_expect.c, within the init_conntrack() function in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
194) Buffer overflow (CVE-ID: CVE-2024-31155)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the UEFI firmware. A local administrator can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
195) Buffer overflow (CVE-ID: CVE-2024-21859)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary error in the UEFI firmware. A local administrator can trigger memory corruption and gain unauthorized access to sensitive information on the system.
196) Resource management error (CVE-ID: CVE-2024-28956)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to an error in the hardware support for prediction-domain isolation dubbed "Indirect Target Selection". A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests.
197) Input validation error (CVE-ID: CVE-2024-39279)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient granularity of access control. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
198) Input validation error (CVE-ID: CVE-2024-28047)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can gain unauthorized access to sensitive information on the system.
199) Input validation error (CVE-ID: CVE-2024-31068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper Finite State Machines (FSMs) in Hardware Logic. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
200) Use-after-free (CVE-ID: CVE-2023-52926)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_rw_init_file() function in io_uring/rw.c. A local user can escalate privileges on the system.
201) Insecure Storage of Sensitive Information (CVE-ID: CVE-2024-10041)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores secrets in memory in plain text. A local user can read the memory and obtain passwords in plain text when PAM is used to perform authentication.
202) Use-after-free (CVE-ID: CVE-2024-41149)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the blk_mq_alloc_disk_for_queue() and blk_mq_alloc_and_init_hctx() functions in block/blk-mq.c. A local user can escalate privileges on the system.
203) Buffer overflow (CVE-ID: CVE-2024-36917)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.
204) Incorrect authorization (CVE-ID: CVE-2024-41110)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to AuthZ zero length regression. A remote user can bypass authentication and gain elevated privileges.
205) NULL pointer dereference (CVE-ID: CVE-2024-41077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the null_validate_conf() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
206) NULL pointer dereference (CVE-ID: CVE-2024-41055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
207) Improper locking (CVE-ID: CVE-2024-41005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
208) Improper locking (CVE-ID: CVE-2024-40980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
209) Out-of-bounds read (CVE-ID: CVE-2024-38606)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_tl_data() and adf_tl_run() functions in drivers/crypto/intel/qat/qat_common/adf_telemetry.c, within the adf_gen4_init_tl_data() function in drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c. A local user can perform a denial of service (DoS) attack.
210) Race condition (CVE-ID: CVE-2024-36905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
211) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2024-2365)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to software uses a weak SHA-1 Message_Digest algorithm within the IsValidPin() function in io\fabric\sdk\android\services\network\PinningTrustManager.java. An attacker with physical access to the system can bypass SSL pinning protection and intercept traffic sent by the application.
212) Improper locking (CVE-ID: CVE-2024-35910)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.
213) Incorrect calculation (CVE-ID: CVE-2024-35826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __bio_release_pages() function in block/bio.c. A local user can perform a denial of service (DoS) attack.
214) Incorrect Resource Transfer Between Spheres (CVE-ID: CVE-2024-29018)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within external DNS requests from "internal" networks. A remote attacker can gain unauthorized access to sensitive information on the system.
215) Improper locking (CVE-ID: CVE-2024-26873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hisi_sas_internal_abort_timeout() function in drivers/scsi/hisi_sas/hisi_sas_main.c. A local user can perform a denial of service (DoS) attack.
216) Improper locking (CVE-ID: CVE-2024-26810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
217) Race condition (CVE-ID: CVE-2024-26708)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the subflow_simultaneous_connect() function in net/mptcp/protocol.h. A local user can perform a denial of service (DoS) attack.
218) Improper error handling (CVE-ID: CVE-2024-26634)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the default_device_exit_net() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
219) Double free (CVE-ID: CVE-2024-53140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the netlink_skb_set_owner_r(), netlink_sock_destruct(), deferred_put_nlk_sk() and netlink_release() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
220) Out-of-bounds read (CVE-ID: CVE-2024-53147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.
221) NULL pointer dereference (CVE-ID: CVE-2024-58080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/dispcc-sm6350.c. A local user can perform a denial of service (DoS) attack.
222) Resource management error (CVE-ID: CVE-2024-58005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tpm_is_tpm2_log() and tpm_read_log_acpi() functions in drivers/char/tpm/eventlog/acpi.c. A local user can perform a denial of service (DoS) attack.
223) Use-after-free (CVE-ID: CVE-2024-58013)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_remove_adv_monitor_complete() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.
224) NULL pointer dereference (CVE-ID: CVE-2024-58012)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sdw_params_stream() function in sound/soc/sof/intel/hda.c, within the sdw_hda_dai_hw_params() function in sound/soc/sof/intel/hda-dai.c. A local user can perform a denial of service (DoS) attack.
