SB2025062655 - Ubuntu update for linux-azure
Published: June 26, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 332 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2025-40325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the raid10_handle_discard() function in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
2) Out-of-bounds read (CVE-ID: CVE-2025-40114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the veml6075_read_uv_direct() function in drivers/iio/light/veml6075.c. A local user can perform a denial of service (DoS) attack.
3) Out-of-bounds read (CVE-ID: CVE-2025-40014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amd_set_spi_freq() function in drivers/spi/spi-amd.c. A local user can perform a denial of service (DoS) attack.
4) Memory leak (CVE-ID: CVE-2025-39989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the error_context() function in arch/x86/kernel/cpu/mce/severity.c. A local user can perform a denial of service (DoS) attack.
5) Input validation error (CVE-ID: CVE-2025-39930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the graph_get_dai_id() and graph_util_parse_dai() functions in sound/soc/generic/simple-card-utils.c. A local user can perform a denial of service (DoS) attack.
6) Resource management error (CVE-ID: CVE-2025-39778)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nvmet_ctrl_state_show() function in drivers/nvme/target/debugfs.c. A local user can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2025-39755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the MODULE_DEVICE_TABLE() function in drivers/staging/gpib/cb7210/cb7210.c. A local user can perform a denial of service (DoS) attack.
8) Out-of-bounds read (CVE-ID: CVE-2025-39735)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
9) Resource management error (CVE-ID: CVE-2025-39728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the samsung_clk_init() function in drivers/clk/samsung/clk.c. A local user can perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2025-39688)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_lookup_stateid() and nfsd4_delegreturn() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2025-38637)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the skbprio_enqueue() and skbprio_dequeue() functions in net/sched/sch_skbprio.c. A local user can perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2025-38575)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kfree() function in fs/smb/server/auth.c. A local user can escalate privileges on the system.
13) Resource management error (CVE-ID: CVE-2025-38479)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fsl_edma2_irq_init(), fsl_edma_irq_exit() and fsl_edma_probe() functions in drivers/dma/fsl-edma-main.c. A local user can perform a denial of service (DoS) attack.
14) NULL pointer dereference (CVE-ID: CVE-2025-38240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_dp_parse_capabilities() and mtk_dp_wait_hpd_asserted() functions in drivers/gpu/drm/mediatek/mtk_dp.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2025-38152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rproc_shutdown() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2025-38104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_virt_rlcg_reg_rw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c, within the amdgpu_device_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
17) NULL pointer dereference (CVE-ID: CVE-2025-38049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the closid_alloc() function in arch/x86/kernel/cpu/resctrl/rdtgroup.c. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2025-37989)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_led_triggers_register() and phy_led_triggers_unregister() functions in drivers/net/phy/phy_led_triggers.c. A local user can escalate privileges on the system.
19) Improper locking (CVE-ID: CVE-2025-37988)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_lock_mount() and lock_mount() functions in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
20) Buffer overflow (CVE-ID: CVE-2025-37987)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_core_init() function in drivers/net/ethernet/amd/pds_core/core.c. A local user can perform a denial of service (DoS) attack.
21) Input validation error (CVE-ID: CVE-2025-37986)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the typec_unregister_partner() function in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.
22) Race condition (CVE-ID: CVE-2025-37985)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can escalate privileges on the system.
23) Integer overflow (CVE-ID: CVE-2025-37984)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ecdsa_x962_verify() function in crypto/ecdsa-x962.c, within the ecdsa_p1363_verify() function in crypto/ecdsa-p1363.c, within the EXPORT_SYMBOL() function in crypto/ecc.c. A local user can execute arbitrary code.
24) Memory leak (CVE-ID: CVE-2025-37983)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qibfs_mknod() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
25) Memory leak (CVE-ID: CVE-2025-37982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wl1251_tx_work() function in drivers/net/wireless/ti/wl1251/tx.c. A local user can perform a denial of service (DoS) attack.
26) Buffer overflow (CVE-ID: CVE-2025-37981)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the pqi_calculate_io_resources(), pqi_calculate_queue_resources() and pqi_ctrl_init() functions in drivers/scsi/smartpqi/smartpqi_init.c. A local user can escalate privileges on the system.
27) Memory leak (CVE-ID: CVE-2025-37980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the blk_debugfs_remove() function in block/blk-sysfs.c. A local user can perform a denial of service (DoS) attack.
28) Out-of-bounds read (CVE-ID: CVE-2025-37979)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sound/soc/qcom/lpass.h. A local user can perform a denial of service (DoS) attack.
29) Buffer overflow (CVE-ID: CVE-2025-37978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bio_integrity_alloc(), bio_integrity_uncopy_user(), bio_integrity_unmap_user(), bio_integrity_copy_user() and bio_integrity_map_user() functions in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
30) Input validation error (CVE-ID: CVE-2025-37977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the exynos_ufs_shareability() and exynos_ufs_parse_dt() functions in drivers/ufs/host/ufs-exynos.c. A local user can perform a denial of service (DoS) attack.
31) Out-of-bounds read (CVE-ID: CVE-2025-37975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_relocate_add() function in arch/riscv/kernel/module.c. A local user can perform a denial of service (DoS) attack.
32) NULL pointer dereference (CVE-ID: CVE-2025-37945)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_link_change() and mdio_bus_phy_suspend() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
33) Buffer overflow (CVE-ID: CVE-2025-37944)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ath12k_dp_mon_srng_process() function in drivers/net/wireless/ath/ath12k/dp_mon.c. A local user can perform a denial of service (DoS) attack.
34) Input validation error (CVE-ID: CVE-2025-37943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_dp_rx_deliver_msdu(), ath12k_dp_rx_process_msdu(), skb_pull(), ath12k_dp_rx_h_null_q_desc(), ath12k_dp_rx_h_reo_err(), ath12k_dp_rx_h_tkip_mic_err() and ath12k_dp_rx_h_rxdma_err() functions in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
35) Input validation error (CVE-ID: CVE-2025-37942)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can perform a denial of service (DoS) attack.
36) Memory leak (CVE-ID: CVE-2025-37941)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wcd937x_soc_codec_probe() function in sound/soc/codecs/wcd937x.c. A local user can perform a denial of service (DoS) attack.
37) Improper locking (CVE-ID: CVE-2025-37940)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ftrace_graph_set_hash() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
38) Buffer overflow (CVE-ID: CVE-2025-37939)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the btf_ext_parse_info() function in tools/lib/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
39) Use-after-free (CVE-ID: CVE-2025-37938)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the test_event_printk() function in kernel/trace/trace_events.c. A local user can escalate privileges on the system.
40) Division by zero (CVE-ID: CVE-2025-37937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the dib8000_set_dds() function in drivers/media/dvb-frontends/dib8000.c. A local user can perform a denial of service (DoS) attack.
41) Improper locking (CVE-ID: CVE-2025-37925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the duplicateIXtree() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
42) Out-of-bounds read (CVE-ID: CVE-2025-37892)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the INFTL_findwriteunit() function in drivers/mtd/inftlcore.c. A local user can perform a denial of service (DoS) attack.
43) NULL pointer dereference (CVE-ID: CVE-2025-37888)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c. A local user can perform a denial of service (DoS) attack.
44) Buffer overflow (CVE-ID: CVE-2025-37887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_dl_info_get() function in drivers/net/ethernet/amd/pds_core/devlink.c. A local user can perform a denial of service (DoS) attack.
45) Buffer overflow (CVE-ID: CVE-2025-37886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_q_map() function in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pdsc_adminq_isr(), __pdsc_adminq_post() and pdsc_adminq_post() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.
