Main Vulnerability Database SB2025071787

SB2025071787 - Ubuntu update for linux-oem-6.14

Published: July 17, 2025

Security Bulletin ID SB2025071787

Severity

High

Patch available

YES

Number of vulnerabilities 45

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 45 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2025-38216)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the intel_nested_attach_dev() function in drivers/iommu/intel/nested.c, within the dmar_domain_attach_device(), device_block_translation() and identity_domain_attach_dev() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

2) Improper error handling (CVE-ID: CVE-2025-37991)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the handle_fpe() function in arch/parisc/math-emu/driver.c. A local user can perform a denial of service (DoS) attack.

3) Improper error handling (CVE-ID: CVE-2025-37990)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.

4) Input validation error (CVE-ID: CVE-2025-37974)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __clp_add() function in arch/s390/pci/pci_clp.c. A local user can perform a denial of service (DoS) attack.

5) Improper locking (CVE-ID: CVE-2025-37946)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the disable_slot() function in drivers/pci/hotplug/s390_pci_hpc.c. A local user can perform a denial of service (DoS) attack.

6) Resource management error (CVE-ID: CVE-2025-37936)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the intel_guest_get_msrs() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

7) Input validation error (CVE-ID: CVE-2025-37935)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/ethernet/mediatek/mtk_eth_soc.c. A local user can perform a denial of service (DoS) attack.

8) Use of uninitialized resource (CVE-ID: CVE-2025-37934)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the graph_util_parse_link_direction() function in sound/soc/generic/simple-card-utils.c. A local user can perform a denial of service (DoS) attack.

9) Input validation error (CVE-ID: CVE-2025-37933)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the octep_hb_timeout_task() function in drivers/net/ethernet/marvell/octeon_ep/octep_main.c. A local user can perform a denial of service (DoS) attack.

10) Infinite loop (CVE-ID: CVE-2025-37931)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the submit_eb_subpage() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.

11) Resource management error (CVE-ID: CVE-2025-37930)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.

12) Improper error handling (CVE-ID: CVE-2025-37929)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.

13) Improper error handling (CVE-ID: CVE-2025-37928)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.

14) Buffer overflow (CVE-ID: CVE-2025-37927)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the drivers/iommu/amd/init.c. A local user can escalate privileges on the system.

15) Use-after-free (CVE-ID: CVE-2025-37926)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ksmbd_session_rpc_clear_list(), ksmbd_session_rpc_open(), ksmbd_session_rpc_close() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.

16) Use-after-free (CVE-ID: CVE-2025-37924)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the krb5_authenticate() function in fs/smb/server/smb2pdu.c, within the ksmbd_krb5_authenticate() function in fs/smb/server/auth.c. A local user can escalate privileges on the system.

17) Buffer overflow (CVE-ID: CVE-2025-37923)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the tracing_splice_read_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

18) Use-after-free (CVE-ID: CVE-2025-37922)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the radix__vmemmap_populate() function in arch/powerpc/mm/book3s64/radix_pgtable.c. A local user can escalate privileges on the system.

19) Improper locking (CVE-ID: CVE-2025-37921)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vxlan_vni_delete_group() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.

20) Improper locking (CVE-ID: CVE-2025-37920)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xp_create_and_assign_umem() function in net/xdp/xsk_buff_pool.c, within the xsk_generic_rcv() and xsk_create() functions in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2025-37919)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acp_i2s_set_tdm_slot() function in sound/soc/amd/acp/acp-i2s.c. A local user can perform a denial of service (DoS) attack.

22) Improper locking (CVE-ID: CVE-2025-37917)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mtk_star_tx_poll() and mtk_star_rx_poll() functions in drivers/net/ethernet/mediatek/mtk_star_emac.c. A local user can perform a denial of service (DoS) attack.

23) Use-after-free (CVE-ID: CVE-2025-37916)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pdsc_auxbus_dev_del() function in drivers/net/ethernet/amd/pds_core/auxbus.c. A local user can escalate privileges on the system.

