SB2025071791 - Ubuntu update for linux-hwe-6.8
Published: July 17, 2025 Updated: September 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 158 secuirty vulnerabilities.
1) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2025-2312)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exist due to cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments when trying to obtain Kerberos credentials. A local user can gain access to sensitive information.
2) Input validation error (CVE-ID: CVE-2025-38177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the eltree_insert() and hfsc_qlen_notify() functions in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2025-38001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_in_el_or_vttree(), hfsc_change_class() and hfsc_enqueue() functions in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
4) Use-after-free (CVE-ID: CVE-2025-38000)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
5) Improper locking (CVE-ID: CVE-2025-37997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/netfilter/ipset/ip_set_hash_gen.h. A local user can perform a denial of service (DoS) attack.
6) Input validation error (CVE-ID: CVE-2025-37974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __clp_add() function in arch/s390/pci/pci_clp.c. A local user can perform a denial of service (DoS) attack.
7) Resource management error (CVE-ID: CVE-2025-37932)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the htb_qlen_notify() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2025-37890)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
9) Input validation error (CVE-ID: CVE-2025-37798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_bstats_update() function in net/sched/sch_fq_codel.c, within the codel_qdisc_dequeue() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
10) Use-after-free (CVE-ID: CVE-2025-37750)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the decrypt_raw_data() function in fs/smb/client/smb2ops.c, within the cifs_crypto_secmech_release() function in fs/smb/client/cifsencrypt.c. A local user can escalate privileges on the system.
11) Use-after-free (CVE-ID: CVE-2025-22088)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the erdma_cancel_mpatimer() function in drivers/infiniband/hw/erdma/erdma_cm.c. A local user can escalate privileges on the system.
12) Improper locking (CVE-ID: CVE-2025-21943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the new_device_store(), kfree() and delete_device_store() functions in drivers/gpio/gpio-aggregator.c. A local user can perform a denial of service (DoS) attack.
13) Incorrect calculation (CVE-ID: CVE-2025-21832)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the blkdev_read_iter() function in block/fops.c. A local user can perform a denial of service (DoS) attack.
14) Resource management error (CVE-ID: CVE-2025-21830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_mode_access() function in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.
15) Resource management error (CVE-ID: CVE-2025-21829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __rxe_cleanup() function in drivers/infiniband/sw/rxe/rxe_pool.c. A local user can perform a denial of service (DoS) attack.
16) Input validation error (CVE-ID: CVE-2025-21828)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/mac80211/driver-ops.h. A local user can perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2025-21826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nft_set_desc_concat_parse() and nft_set_desc_concat() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2025-21825)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_timer_cancel_and_free() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
19) Improper locking (CVE-ID: CVE-2025-21820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns_uart_handle_rx(), cdns_uart_isr() and cdns_uart_console_write() functions in drivers/tty/serial/xilinx_uartps.c. A local user can perform a denial of service (DoS) attack.
20) Resource management error (CVE-ID: CVE-2025-21816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the HRTIMER_ACTIVE_SOFT(), DEFINE_PER_CPU(), hrtimer_base_is_online(), lock_hrtimer_base(), raw_spin_unlock(), WRITE_ONCE(), hrtimer_is_hres_enabled() and __hrtimer_start_range_ns() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.
21) Out-of-bounds read (CVE-ID: CVE-2025-21815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isolate_freepages_block() function in mm/compaction.c. A local user can perform a denial of service (DoS) attack.
22) NULL pointer dereference (CVE-ID: CVE-2025-21814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ptp_getcycles64() and ptp_clock_register() functions in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2025-21812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.
24) Improper locking (CVE-ID: CVE-2025-21811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_lookup_dirty_data_buffers() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2025-21810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the class_dev_iter_init() and class_dev_iter_next() functions in drivers/base/class.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2025-21809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_new_incoming_peer(), rxrpc_lookup_peer() and __rxrpc_put_peer() functions in net/rxrpc/peer_object.c, within the rxrpc_peer_keepalive_dispatch() and rxrpc_peer_keepalive_worker() functions in net/rxrpc/peer_event.c. A local user can perform a denial of service (DoS) attack.
27) Input validation error (CVE-ID: CVE-2025-21808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dev_xdp_attach() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
28) Improper error handling (CVE-ID: CVE-2025-21806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.
29) Buffer overflow (CVE-ID: CVE-2025-21804)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rcar_pcie_parse_outbound_ranges() function in drivers/pci/controller/pcie-rcar-ep.c. A local user can perform a denial of service (DoS) attack.
30) Input validation error (CVE-ID: CVE-2025-21802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hclgevf_init() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c, within the module_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c, within the EXPORT_SYMBOL() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.
31) Improper locking (CVE-ID: CVE-2025-21801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ravb_suspend() and ravb_resume() functions in drivers/net/ethernet/renesas/ravb_main.c. A local user can perform a denial of service (DoS) attack.
32) Improper error handling (CVE-ID: CVE-2025-21799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the am65_cpsw_nuss_remove_tx_chns() function in drivers/net/ethernet/ti/am65-cpsw-nuss.c. A local user can perform a denial of service (DoS) attack.
33) NULL pointer dereference (CVE-ID: CVE-2025-21798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the device_attr_simple_avc() and device_attr_legacy_avc() functions in drivers/firewire/device-attribute-test.c. A local user can perform a denial of service (DoS) attack.
34) Reachable assertion (CVE-ID: CVE-2025-21754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the btrfs_split_ordered_extent() function in fs/btrfs/ordered-data.c. A local user can perform a denial of service (DoS) attack.