46) Use-after-free (CVE-ID: CVE-2025-37885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
47) Improper locking (CVE-ID: CVE-2025-37884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __set_printk_clr_event() and bpf_get_trace_vprintk_proto() functions in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
48) Memory leak (CVE-ID: CVE-2025-37883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __sclp_console_free_pages() and sclp_console_init() functions in drivers/s390/char/sclp_con.c. A local user can perform a denial of service (DoS) attack.
49) NULL pointer dereference (CVE-ID: CVE-2025-37882)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the handle_tx_event() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
50) Improper error handling (CVE-ID: CVE-2025-37881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ast_vhub_init_dev() function in drivers/usb/gadget/udc/aspeed-vhub/dev.c. A local user can perform a denial of service (DoS) attack.
51) Improper locking (CVE-ID: CVE-2025-37880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the handle_syscall() function in arch/um/kernel/skas/syscall.c. A local user can perform a denial of service (DoS) attack.
52) Incorrect calculation (CVE-ID: CVE-2025-37879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the p9_client_read_once(), p9_client_write(), EXPORT_SYMBOL_GPL() and p9_client_readdir() functions in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
53) Resource management error (CVE-ID: CVE-2025-37878)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the inherit_event() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
54) Incorrect calculation (CVE-ID: CVE-2025-37877)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the iommu_deinit_device() function in drivers/iommu/iommu.c. A local user can perform a denial of service (DoS) attack.
55) Improper error handling (CVE-ID: CVE-2025-37876)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the netfs_init() function in fs/netfs/main.c. A local user can perform a denial of service (DoS) attack.
56) Resource management error (CVE-ID: CVE-2025-37875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the igc_ptm_log_error(), igc_phc_get_syncdevicetime(), igc_ptp_stop() and igc_ptp_reset() functions in drivers/net/ethernet/intel/igc/igc_ptp.c. A local user can perform a denial of service (DoS) attack.
57) Memory leak (CVE-ID: CVE-2025-37874)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ngbe_probe() and wx_clear_interrupt_scheme() functions in drivers/net/ethernet/wangxun/ngbe/ngbe_main.c. A local user can perform a denial of service (DoS) attack.
58) Buffer overflow (CVE-ID: CVE-2025-37873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dev_kfree_skb_any() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
59) Memory leak (CVE-ID: CVE-2025-37872)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the txgbe_probe() and wx_clear_interrupt_scheme() functions in drivers/net/ethernet/wangxun/txgbe/txgbe_main.c. A local user can perform a denial of service (DoS) attack.
60) Input validation error (CVE-ID: CVE-2025-37870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dcn401_enable_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c, within the dcn20_enable_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
61) Use-after-free (CVE-ID: CVE-2025-37869)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kfd_process_remove_sysfs() and kfd_process_wq_release() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can escalate privileges on the system.
62) Improper locking (CVE-ID: CVE-2025-37868)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xe_npages_in_range() and xe_hmm_userptr_populate_range() functions in drivers/gpu/drm/xe/xe_hmm.c. A local user can perform a denial of service (DoS) attack.
63) Buffer overflow (CVE-ID: CVE-2025-37867)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ib_init_umem_odp() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.
64) Resource management error (CVE-ID: CVE-2025-37866)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the secure_boot_fuse_state_show() function in drivers/platform/mellanox/mlxbf-bootctl.c. A local user can perform a denial of service (DoS) attack.
65) Use of uninitialized resource (CVE-ID: CVE-2025-37865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mv88e6xxx_vtu_get() and mv88e6xxx_mst_put() functions in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
66) Memory leak (CVE-ID: CVE-2025-37864)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsa_switch_parse() function in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.
67) Input validation error (CVE-ID: CVE-2025-37863)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ovl_get_lowerstack() function in fs/overlayfs/super.c. A local user can perform a denial of service (DoS) attack.
68) NULL pointer dereference (CVE-ID: CVE-2025-37862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pidff_set_autocenter() and pidff_reports_ok() functions in drivers/hid/usbhid/hid-pidff.c. A local user can perform a denial of service (DoS) attack.
69) Improper locking (CVE-ID: CVE-2025-37861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpi3mr_process_factsdata(), mpi3mr_process_admin_reply_q(), mpi3mr_process_op_reply_q(), mpi3mr_check_op_admin_proc() and mpi3mr_soft_reset_handler() functions in drivers/scsi/mpi3mr/mpi3mr_fw.c. A local user can perform a denial of service (DoS) attack.
70) NULL pointer dereference (CVE-ID: CVE-2025-37860)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ef100_process_design_param() and ef100_check_design_params() functions in drivers/net/ethernet/sfc/ef100_nic.c, within the ef100_probe_netdev() function in drivers/net/ethernet/sfc/ef100_netdev.c. A local user can perform a denial of service (DoS) attack.
71) Infinite loop (CVE-ID: CVE-2025-37859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the page_pool_release_retry() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
72) Integer overflow (CVE-ID: CVE-2025-37858)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the dbExtendFS() function in fs/jfs/jfs_dmap.c. A local user can execute arbitrary code.
73) Buffer overflow (CVE-ID: CVE-2025-37857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the validate_options() function in drivers/scsi/st.c. A local user can perform a denial of service (DoS) attack.
74) Integer underflow (CVE-ID: CVE-2025-37856)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the btrfs_put_transaction() and btrfs_cleanup_pending_block_groups() functions in fs/btrfs/transaction.c, within the btrfs_finish_extent_commit() function in fs/btrfs/extent-tree.c. A local user can execute arbitrary code.
75) Input validation error (CVE-ID: CVE-2025-37855)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_allow_idle_optimizations_internal() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-37854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kfd_process_remove_sysfs() and kfd_process_wq_release() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.
77) NULL pointer dereference (CVE-ID: CVE-2025-37853)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kfd_debugfs_hang_hws() function in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
78) NULL pointer dereference (CVE-ID: CVE-2025-37852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_powerplay_create() function in drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c. A local user can perform a denial of service (DoS) attack.
79) Use of uninitialized resource (CVE-ID: CVE-2025-37851)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the dispc_ovl_setup() function in drivers/video/fbdev/omap2/omapfb/dss/dispc.c. A local user can perform a denial of service (DoS) attack.
80) Division by zero (CVE-ID: CVE-2025-37850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pwm_mediatek_config() function in drivers/pwm/pwm-mediatek.c. A local user can perform a denial of service (DoS) attack.
81) Memory leak (CVE-ID: CVE-2025-37849)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_arch_vcpu_create() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.
82) Improper locking (CVE-ID: CVE-2025-37848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ivpu_ms_start_ioctl(), kfree(), ivpu_ms_get_data_ioctl() and ivpu_ms_stop_ioctl() functions in drivers/accel/ivpu/ivpu_ms.c, within the ivpu_force_recovery_fn() and dct_active_set() functions in drivers/accel/ivpu/ivpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2025-37847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ivpu_ms_cleanup() function in drivers/accel/ivpu/ivpu_ms.c. A local user can perform a denial of service (DoS) attack.
84) Out-of-bounds read (CVE-ID: CVE-2025-37846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the arch/arm64/include/asm/traps.h. A local user can perform a denial of service (DoS) attack.
85) Memory leak (CVE-ID: CVE-2025-37845)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __find_tracepoint_module_cb(), __find_tracepoint_cb(), reenable_trace_fprobe() and trace_fprobe_create_internal() functions in kernel/trace/trace_fprobe.c. A local user can perform a denial of service (DoS) attack.