225) NULL pointer dereference (CVE-ID: CVE-2024-58011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the skl_int3472_tps68470_probe() function in drivers/platform/x86/intel/int3472/tps68470.c, within the skl_int3472_discrete_probe() function in drivers/platform/x86/intel/int3472/discrete.c. A local user can perform a denial of service (DoS) attack.
226) NULL pointer dereference (CVE-ID: CVE-2024-58009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
227) Out-of-bounds read (CVE-ID: CVE-2024-58007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qcom_socinfo_probe() function in drivers/soc/qcom/socinfo.c. A local user can perform a denial of service (DoS) attack.
228) Input validation error (CVE-ID: CVE-2024-58006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dw_pcie_ep_set_bar() function in drivers/pci/controller/dwc/pcie-designware-ep.c. A local user can perform a denial of service (DoS) attack.
229) Resource management error (CVE-ID: CVE-2024-58002)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the uvc_v4l2_release() function in drivers/media/usb/uvc/uvc_v4l2.c, within the uvc_ctrl_send_slave_event(), uvc_ctrl_status_event(), uvc_ctrl_commit_entity() and uvc_ctrl_init_device() functions in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.
230) Integer overflow (CVE-ID: CVE-2024-58017)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __alignof__() function in kernel/printk/printk.c. A local user can execute arbitrary code.
231) Improper locking (CVE-ID: CVE-2024-57999)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enable_ddw() and spapr_tce_create_table() functions in arch/powerpc/platforms/pseries/iommu.c, within the iommu_table_clear() function in arch/powerpc/kernel/iommu.c. A local user can perform a denial of service (DoS) attack.
232) Use of uninitialized resource (CVE-ID: CVE-2024-57997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the wcn36xx_probe() function in drivers/net/wireless/ath/wcn36xx/main.c. A local user can perform a denial of service (DoS) attack.
233) Out-of-bounds read (CVE-ID: CVE-2024-57996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sfq_change() function in net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
234) Improper locking (CVE-ID: CVE-2024-57994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pfifo_fast_change_tx_queue_len() function in net/sched/sch_generic.c, within the tun_queue_resize() function in drivers/net/tun.c, within the tap_queue_resize() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
235) Resource management error (CVE-ID: CVE-2024-57993)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.
236) Out-of-bounds read (CVE-ID: CVE-2024-57990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mt7925_load_clc() function in drivers/net/wireless/mediatek/mt76/mt7925/mcu.c. A local user can perform a denial of service (DoS) attack.
237) Out-of-bounds read (CVE-ID: CVE-2024-58014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the wlc_phy_iqcal_gainparams_nphy() function in drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c. A local user can perform a denial of service (DoS) attack.
238) NULL pointer dereference (CVE-ID: CVE-2024-58019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the r535_gsp_msgq_wait() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c. A local user can perform a denial of service (DoS) attack.
239) NULL pointer dereference (CVE-ID: CVE-2024-57981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
240) Input validation error (CVE-ID: CVE-2024-58061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_if_parse_active_links() function in net/mac80211/debugfs_netdev.c. A local user can perform a denial of service (DoS) attack.
241) Use-after-free (CVE-ID: CVE-2024-58079)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_gpio_parse() and uvc_unregister_video() functions in drivers/media/usb/uvc/uvc_driver.c. A local user can escalate privileges on the system.
242) Resource management error (CVE-ID: CVE-2024-58078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX() and misc_register() functions in drivers/char/misc.c. A local user can perform a denial of service (DoS) attack.
243) NULL pointer dereference (CVE-ID: CVE-2024-58076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/gcc-sm6350.c. A local user can perform a denial of service (DoS) attack.
244) Use-after-free (CVE-ID: CVE-2024-58072)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl_pci_get_amd_l1_patch(), _rtl_pci_find_adapter(), rtl_pci_probe(), rtl_pci_disconnect() and EXPORT_SYMBOL() functions in drivers/net/wireless/realtek/rtlwifi/pci.c, within the MODULE_AUTHOR() and rtl_core_module_init() functions in drivers/net/wireless/realtek/rtlwifi/base.c. A local user can escalate privileges on the system.
245) Out-of-bounds read (CVE-ID: CVE-2024-58069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcf85063_nvmem_read() function in drivers/rtc/rtc-pcf85063.c. A local user can perform a denial of service (DoS) attack.