24) Use-after-free (CVE-ID: CVE-2025-37915)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.

25) Use-after-free (CVE-ID: CVE-2025-37914)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and ets_qdisc_enqueue() functions in net/sched/sch_ets.c. A local user can escalate privileges on the system.

26) Use-after-free (CVE-ID: CVE-2025-37913)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and qfq_enqueue() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.

27) NULL pointer dereference (CVE-ID: CVE-2025-37912)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_vc_add_fdir_fltr() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.

28) Out-of-bounds read (CVE-ID: CVE-2025-37911)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.

29) NULL pointer dereference (CVE-ID: CVE-2025-37910)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ptp_ocp_sma_adva_set_output() function in drivers/ptp/ptp_ocp.c. A local user can perform a denial of service (DoS) attack.

30) Memory leak (CVE-ID: CVE-2025-37909)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lan743x_tx_frame_add_lso(), lan743x_tx_frame_add_fragment() and lan743x_tx_frame_end() functions in drivers/net/ethernet/microchip/lan743x_main.c. A local user can perform a denial of service (DoS) attack.

31) Buffer overflow (CVE-ID: CVE-2025-37908)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the free_slab_obj_exts(), prepare_slab_obj_exts_hook() and account_slab() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.

32) Improper locking (CVE-ID: CVE-2025-37907)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ivpu_job_submit() function in drivers/accel/ivpu/ivpu_job.c. A local user can perform a denial of service (DoS) attack.

33) Race condition (CVE-ID: CVE-2025-37906)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the ublk_start_cancel(), ublk_uring_cmd_cancel_fn() and ublk_cancel_queue() functions in drivers/block/ublk_drv.c. A local user can escalate privileges on the system.

34) Memory leak (CVE-ID: CVE-2025-37905)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the scmi_child_dev_find() function in drivers/firmware/arm_scmi/bus.c. A local user can perform a denial of service (DoS) attack.

35) Memory leak (CVE-ID: CVE-2025-37904)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_iget() function in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.

36) Use-after-free (CVE-ID: CVE-2025-37903)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hdcp_update_display(), hdcp_remove_display(), hdcp_reset_display() and update_config() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.

37) Input validation error (CVE-ID: CVE-2025-37901)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qcom_mpm_alloc() function in drivers/irqchip/irq-qcom-mpm.c. A local user can perform a denial of service (DoS) attack.

38) NULL pointer dereference (CVE-ID: CVE-2025-37900)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.

39) Use-after-free (CVE-ID: CVE-2025-37899)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the smb2_session_logoff() function in fs/smb/server/smb2pdu.c. A remote attacker can send specially crafted data to the SMB client during session logoff and compromise the affected system.

40) Improper error handling (CVE-ID: CVE-2025-37898)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the get_stubs_size() function in arch/powerpc/kernel/module_64.c. A local user can perform a denial of service (DoS) attack.

41) Improper locking (CVE-ID: CVE-2025-37897)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the plfxlc_mac_init_hw() function in drivers/net/wireless/purelifi/plfxlc/mac.c. A local user can perform a denial of service (DoS) attack.

42) Buffer overflow (CVE-ID: CVE-2025-37896)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the spi_mem_calc_op_duration() function in drivers/spi/spi-mem.c. A local user can perform a denial of service (DoS) attack.

43) Improper locking (CVE-ID: CVE-2025-37895)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bnxt_init_napi() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.

44) Improper locking (CVE-ID: CVE-2025-37894)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcp6_check_fraglist_gro() function in net/ipv6/tcpv6_offload.c, within the tcp4_check_fraglist_gro() function in net/ipv4/tcp_offload.c. A local user can perform a denial of service (DoS) attack.

45) Buffer overflow (CVE-ID: CVE-2025-37891)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the include/sound/ump_convert.h. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-7650-1

SB2025071787 - Ubuntu update for linux-oem-6.14

Breakdown by Severity

Description

Remediation

References

Please verify you're human