86) NULL pointer dereference (CVE-ID: CVE-2025-37844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_handle_cancelled_close() function in fs/smb/client/smb2misc.c. A local user can perform a denial of service (DoS) attack.
87) Improper locking (CVE-ID: CVE-2025-37843)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pciehp_suspend() function in drivers/pci/hotplug/pciehp_core.c. A local user can perform a denial of service (DoS) attack.
88) Resource management error (CVE-ID: CVE-2025-37842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fsl_qspi_cleanup(), fsl_qspi_probe(), fsl_qspi_remove() and module_platform_driver() functions in drivers/spi/spi-fsl-qspi.c. A local user can perform a denial of service (DoS) attack.
89) NULL pointer dereference (CVE-ID: CVE-2025-37841)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prepare_default_config() function in tools/power/cpupower/bench/parse.c. A local user can perform a denial of service (DoS) attack.
90) Use of uninitialized resource (CVE-ID: CVE-2025-37840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the brcmnand_resume() function in drivers/mtd/nand/raw/brcmnand/brcmnand.c. A local user can perform a denial of service (DoS) attack.
91) Input validation error (CVE-ID: CVE-2025-37839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jbd2_journal_update_sb_log_tail() function in fs/jbd2/journal.c. A local user can perform a denial of service (DoS) attack.
92) Use-after-free (CVE-ID: CVE-2025-37838)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ssip_reset() function in drivers/hsi/clients/ssi_protocol.c. A local user can escalate privileges on the system.
93) Use-after-free (CVE-ID: CVE-2025-37837)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tegra241_cmdqv_hw_reset(), tegra241_vintf_free_lvcmdq() and tegra241_cmdqv_init_structures() functions in drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c. A local user can escalate privileges on the system.
94) Memory leak (CVE-ID: CVE-2025-37836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_register_host_bridge() function in drivers/pci/probe.c. A local user can perform a denial of service (DoS) attack.
95) Use-after-free (CVE-ID: CVE-2025-37834)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mm/vmscan.c. A local user can escalate privileges on the system.
96) Resource management error (CVE-ID: CVE-2025-37833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the niu_try_msix() function in drivers/net/ethernet/sun/niu.c. A local user can perform a denial of service (DoS) attack.
97) NULL pointer dereference (CVE-ID: CVE-2025-37831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_soc_cpufreq_get_rate() function in drivers/cpufreq/apple-soc-cpufreq.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2025-37830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scmi_cpufreq_get_rate() function in drivers/cpufreq/scmi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
99) NULL pointer dereference (CVE-ID: CVE-2025-37829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_cpufreq_get_rate() function in drivers/cpufreq/scpi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
100) NULL pointer dereference (CVE-ID: CVE-2025-37828)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufshcd_mcq_abort() function in drivers/ufs/core/ufs-mcq.c. A local user can perform a denial of service (DoS) attack.
101) Improper error handling (CVE-ID: CVE-2025-37827)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the btrfs_load_block_group_zone_info() function in fs/btrfs/zoned.c. A local user can perform a denial of service (DoS) attack.
102) Improper error handling (CVE-ID: CVE-2025-37826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ufshcd_mcq_compl_pending_transfer() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
103) Out-of-bounds read (CVE-ID: CVE-2025-37825)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nvmet_enable_port() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
104) NULL pointer dereference (CVE-ID: CVE-2025-37824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_mon_reinit_self() function in net/tipc/monitor.c. A local user can perform a denial of service (DoS) attack.
105) Input validation error (CVE-ID: CVE-2025-37823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
106) Buffer overflow (CVE-ID: CVE-2025-37822)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch_uprobe_copy_ixol() function in arch/riscv/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.
107) NULL pointer dereference (CVE-ID: CVE-2025-37821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dequeue_entities() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
108) Memory leak (CVE-ID: CVE-2025-37820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xennet_run_xdp() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
109) Double free (CVE-ID: CVE-2025-37819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gicv2m_of_init() function in drivers/irqchip/irq-gic-v2m.c. A local user can perform a denial of service (DoS) attack.
110) Double free (CVE-ID: CVE-2025-37817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the chameleon_parse_gdd() function in drivers/mcb/mcb-parse.c. A local user can perform a denial of service (DoS) attack.
111) Improper locking (CVE-ID: CVE-2025-37816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the VSC_TP_PACKET_SIZE(), vsc_tp_dev_xfer() and vsc_tp_xfer() functions in drivers/misc/mei/vsc-tp.c. A local user can perform a denial of service (DoS) attack.
112) Improper locking (CVE-ID: CVE-2025-37815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci1xxxx_gpio_irq_handler() function in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c. A local user can perform a denial of service (DoS) attack.
113) Resource management error (CVE-ID: CVE-2025-37814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the set_selection_user() function in drivers/tty/vt/selection.c. A local user can perform a denial of service (DoS) attack.
114) Input validation error (CVE-ID: CVE-2025-37813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xhci_queue_ctrl_tx() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
115) Improper locking (CVE-ID: CVE-2025-37812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns3_device_thread_irq_handler() function in drivers/usb/cdns3/cdns3-gadget.c. A local user can perform a denial of service (DoS) attack.
116) NULL pointer dereference (CVE-ID: CVE-2025-37811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpu_latency_qos_remove_request() and ci_hdrc_imx_remove() functions in drivers/usb/chipidea/ci_hdrc_imx.c. A local user can perform a denial of service (DoS) attack.
117) Out-of-bounds read (CVE-ID: CVE-2025-37810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dwc3_check_event_buf() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
118) NULL pointer dereference (CVE-ID: CVE-2025-37809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the typec_register_partner(), typec_unregister_partner(), typec_get_partner(), typec_partner_attach(), typec_partner_deattach() and typec_register_port() functions in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.
119) Resource management error (CVE-ID: CVE-2025-37808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX(), MODULE_ALIAS_CRYPTO() and EXPORT_SYMBOL_GPL() functions in crypto/crypto_null.c. A local user can perform a denial of service (DoS) attack.
120) Memory leak (CVE-ID: CVE-2025-37807)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the htab_is_percpu() and htab_percpu_map_gen_lookup() functions in kernel/bpf/hashtab.c. A local user can perform a denial of service (DoS) attack.
121) NULL pointer dereference (CVE-ID: CVE-2025-37806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntfs_file_write_iter() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.
122) Improper locking (CVE-ID: CVE-2025-37805)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtsnd_pcm_parse_cfg() function in sound/virtio/virtio_pcm.c. A local user can perform a denial of service (DoS) attack.
123) Buffer overflow (CVE-ID: CVE-2025-37803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udmabuf_create() function in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.
124) Improper locking (CVE-ID: CVE-2025-37802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tree_conn_fd_check() and ksmbd_durable_scavenger() functions in fs/smb/server/vfs_cache.c. A local user can perform a denial of service (DoS) attack.
125) NULL pointer dereference (CVE-ID: CVE-2025-37801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the spi_imx_transfer_one() function in drivers/spi/spi-imx.c. A local user can perform a denial of service (DoS) attack.
126) NULL pointer dereference (CVE-ID: CVE-2025-37800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_uevent_name() and dev_uevent() functions in drivers/base/core.c, within the bus_rescan_devices_helper() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
127) Memory leak (CVE-ID: CVE-2025-37799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
128) Input validation error (CVE-ID: CVE-2025-37798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_bstats_update() function in net/sched/sch_fq_codel.c, within the codel_qdisc_dequeue() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
129) Input validation error (CVE-ID: CVE-2025-37797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
130) Memory leak (CVE-ID: CVE-2025-37796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at76_disconnect() function in drivers/net/wireless/atmel/at76c50x-usb.c. A local user can perform a denial of service (DoS) attack.