246) Memory leak (CVE-ID: CVE-2024-58063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtl_pci_probe() function in drivers/net/wireless/realtek/rtlwifi/pci.c. A local user can perform a denial of service (DoS) attack.
247) Use-after-free (CVE-ID: CVE-2024-58058)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ubifs_dump_tnc() function in fs/ubifs/debug.c. A local user can escalate privileges on the system.
248) NULL pointer dereference (CVE-ID: CVE-2024-58020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt_input_configured() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.
249) Race condition (CVE-ID: CVE-2024-58057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the idpf_probe() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
250) Resource management error (CVE-ID: CVE-2024-58056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rproc_alloc() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
251) Double free (CVE-ID: CVE-2024-58055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the usbg_cmd_work() and bot_cmd_work() functions in drivers/usb/gadget/function/f_tcm.c. A local user can perform a denial of service (DoS) attack.
252) Resource management error (CVE-ID: CVE-2024-58054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the max96712_probe() function in drivers/staging/media/max96712/max96712.c. A local user can perform a denial of service (DoS) attack.
253) NULL pointer dereference (CVE-ID: CVE-2024-58052)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atomctrl_get_smc_sclk_range_table() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
254) NULL pointer dereference (CVE-ID: CVE-2024-58051)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ipmb_probe() function in drivers/char/ipmi/ipmb_dev_int.c. A local user can perform a denial of service (DoS) attack.
255) Use-after-free (CVE-ID: CVE-2024-58034)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tegra_emc_find_node_by_ram_code() function in drivers/memory/tegra/tegra20-emc.c. A local user can escalate privileges on the system.
256) NULL pointer dereference (CVE-ID: CVE-2024-57986)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hid_apply_multiplier() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
257) Use-after-free (CVE-ID: CVE-2024-57980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_status_init() function in drivers/media/usb/uvc/uvc_status.c. A local user can escalate privileges on the system.
258) Off-by-one (CVE-ID: CVE-2024-53163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the uof_get_name() function in drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c. A local user can perform a denial of service (DoS) attack.
259) Buffer overflow (CVE-ID: CVE-2024-56539)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.
260) Input validation error (CVE-ID: CVE-2024-56638)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_inner_parse() and nft_inner_parse_needed() functions in net/netfilter/nft_inner.c. A local user can perform a denial of service (DoS) attack.
261) Use-after-free (CVE-ID: CVE-2024-56633)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_put() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.
262) Use-after-free (CVE-ID: CVE-2024-56605)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
263) Improper error handling (CVE-ID: CVE-2024-56579)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vpu_add_func() function in drivers/media/platform/amphion/vpu_v4l2.c. A local user can perform a denial of service (DoS) attack.
264) NULL pointer dereference (CVE-ID: CVE-2024-56568)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_smmu_probe_device() function in drivers/iommu/arm/arm-smmu/arm-smmu.c. A local user can perform a denial of service (DoS) attack.
265) Use-after-free (CVE-ID: CVE-2024-56548)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.
266) Improper locking (CVE-ID: CVE-2024-54683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the idletimer_tg_destroy() and idletimer_tg_destroy_v1() functions in net/netfilter/xt_IDLETIMER.c. A local user can perform a denial of service (DoS) attack.
267) Input validation error (CVE-ID: CVE-2024-56647)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the icmp_route_lookup() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
268) NULL pointer dereference (CVE-ID: CVE-2024-53680)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_vs_protocol_net_cleanup() and ip_vs_protocol_init() functions in net/netfilter/ipvs/ip_vs_proto.c. A local user can perform a denial of service (DoS) attack.
269) Use-after-free (CVE-ID: CVE-2024-53239)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.
270) NULL pointer dereference (CVE-ID: CVE-2024-53226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hns_roce_set_page() and hns_roce_map_mr_sg() functions in drivers/infiniband/hw/hns/hns_roce_mr.c. A local user can perform a denial of service (DoS) attack.
271) Memory leak (CVE-ID: CVE-2024-53178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the find_or_create_cached_dir() and smb2_set_related() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
272) Use-after-free (CVE-ID: CVE-2024-53177)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SMB2_query_info_free(), invalidate_all_cached_dirs(), smb2_cached_lease_break(), cached_dir_lease_break() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.
273) Improper locking (CVE-ID: CVE-2024-53176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cifs_dentry_needs_reval() function in fs/smb/client/inode.c, within the init_cifs() and cifs_destroy_netfs() functions in fs/smb/client/cifsfs.c, within the free_cached_dir(), close_all_cached_dirs(), invalidate_all_cached_dirs(), cached_dir_lease_break(), init_cached_dir(), cfids_laundromat_worker(), init_cached_dirs() and free_cached_dirs() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
274) Use-after-free (CVE-ID: CVE-2024-53173)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
275) Use-after-free (CVE-ID: CVE-2024-56640)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_listen_out() and smc_listen_work() functions in net/smc/af_smc.c. A local user can escalate privileges on the system.