131) NULL pointer dereference (CVE-ID: CVE-2025-37794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
132) Improper error handling (CVE-ID: CVE-2025-37793)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the avs_component_probe() function in sound/soc/intel/avs/pcm.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2025-37792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl_dev_err() function in drivers/bluetooth/btrtl.c. A local user can perform a denial of service (DoS) attack.
134) Improper locking (CVE-ID: CVE-2025-37791)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ethtool_cmis_module_poll() function in net/ethtool/cmis_cdb.c. A local user can perform a denial of service (DoS) attack.
135) Input validation error (CVE-ID: CVE-2025-37790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_sk_hash() function in net/mctp/af_mctp.c. A local user can perform a denial of service (DoS) attack.
136) Input validation error (CVE-ID: CVE-2025-37789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
137) Memory leak (CVE-ID: CVE-2025-37788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cxgb4_init_ethtool_filters() function in drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c. A local user can perform a denial of service (DoS) attack.
138) Input validation error (CVE-ID: CVE-2025-37787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv88e6xxx_teardown_devlink_regions_global() function in drivers/net/dsa/mv88e6xxx/devlink.c. A local user can perform a denial of service (DoS) attack.
139) Use-after-free (CVE-ID: CVE-2025-37786)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dsa_tree_teardown_lags(), dsa_tree_setup(), dsa_tree_teardown_switches() and dsa_tree_teardown() functions in net/dsa/dsa.c. A local user can escalate privileges on the system.
140) Use-after-free (CVE-ID: CVE-2025-37785)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_check_dir_entry() function in fs/ext4/dir.c. A local user can escalate privileges on the system.
141) NULL pointer dereference (CVE-ID: CVE-2025-37784)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the icss_iep_perout_enable_hw() and icss_iep_perout_enable() functions in drivers/net/ethernet/ti/icssg/icss_iep.c. A local user can perform a denial of service (DoS) attack.
142) Resource management error (CVE-ID: CVE-2025-37783)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dpu_plane_virtual_atomic_check() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.
143) Resource management error (CVE-ID: CVE-2025-37781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.
144) Out-of-bounds read (CVE-ID: CVE-2025-37780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_fh_to_parent() function in fs/isofs/export.c. A local user can perform a denial of service (DoS) attack.
145) Use-after-free (CVE-ID: CVE-2025-37779)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __iov_iter_get_pages_alloc() function in lib/iov_iter.c. A local user can escalate privileges on the system.
146) Use-after-free (CVE-ID: CVE-2025-37778)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A remote attacker can trick the victim into connecting to a malicious SMB server and execute arbitrary code on the target system.
147) Use-after-free (CVE-ID: CVE-2025-37777)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_transport() function in fs/smb/server/transport_tcp.c, within the ksmbd_conn_free() function in fs/smb/server/connection.c. A local user can escalate privileges on the system.
148) Use-after-free (CVE-ID: CVE-2025-37776)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the free_opinfo(), opinfo_get_list(), opinfo_put(), opinfo_add(), opinfo_del() and smb_break_all_levII_oplock() functions in fs/smb/server/oplock.c. A local user can escalate privileges on the system.
149) Resource management error (CVE-ID: CVE-2025-37775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ksmbd_vfs_write() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
150) Improper error handling (CVE-ID: CVE-2025-37774)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the handle_failed_objexts_alloc(), need_slab_obj_ext() and allocate_slab() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
151) Input validation error (CVE-ID: CVE-2025-37773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c. A local user can perform a denial of service (DoS) attack.
152) NULL pointer dereference (CVE-ID: CVE-2025-37772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.
153) Division by zero (CVE-ID: CVE-2025-37771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the arcturus_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c. A local user can perform a denial of service (DoS) attack.
154) Division by zero (CVE-ID: CVE-2025-37770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the vega10_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c. A local user can perform a denial of service (DoS) attack.
155) Division by zero (CVE-ID: CVE-2025-37769)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu_v11_0_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c. A local user can perform a denial of service (DoS) attack.
156) Division by zero (CVE-ID: CVE-2025-37768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu7_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c. A local user can perform a denial of service (DoS) attack.
157) Division by zero (CVE-ID: CVE-2025-37767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu_v13_0_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c. A local user can perform a denial of service (DoS) attack.
158) Input validation error (CVE-ID: CVE-2025-37766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vega20_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c. A local user can perform a denial of service (DoS) attack.
159) Use-after-free (CVE-ID: CVE-2025-37765)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nouveau_gem_object_del() function in drivers/gpu/drm/nouveau/nouveau_gem.c, within the nouveau_bo_del_ttm() function in drivers/gpu/drm/nouveau/nouveau_bo.c. A local user can escalate privileges on the system.
160) Memory leak (CVE-ID: CVE-2025-37764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pvr_fw_process(), kfree() and pvr_fw_cleanup() functions in drivers/gpu/drm/imagination/pvr_fw.c. A local user can perform a denial of service (DoS) attack.
161) Use-after-free (CVE-ID: CVE-2025-37763)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nouveau_gem_object_del() function in drivers/gpu/drm/nouveau/nouveau_gem.c, within the nouveau_bo_del_ttm() function in drivers/gpu/drm/nouveau/nouveau_bo.c. A local user can escalate privileges on the system.
162) Memory leak (CVE-ID: CVE-2025-37762)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_gpu_plane_prepare_fb() function in drivers/gpu/drm/virtio/virtgpu_plane.c. A local user can perform a denial of service (DoS) attack.
163) Out-of-bounds read (CVE-ID: CVE-2025-37761)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xe_gt_tlb_invalidation_ggtt() and xe_gt_tlb_invalidation_range() functions in drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c. A local user can perform a denial of service (DoS) attack.
164) Resource management error (CVE-ID: CVE-2025-37760)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmg_adjust_set_range(), commit_merge(), vma_merge_existing_range(), vma_expand(), vma_modify() and VMG_VMA_STATE() functions in mm/vma.c, within the userfaultfd_clear_vma() and userfaultfd_register_range() functions in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
165) NULL pointer dereference (CVE-ID: CVE-2025-37759)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ublk_complete_rq() and __ublk_fail_req() functions in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
166) NULL pointer dereference (CVE-ID: CVE-2025-37758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pxa_ata_probe() function in drivers/ata/pata_pxa.c. A local user can perform a denial of service (DoS) attack.
167) Memory leak (CVE-ID: CVE-2025-37757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_link_xmit() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
168) Resource management error (CVE-ID: CVE-2025-37756)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tls_setsockopt() and build_protos() functions in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
169) NULL pointer dereference (CVE-ID: CVE-2025-37755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wx_alloc_mapped_page() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
170) Buffer overflow (CVE-ID: CVE-2025-37754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the intel_uc_init_late() function in drivers/gpu/drm/i915/gt/uc/intel_uc.c, within the intel_huc_init_early() and intel_huc_fini() functions in drivers/gpu/drm/i915/gt/uc/intel_huc.c. A local user can perform a denial of service (DoS) attack.
171) Out-of-bounds read (CVE-ID: CVE-2025-37752)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sfq_change() function in net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
172) Input validation error (CVE-ID: CVE-2025-37751)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_amd_bd() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
173) Use-after-free (CVE-ID: CVE-2025-37750)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the decrypt_raw_data() function in fs/smb/client/smb2ops.c, within the cifs_crypto_secmech_release() function in fs/smb/client/cifsencrypt.c. A local user can escalate privileges on the system.
174) Out-of-bounds read (CVE-ID: CVE-2025-37749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ppp_sync_txmunge() function in drivers/net/ppp/ppp_synctty.c. A local user can perform a denial of service (DoS) attack.
175) NULL pointer dereference (CVE-ID: CVE-2025-37748)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_iommu_probe() function in drivers/iommu/mtk_iommu.c. A local user can perform a denial of service (DoS) attack.
176) Memory leak (CVE-ID: CVE-2025-37747)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exclusive_event_installable(), _free_event(), perf_remove_from_owner(), list_del(), perf_pending_task(), __perf_event_overflow(), perf_event_alloc(), perf_event_exit_event() and perf_free_event() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
177) Buffer overflow (CVE-ID: CVE-2025-37746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc_pcie_register_dev() and dwc_pcie_pmu_probe() functions in drivers/perf/dwc_pcie_pmu.c. A local user can perform a denial of service (DoS) attack.
178) Improper locking (CVE-ID: CVE-2025-37745)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hibernate_compressor_param_set() function in kernel/power/hibernate.c. A local user can perform a denial of service (DoS) attack.
179) Memory leak (CVE-ID: CVE-2025-37744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_pci_remove() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
180) Memory leak (CVE-ID: CVE-2025-37743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_dp_mon_rx_parse_status_tlv() and ath12k_dp_mon_parse_rx_dest() functions in drivers/net/wireless/ath/ath12k/dp_mon.c. A local user can perform a denial of service (DoS) attack.
181) Use-after-free (CVE-ID: CVE-2025-37742)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the diMount() function in fs/jfs/jfs_imap.c. A local user can escalate privileges on the system.
182) Improper locking (CVE-ID: CVE-2025-37741)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the diReadSpecial() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
183) Input validation error (CVE-ID: CVE-2025-37740)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
184) Out-of-bounds read (CVE-ID: CVE-2025-37739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_truncate_inode_blocks() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
185) Use-after-free (CVE-ID: CVE-2025-37738)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can escalate privileges on the system.
186) Resource management error (CVE-ID: CVE-2025-23163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vlan_dev_open(), vlan_dev_stop() and vlan_dev_change_rx_flags() functions in net/8021q/vlan_dev.c. A local user can perform a denial of service (DoS) attack.
187) Input validation error (CVE-ID: CVE-2025-23162)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_reset_guc_state() function in drivers/gpu/drm/xe/xe_gt_sriov_vf.c, within the do_gt_reset() function in drivers/gpu/drm/xe/xe_gt.c. A local user can perform a denial of service (DoS) attack.
188) Improper locking (CVE-ID: CVE-2025-23161)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmd_pci_read(), vmd_pci_write() and vmd_probe() functions in drivers/pci/controller/vmd.c. A local user can perform a denial of service (DoS) attack.
189) Memory leak (CVE-ID: CVE-2025-23160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
190) Buffer overflow (CVE-ID: CVE-2025-23159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the venus_sfr_print() function in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.
191) Out-of-bounds write (CVE-ID: CVE-2025-23158)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the venus_write_queue() and venus_read_queue() functions in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can execute arbitrary code.
192) Out-of-bounds read (CVE-ID: CVE-2025-23157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the init_codecs() function in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.
193) Out-of-bounds read (CVE-ID: CVE-2025-23156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fill_buf_mode(), parse_alloc_mode(), fill_profile_level(), parse_profile_level(), fill_caps(), parse_caps(), fill_raw_fmts(), parse_raw_formats(), parse_codecs(), hfi_platform_parser() and hfi_parser() functions in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.
194) Resource management error (CVE-ID: CVE-2025-23155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stmmac_request_irq_multi_msi() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
195) Resource management error (CVE-ID: CVE-2025-23154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_sendmsg_prep() function in io_uring/net.c, within the ~() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
196) Input validation error (CVE-ID: CVE-2025-23153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the crc_t10dif_arch() function in arch/arm/lib/crc-t10dif-glue.c. A local user can perform a denial of service (DoS) attack.
197) Input validation error (CVE-ID: CVE-2025-23152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the crc_t10dif_arch() function in arch/arm64/lib/crc-t10dif-glue.c. A local user can perform a denial of service (DoS) attack.
198) Improper locking (CVE-ID: CVE-2025-23151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mhi_gen_tre() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
199) Use-after-free (CVE-ID: CVE-2025-23150)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_split() function in fs/ext4/namei.c. A local user can escalate privileges on the system.
200) Improper error handling (CVE-ID: CVE-2025-23149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tpm_get_random() function in drivers/char/tpm/tpm-interface.c, within the tpm_try_get_ops() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.
201) NULL pointer dereference (CVE-ID: CVE-2025-23148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the exynos_chipid_probe() function in drivers/soc/samsung/exynos-chipid.c. A local user can perform a denial of service (DoS) attack.
202) NULL pointer dereference (CVE-ID: CVE-2025-23147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i3c_master_unregister_i3c_devs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
203) NULL pointer dereference (CVE-ID: CVE-2025-23146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kb3930_probe() function in drivers/mfd/ene-kb3930.c. A local user can perform a denial of service (DoS) attack.
204) NULL pointer dereference (CVE-ID: CVE-2025-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subflow_hmac_valid() and subflow_syn_recv_sock() functions in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
205) Improper locking (CVE-ID: CVE-2025-23144)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the led_bl_remove() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.
206) NULL pointer dereference (CVE-ID: CVE-2025-23143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_lock_init() and sk_prot_free() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
207) Use-after-free (CVE-ID: CVE-2025-23142)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_transport_free() function in net/sctp/transport.c, within the sctp_writeable(), sctp_sendmsg_to_asoc(), sctp_sock_rfree() and sctp_wait_for_sndbuf() functions in net/sctp/socket.c. A local user can escalate privileges on the system.
208) Improper locking (CVE-ID: CVE-2025-23141)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl_get_mpstate() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
209) Memory leak (CVE-ID: CVE-2025-23140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_endpoint_test_release_irq() function in drivers/misc/pci_endpoint_test.c. A local user can perform a denial of service (DoS) attack.
210) Integer underflow (CVE-ID: CVE-2025-23138)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the watch_queue_set_size() function in kernel/watch_queue.c. A local user can execute arbitrary code.
211) NULL pointer dereference (CVE-ID: CVE-2025-23137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_pstate_update() function in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.
212) NULL pointer dereference (CVE-ID: CVE-2025-23136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the int3402_thermal_probe() function in drivers/thermal/intel/int340x_thermal/int3402_thermal.c. A local user can perform a denial of service (DoS) attack.
213) Resource management error (CVE-ID: CVE-2025-23135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the module_init() function in arch/riscv/kvm/main.c. A local user can perform a denial of service (DoS) attack.
214) Improper locking (CVE-ID: CVE-2025-23134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_timer_user_copy_id(), snd_timer_user_ginfo() and snd_timer_user_gstatus() functions in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
215) Out-of-bounds read (CVE-ID: CVE-2025-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath11k_reg_notifier(), ath11k_regd_update() and ath11k_regd_update_work() functions in drivers/net/wireless/ath/ath11k/reg.c. A local user can perform a denial of service (DoS) attack.