276) NULL pointer dereference (CVE-ID: CVE-2024-56702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SEC() function in tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c, within the reg_btf_record(), check_ptr_to_btf_access(), check_mem_access(), check_func_arg(), btf_check_func_arg_match(), check_kfunc_args(), sanitize_check_bounds(), adjust_ptr_min_max_vals() and convert_ctx_accesses() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
277) Use-after-free (CVE-ID: CVE-2024-57979)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ptp_ocp_complete() function in drivers/ptp/ptp_ocp.c, within the DEFINE_MUTEX(), pps_cdev_pps_fetch(), pps_cdev_ioctl(), pps_cdev_compat_ioctl(), pps_device_destruct(), pps_register_cdev(), pps_unregister_cdev(), EXPORT_SYMBOL() and pps_init() functions in drivers/pps/pps.c, within the pps_kc_bind() and pps_kc_remove() functions in drivers/pps/kc.c, within the pps_add_offset(), pps_register_source() and pps_event() functions in drivers/pps/kapi.c, within the parport_irq() function in drivers/pps/clients/pps_parport.c, within the pps_tty_dcd_change(), pps_tty_open() and pps_tty_close() functions in drivers/pps/clients/pps-ldisc.c, within the pps_ktimer_exit() and pps_ktimer_init() functions in drivers/pps/clients/pps-ktimer.c, within the pps_gpio_probe() function in drivers/pps/clients/pps-gpio.c. A local user can escalate privileges on the system.
278) Improper locking (CVE-ID: CVE-2024-57889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ARRAY_SIZE(), mcp_pinconf_get() and mcp_pinconf_set() functions in drivers/pinctrl/pinctrl-mcp23s08.c. A local user can perform a denial of service (DoS) attack.
279) NULL pointer dereference (CVE-ID: CVE-2024-57978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mxc_jpeg_detach_pm_domains() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
280) Improper locking (CVE-ID: CVE-2024-57974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the compute_score() and __udp6_lib_lookup() functions in net/ipv6/udp.c, within the udp_ehashfn() and __udp4_lib_lookup() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
281) Integer overflow (CVE-ID: CVE-2024-57973)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the copy_gl_to_skb_pkt() function in drivers/infiniband/hw/cxgb4/device.c. A local user can execute arbitrary code.
282) Improper error handling (CVE-ID: CVE-2024-57948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ieee802154_if_remove() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.
283) Memory leak (CVE-ID: CVE-2024-57947)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_pipapo_avx2_lookup_slow() function in net/netfilter/nft_set_pipapo_avx2.c, within the nft_pipapo_lookup() and pipapo_get() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
284) Use-after-free (CVE-ID: CVE-2024-57900)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX() and ila_add_mapping() functions in net/ipv6/ila/ila_xlat.c. A local user can escalate privileges on the system.
285) NULL pointer dereference (CVE-ID: CVE-2024-57834)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vidtv_start_streaming() and vidtv_stop_streaming() functions in drivers/media/test-drivers/vidtv/vidtv_bridge.c. A local user can perform a denial of service (DoS) attack.
286) Improper locking (CVE-ID: CVE-2024-56703)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the |() function in tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh, within the fib6_select_path(), ip6_route_mpath_notify(), rt6_nlmsg_size(), rt6_fill_node() and inet6_rt_notify() functions in net/ipv6/route.c, within the fib6_del_route() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
287) Improper locking (CVE-ID: CVE-2024-57807)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the megasas_aen_polling() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
288) Resource management error (CVE-ID: CVE-2024-56770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tfifo_reset(), tfifo_enqueue(), netem_enqueue() and netem_dequeue() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
289) NULL pointer dereference (CVE-ID: CVE-2024-56758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the relocate_one_folio() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
290) Improper locking (CVE-ID: CVE-2024-56751)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6_dst_ifdown(), DEFINE_SPINLOCK() and rt6_remove_exception() functions in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
291) Input validation error (CVE-ID: CVE-2024-56720)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sk_msg_shift_left() and BPF_CALL_4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
292) Use-after-free (CVE-ID: CVE-2024-56719)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can escalate privileges on the system.
293) Double free (CVE-ID: CVE-2024-56718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the smcr_link_down_cond_sched() and smc_link_down_work() functions in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.