216) Improper locking (CVE-ID: CVE-2025-23132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_sync_fs(), f2fs_remount(), limit_reserve_root(), f2fs_quota_sync(), f2fs_quota_on(), __f2fs_quota_off(), f2fs_quota_off(), f2fs_dquot_initialize(), f2fs_update_time() and kill_f2fs_super() functions in fs/f2fs/super.c, within the block_operations(), f2fs_unlock_all() and f2fs_issue_checkpoint() functions in fs/f2fs/checkpoint.c. A local user can perform a denial of service (DoS) attack.
217) NULL pointer dereference (CVE-ID: CVE-2025-23131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the new_lockspace() function in fs/dlm/lockspace.c. A local user can perform a denial of service (DoS) attack.
218) Improper locking (CVE-ID: CVE-2025-23130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the MAIN_SECS(), spin_unlock(), __get_next_segno(), new_curseg() and f2fs_randomize_chunk() functions in fs/f2fs/segment.c, within the f2fs_expand_inode_data() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
219) Resource management error (CVE-ID: CVE-2025-23129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __free_irq() function in drivers/net/wireless/ath/ath11k/pci.c. A local user can perform a denial of service (DoS) attack.
220) Resource management error (CVE-ID: CVE-2025-22128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath12k_pci_probe() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
221) Improper locking (CVE-ID: CVE-2025-22127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_read_multi_pages() function in fs/f2fs/data.c, within the f2fs_compress_ctx_add_page() function in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
222) Use-after-free (CVE-ID: CVE-2025-22126)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mddev_put(), md_seq_show(), EXPORT_SYMBOL_GPL(), md_notify_reboot(), md_autostart_arrays() and md_exit() functions in drivers/md/md.c. A local user can escalate privileges on the system.
223) Improper locking (CVE-ID: CVE-2025-22125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid10_read_request() and raid10_write_one_disk() functions in drivers/md/raid10.c, within the raid1_read_request() and raid1_write_request() functions in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.
224) Input validation error (CVE-ID: CVE-2025-22124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __write_sb_page() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
225) Input validation error (CVE-ID: CVE-2025-22123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_write_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
226) Buffer overflow (CVE-ID: CVE-2025-22122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the EXPORT_SYMBOL() and EXPORT_SYMBOL_GPL() functions in block/bio.c. A local user can perform a denial of service (DoS) attack.
227) Use-after-free (CVE-ID: CVE-2025-22121)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_xattr_check_block(), __xattr_check_inode(), ext4_xattr_ibody_get(), ext4_xattr_ibody_list(), ext4_get_inode_usage(), ext4_xattr_ibody_find() and sizeof() functions in fs/ext4/xattr.c, within the ext4_iget_extra_inode() function in fs/ext4/inode.c. A local user can escalate privileges on the system.
228) Improper locking (CVE-ID: CVE-2025-22120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_setattr() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
229) Improper locking (CVE-ID: CVE-2025-22119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the INIT_WORK() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.
230) Out-of-bounds read (CVE-ID: CVE-2025-22118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ice_vc_cfg_q_quanta() function in drivers/net/ethernet/intel/ice/ice_virtchnl.c. A local user can perform a denial of service (DoS) attack.
231) Input validation error (CVE-ID: CVE-2025-22117)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ice_vc_fdir_parse_raw() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.
232) Improper error handling (CVE-ID: CVE-2025-22116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idpf_stop() and idpf_init_task() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
233) Use-after-free (CVE-ID: CVE-2025-22115)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_create_pending_block_groups() function in fs/btrfs/block-group.c. A local user can escalate privileges on the system.
234) Input validation error (CVE-ID: CVE-2025-22114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the btrfs_validate_super() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
235) Improper locking (CVE-ID: CVE-2025-22113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_handle_error(), ext4_put_super() and ext4_load_and_init_journal() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
236) Buffer overflow (CVE-ID: CVE-2025-22112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bnxt_queue_start() and bnxt_queue_stop() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
237) Improper locking (CVE-ID: CVE-2025-22111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_write_iter(), brioctl_set(), br_ioctl_call(), sock_ioctl() and compat_sock_ioctl_trans() functions in net/socket.c, within the dev_ifsioc() and dev_ioctl() functions in net/core/dev_ioctl.c, within the old_deviceless() and br_ioctl_stub() functions in net/bridge/br_ioctl.c. A local user can perform a denial of service (DoS) attack.
238) Buffer overflow (CVE-ID: CVE-2025-22110)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfqnl_build_packet_message() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
239) Memory leak (CVE-ID: CVE-2025-22109)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_get_route() function in net/ax25/ax25_route.c, within the ax25_connect() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
240) Input validation error (CVE-ID: CVE-2025-22108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnxt_xmit_bd() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_start_xmit() and dma_unmap_addr_set() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
241) Out-of-bounds read (CVE-ID: CVE-2025-22107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sja1105_table_delete_entry() function in drivers/net/dsa/sja1105/sja1105_static_config.c. A local user can perform a denial of service (DoS) attack.
242) Resource management error (CVE-ID: CVE-2025-22106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmxnet3_rq_cleanup() and vmxnet3_rq_destroy() functions in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
243) Resource management error (CVE-ID: CVE-2025-22105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bond_set_xfrm_features() function in drivers/net/bonding/bond_options.c, within the bond_sk_check(), bond_xdp_set_features() and bond_xdp_set() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
244) Out-of-bounds read (CVE-ID: CVE-2025-22104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vnic_add_client_data(), send_login(), handle_query_ip_offload_rsp() and handle_login_rsp() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
245) NULL pointer dereference (CVE-ID: CVE-2025-22103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ipvlan_l3s_unregister() function in drivers/net/ipvlan/ipvlan_l3s.c. A local user can perform a denial of service (DoS) attack.
246) Improper locking (CVE-ID: CVE-2025-22102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nxp_download_firmware() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
247) Input validation error (CVE-ID: CVE-2025-22101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the wx_tx_csum() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
248) Use-after-free (CVE-ID: CVE-2025-22100)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panthor_fdinfo_gather_group_samples() function in drivers/gpu/drm/panthor/panthor_sched.c. A local user can escalate privileges on the system.
249) NULL pointer dereference (CVE-ID: CVE-2025-22099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zynqmp_audio_init() function in drivers/gpu/drm/xlnx/zynqmp_dp_audio.c. A local user can perform a denial of service (DoS) attack.
250) Improper locking (CVE-ID: CVE-2025-22098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the zynqmp_dp_ignore_hpd_set() function in drivers/gpu/drm/xlnx/zynqmp_dp.c. A local user can perform a denial of service (DoS) attack.
251) Use-after-free (CVE-ID: CVE-2025-22097)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vkms_init() and vkms_destroy() functions in drivers/gpu/drm/vkms/vkms_drv.c. A local user can escalate privileges on the system.
252) Input validation error (CVE-ID: CVE-2025-22096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msm_parse_deps() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
253) Resource management error (CVE-ID: CVE-2025-22095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the brcm_pcie_add_bus() function in drivers/pci/controller/pcie-brcmstb.c. A local user can perform a denial of service (DoS) attack.
254) NULL pointer dereference (CVE-ID: CVE-2025-22094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vpa_pmu_del() function in arch/powerpc/perf/vpa-pmu.c. A local user can perform a denial of service (DoS) attack.
255) NULL pointer dereference (CVE-ID: CVE-2025-22093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dmub_hw_lock_mgr_inbox0_cmd() function in drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c. A local user can perform a denial of service (DoS) attack.
256) NULL pointer dereference (CVE-ID: CVE-2025-22092)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_iov_add_virtfn() function in drivers/pci/iov.c. A local user can perform a denial of service (DoS) attack.
257) Buffer overflow (CVE-ID: CVE-2025-22091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the create_mkey_callback(), alloc_cacheable_mr(), reg_create() and create_real_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
258) Resource management error (CVE-ID: CVE-2025-22090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the copy_page_range() function in mm/memory.c, within the vm_area_dup() function in kernel/fork.c, within the get_pat_info() and untrack_pfn() functions in arch/x86/mm/pat/memtype.c. A local user can perform a denial of service (DoS) attack.
259) NULL pointer dereference (CVE-ID: CVE-2025-22089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ib_setup_device_attrs() function in drivers/infiniband/core/sysfs.c, within the rdma_init_coredev() function in drivers/infiniband/core/device.c. A local user can perform a denial of service (DoS) attack.
260) Use-after-free (CVE-ID: CVE-2025-22088)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the erdma_cancel_mpatimer() function in drivers/infiniband/hw/erdma/erdma_cm.c. A local user can escalate privileges on the system.
261) Input validation error (CVE-ID: CVE-2025-22087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_patch_call_args() and bpf_prog_select_func() functions in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
262) NULL pointer dereference (CVE-ID: CVE-2025-22086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntohl() function in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.
263) Use-after-free (CVE-ID: CVE-2025-22085)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ib_device_notify_register() function in drivers/infiniband/core/device.c. A local user can escalate privileges on the system.
264) NULL pointer dereference (CVE-ID: CVE-2025-22084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the w1_uart_probe() function in drivers/w1/masters/w1-uart.c. A local user can perform a denial of service (DoS) attack.
265) Memory leak (CVE-ID: CVE-2025-22083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vhost_scsi_set_endpoint(), target_undepend_item() and vhost_scsi_flush() functions in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.
266) Buffer overflow (CVE-ID: CVE-2025-22082)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iio_backend_debugfs_write_reg() function in drivers/iio/industrialio-backend.c. A local user can perform a denial of service (DoS) attack.
267) Integer overflow (CVE-ID: CVE-2025-22081)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the index_hdr_check() function in fs/ntfs3/index.c. A local user can execute arbitrary code.
268) Integer overflow (CVE-ID: CVE-2025-22080)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fs/ntfs3/ntfs.h. A local user can execute arbitrary code.
269) Out-of-bounds read (CVE-ID: CVE-2025-22079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __ocfs2_find_path() function in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.
270) Resource management error (CVE-ID: CVE-2025-22078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vchiq_remove() function in drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c. A local user can perform a denial of service (DoS) attack.
271) Input validation error (CVE-ID: CVE-2025-22076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the exfat_file_write_iter(), exfat_file_read_iter() and exfat_file_mmap() functions in fs/exfat/file.c. A local user can perform a denial of service (DoS) attack.
272) Improper locking (CVE-ID: CVE-2025-22075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtnl_vfinfo_size() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
273) Incorrect calculation (CVE-ID: CVE-2025-22074)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the smb2_oplock_break_noti() and smb2_lease_break_noti() functions in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
274) Memory leak (CVE-ID: CVE-2025-22073)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spufs_fill_dir() function in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.
275) Memory leak (CVE-ID: CVE-2025-22072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.
276) Memory leak (CVE-ID: CVE-2025-22071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spufs_create_context() function in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.
277) NULL pointer dereference (CVE-ID: CVE-2025-22070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v9fs_vfs_mkdir_dotl() function in fs/9p/vfs_inode_dotl.c. A local user can perform a denial of service (DoS) attack.
278) Resource management error (CVE-ID: CVE-2025-22069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the 1SZREG() function in arch/riscv/kernel/mcount.S. A local user can perform a denial of service (DoS) attack.
279) Use-after-free (CVE-ID: CVE-2025-22068)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ublk_abort_queue() and ublk_abort_requests() functions in drivers/block/ublk_drv.c. A local user can escalate privileges on the system.
280) Out-of-bounds read (CVE-ID: CVE-2025-22067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cdns_mrvl_xspi_setup_clock() function in drivers/spi/spi-cadence-xspi.c. A local user can perform a denial of service (DoS) attack.
281) NULL pointer dereference (CVE-ID: CVE-2025-22066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imx_card_probe() function in sound/soc/fsl/imx-card.c. A local user can perform a denial of service (DoS) attack.
282) NULL pointer dereference (CVE-ID: CVE-2025-22065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_shutdown() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
283) Incorrect calculation (CVE-ID: CVE-2025-22064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_updchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
284) NULL pointer dereference (CVE-ID: CVE-2025-22063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the calipso_sock_getattr() and calipso_sock_setattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
285) NULL pointer dereference (CVE-ID: CVE-2025-22062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() and proc_sctp_do_udp_port() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
286) Resource management error (CVE-ID: CVE-2025-22061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the airoha_tc_get_htb_get_leaf_queue() function in drivers/net/ethernet/airoha/airoha_eth.c. A local user can perform a denial of service (DoS) attack.
287) Use-after-free (CVE-ID: CVE-2025-22060)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvpp2_prs_hw_write(), mvpp2_prs_init_from_hw(), mvpp2_prs_flow_find(), mvpp2_prs_mac_drop_all_set(), mvpp2_prs_mac_promisc_set(), mvpp2_prs_dsa_tag_set(), mvpp2_prs_dsa_tag_ethertype_set(), mvpp2_prs_vlan_find(), mvpp2_prs_vlan_add(), mvpp2_prs_double_vlan_find(), mvpp2_prs_double_vlan_add(), mvpp2_prs_mac_init(), mvpp2_prs_vlan_init(), mvpp2_prs_vid_range_find(), mvpp2_prs_vid_entry_add(), mvpp2_prs_vid_entry_remove(), mvpp2_prs_vid_remove_all(), mvpp2_prs_vid_disable_filtering(), mvpp2_prs_vid_enable_filtering(), mvpp2_prs_default_init(), mvpp2_prs_mac_da_range_find(), mvpp2_prs_mac_da_accept(), mvpp2_prs_mac_del_all(), mvpp2_prs_tag_mode_set(), mvpp2_prs_add_flow(), mvpp2_prs_def_flow() and mvpp2_prs_hits() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c, within the mvpp2_probe() function in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can escalate privileges on the system.
288) Use of uninitialized resource (CVE-ID: CVE-2025-22059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udp_rmem_schedule() and __udp_enqueue_schedule_skb() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
289) Memory leak (CVE-ID: CVE-2025-22058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the udp_skb_has_head_state(), udp_rmem_release(), EXPORT_SYMBOL_GPL() and first_packet_length() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
290) Use-after-free (CVE-ID: CVE-2025-22057)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dst_count_dec() function in net/core/dst.c. A local user can escalate privileges on the system.
291) Resource management error (CVE-ID: CVE-2025-22056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_tunnel_obj_geneve_init() and nft_tunnel_opts_dump() functions in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
292) Out-of-bounds read (CVE-ID: CVE-2025-22055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nft_tunnel_obj_erspan_init() function in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
293) NULL pointer dereference (CVE-ID: CVE-2025-22054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the com20020pci_probe() function in drivers/net/arcnet/com20020-pci.c. A local user can perform a denial of service (DoS) attack.
294) Improper locking (CVE-ID: CVE-2025-22053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the veth_pool_store() function in drivers/net/ethernet/ibm/ibmveth.c. A local user can perform a denial of service (DoS) attack.
295) NULL pointer dereference (CVE-ID: CVE-2025-22052)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ni_usb_read(), ni_usb_write(), ni_usb_command_chunk(), ni_usb_take_control(), ni_usb_go_to_standby(), ni_usb_request_system_control(), ni_usb_interface_clear(), ni_usb_remote_enable(), ni_usb_update_status(), ni_usb_primary_address(), ni_usb_secondary_address(), ni_usb_parallel_poll(), ni_usb_parallel_poll_configure(), ni_usb_parallel_poll_response(), ni_usb_serial_poll_response(), ni_usb_return_to_local(), ni_usb_line_status() and ni_usb_t1_delay() functions in drivers/staging/gpib/ni_usb/ni_usb_gpib.c. A local user can perform a denial of service (DoS) attack.
296) NULL pointer dereference (CVE-ID: CVE-2025-22051)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the agilent_82357a_read(), agilent_82357a_generic_write(), agilent_82357a_take_control_internal(), agilent_82357a_take_control(), agilent_82357a_go_to_standby(), agilent_82357a_request_system_control(), agilent_82357a_interface_clear(), agilent_82357a_enable_eos(), agilent_82357a_disable_eos(), agilent_82357a_primary_address(), agilent_82357a_secondary_address(), agilent_82357a_return_to_local() and nanosec_to_fast_talker_bits() functions in drivers/staging/gpib/agilent_82357a/agilent_82357a.c. A local user can perform a denial of service (DoS) attack.
297) NULL pointer dereference (CVE-ID: CVE-2025-22050)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
298) Input validation error (CVE-ID: CVE-2025-22047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __apply_microcode_amd() function in arch/x86/kernel/cpu/microcode/amd.c. A local user can perform a denial of service (DoS) attack.
299) Input validation error (CVE-ID: CVE-2025-22046)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uprobe_copy_process() function in kernel/events/uprobes.c, within the arch_uprobe_trampoline() function in arch/x86/kernel/uprobes.c. A local user can perform a denial of service (DoS) attack.
300) Input validation error (CVE-ID: CVE-2025-22045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/x86/include/asm/tlbflush.h. A local user can perform a denial of service (DoS) attack.
301) Resource management error (CVE-ID: CVE-2025-22044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.
302) Input validation error (CVE-ID: CVE-2025-22043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_durable_handle_context() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
303) Input validation error (CVE-ID: CVE-2025-22042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_lease_state() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
304) Use-after-free (CVE-ID: CVE-2025-22041)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ksmbd_sessions_deregister() function in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.
305) Use-after-free (CVE-ID: CVE-2025-22040)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_session_logoff() function in fs/smb/server/smb2pdu.c, within the ksmbd_expire_session(), ksmbd_sessions_deregister(), ksmbd_user_session_put() and __session_create() functions in fs/smb/server/mgmt/user_session.c, within the ksmbd_get_encryption_key() function in fs/smb/server/auth.c. A local user can escalate privileges on the system.
306) Out-of-bounds read (CVE-ID: CVE-2025-22039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb_inherit_dacl() and smb_check_perm_dacl() functions in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.
307) Out-of-bounds read (CVE-ID: CVE-2025-22038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sid_to_id() function in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.
308) NULL pointer dereference (CVE-ID: CVE-2025-22037)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_handle_negotiate(), alloc_preauth_hash(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the destroy_previous_session() function in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.
309) Use-after-free (CVE-ID: CVE-2025-22036)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the exfat_get_block() function in fs/exfat/inode.c. A local user can escalate privileges on the system.
310) Use-after-free (CVE-ID: CVE-2025-22035)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wakeup_trace_open() function in kernel/trace/trace_sched_wakeup.c, within the irqsoff_trace_open() function in kernel/trace/trace_irqsoff.c, within the graph_trace_close() function in kernel/trace/trace_functions_graph.c. A local user can escalate privileges on the system.
311) Use-after-free (CVE-ID: CVE-2025-22034)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_vma_flags() function in mm/gup.c. A local user can escalate privileges on the system.
312) NULL pointer dereference (CVE-ID: CVE-2025-22033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_compat_alignment_fixup() function in arch/arm64/kernel/compat_alignment.c. A local user can perform a denial of service (DoS) attack.
313) NULL pointer dereference (CVE-ID: CVE-2025-22032)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7921_mac_sta_add() function in drivers/net/wireless/mediatek/mt76/mt7921/main.c. A local user can perform a denial of service (DoS) attack.
314) NULL pointer dereference (CVE-ID: CVE-2025-22031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcie_bwnotif_probe() function in drivers/pci/pcie/bwctrl.c. A local user can perform a denial of service (DoS) attack.
315) Use-after-free (CVE-ID: CVE-2025-22030)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zswap_cpu_comp_dead() function in mm/zswap.c. A local user can escalate privileges on the system.
316) Resource management error (CVE-ID: CVE-2025-22028)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vimc_streamer_pipeline_terminate() function in drivers/media/test-drivers/vimc/vimc-streamer.c. A local user can perform a denial of service (DoS) attack.
317) NULL pointer dereference (CVE-ID: CVE-2025-22027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the streamzap_disconnect() function in drivers/media/rc/streamzap.c. A local user can perform a denial of service (DoS) attack.
318) Buffer overflow (CVE-ID: CVE-2025-22026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd_show() function in fs/nfsd/stats.c, within the nfsd_net_init() function in fs/nfsd/nfsctl.c. A local user can perform a denial of service (DoS) attack.
319) Memory leak (CVE-ID: CVE-2025-22025)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_alloc_open_stateid() and nfsd_break_one_deleg() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
320) Use-after-free (CVE-ID: CVE-2025-22024)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfsd_nl_listener_set_doit() function in fs/nfsd/nfsctl.c. A local user can escalate privileges on the system.
321) Use-after-free (CVE-ID: CVE-2025-22023)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the handle_tx_event() function in drivers/usb/host/xhci-ring.c. A local user can escalate privileges on the system.
322) Improper locking (CVE-ID: CVE-2025-22022)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/usb/host/xhci.h. A local user can perform a denial of service (DoS) attack.
323) Resource management error (CVE-ID: CVE-2025-22021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_sk_lookup_slow_v6() function in net/ipv6/netfilter/nf_socket_ipv6.c. A local user can perform a denial of service (DoS) attack.
324) Use-after-free (CVE-ID: CVE-2025-22020)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtsx_usb_ms_drv_remove() function in drivers/memstick/host/rtsx_usb_ms.c. A local user can escalate privileges on the system.
325) Improper privilege management (CVE-ID: CVE-2025-22019)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the bch2_ioctl_subvolume_destroy() function in fs/bcachefs/fs-ioctl.c. A local user can read and manipulate data.
326) NULL pointer dereference (CVE-ID: CVE-2025-22018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the MPOA_cache_impos_rcvd() function in net/atm/mpc.c. A local user can perform a denial of service (DoS) attack.
327) Infinite loop (CVE-ID: CVE-2024-58097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ath11k_dp_rx_mon_mpdu_pop() and ath11k_dp_rx_full_mon_mpdu_pop() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
328) Resource management error (CVE-ID: CVE-2024-58096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_dp_rx_mon_dest_process(), ath11k_dp_full_mon_process_rx() and ath11k_hal_srng_access_end() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
329) Input validation error (CVE-ID: CVE-2024-58095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the extAlloc() and extRecord() functions in fs/jfs/jfs_extent.c. A local user can perform a denial of service (DoS) attack.
330) Input validation error (CVE-ID: CVE-2024-58094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_truncate_nolock() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
331) Use-after-free (CVE-ID: CVE-2024-58093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.
332) Out-of-bounds read (CVE-ID: CVE-2023-53034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the switchtec_ntb_mw_set_trans() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.