35) Use-after-free (CVE-ID: CVE-2025-21753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/btrfs/transaction.c. A local user can escalate privileges on the system.
36) Input validation error (CVE-ID: CVE-2025-21750)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the brcmf_of_probe() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c. A local user can perform a denial of service (DoS) attack.
37) Improper locking (CVE-ID: CVE-2025-21749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rose_bind() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.
38) Integer overflow (CVE-ID: CVE-2025-21748)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ksmbd_ipc_spnego_authen_request(), ksmbd_rpc_write() and ksmbd_rpc_ioctl() functions in fs/smb/server/transport_ipc.c. A local user can execute arbitrary code.
39) Memory leak (CVE-ID: CVE-2025-21745)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the blkcg_fill_root_iostats() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
40) NULL pointer dereference (CVE-ID: CVE-2025-21744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_txfinalize() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can perform a denial of service (DoS) attack.
41) Out-of-bounds read (CVE-ID: CVE-2025-21743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
42) Out-of-bounds read (CVE-ID: CVE-2025-21742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
43) Out-of-bounds read (CVE-ID: CVE-2025-21741)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
44) Memory leak (CVE-ID: CVE-2025-21739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ufshcd_pltfrm_init() and ufshcd_pltfrm_remove() functions in drivers/ufs/host/ufshcd-pltfrm.c, within the ufshcd_pci_remove() and ufshcd_pci_probe() functions in drivers/ufs/host/ufshcd-pci.c, within the EXPORT_SYMBOL_GPL(), ufshcd_set_dma_mask() and ufshcd_alloc_host() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
45) Buffer overflow (CVE-ID: CVE-2025-21738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ata_pio_sector() function in drivers/ata/libata-sff.c. A local user can perform a denial of service (DoS) attack.
46) Integer overflow (CVE-ID: CVE-2025-21736)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nilfs_fiemap() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.
47) Buffer overflow (CVE-ID: CVE-2025-21735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nci_hci_create_pipe() function in net/nfc/nci/hci.c. A local user can escalate privileges on the system.
48) Out-of-bounds read (CVE-ID: CVE-2025-21734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fastrpc_get_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
49) Resource management error (CVE-ID: CVE-2025-21733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the trace_sched_migrate_callback() and register_migration_monitor() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
50) Use-after-free (CVE-ID: CVE-2025-21732)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_ib_invalidate_range() function in drivers/infiniband/hw/mlx5/odp.c, within the mlx5_revoke_mr() function in drivers/infiniband/hw/mlx5/mr.c. A local user can escalate privileges on the system.
51) Use-after-free (CVE-ID: CVE-2025-21731)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_disconnect_and_put() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
52) Resource management error (CVE-ID: CVE-2025-21728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_send_signal_common() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
53) Use-after-free (CVE-ID: CVE-2025-21727)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the padata_free_shell() function in kernel/padata.c. A local user can escalate privileges on the system.
54) Use-after-free (CVE-ID: CVE-2025-21726)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the padata_reorder() and invoke_padata_reorder() functions in kernel/padata.c. A local user can escalate privileges on the system.
55) Input validation error (CVE-ID: CVE-2025-21725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
56) Out-of-bounds read (CVE-ID: CVE-2025-21724)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iova_bitmap_offset_to_index() function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.
57) NULL pointer dereference (CVE-ID: CVE-2025-21723)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mpi3mr_bsg_init() function in drivers/scsi/mpi3mr/mpi3mr_app.c. A local user can perform a denial of service (DoS) attack.
58) Use-after-free (CVE-ID: CVE-2025-21722)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_clear_dirty_pages() and nilfs_clear_folio_dirty() functions in fs/nilfs2/page.c. A local user can escalate privileges on the system.
59) Input validation error (CVE-ID: CVE-2025-21721)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_rename() function in fs/nilfs2/namei.c, within the nilfs_inode_by_name(), nilfs_set_link() and nilfs_delete_entry() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
60) NULL pointer dereference (CVE-ID: CVE-2025-21720)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/xfrm.h. A local user can perform a denial of service (DoS) attack.
61) Race condition (CVE-ID: CVE-2025-21719)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2025-21718)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_heartbeat_expiry(), rose_timer_expiry() and rose_idletimer_expiry() functions in net/rose/rose_timer.c. A local user can escalate privileges on the system.
63) Use of uninitialized resource (CVE-ID: CVE-2025-21716)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the vxlan_vnifilter_dump() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.
64) Use-after-free (CVE-ID: CVE-2025-21715)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dm9000_drv_remove() function in drivers/net/ethernet/davicom/dm9000.c. A local user can escalate privileges on the system.
65) Use-after-free (CVE-ID: CVE-2025-21714)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the destroy_unused_implicit_child_mr() and implicit_get_child_mr() functions in drivers/infiniband/hw/mlx5/odp.c. A local user can escalate privileges on the system.
66) Integer overflow (CVE-ID: CVE-2025-21711)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the rose_setsockopt() function in net/rose/af_rose.c. A local user can execute arbitrary code.
67) Use-after-free (CVE-ID: CVE-2025-21710)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_select_window() function in net/ipv4/tcp_output.c. A local user can escalate privileges on the system.
68) Resource management error (CVE-ID: CVE-2025-21708)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the MSR_SPEED() and rtl8150_probe() functions in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
69) Use of uninitialized resource (CVE-ID: CVE-2025-21707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_parse_option() and mptcp_get_options() functions in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
70) Improper locking (CVE-ID: CVE-2025-21705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_sendmsg_fastopen() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
71) Resource management error (CVE-ID: CVE-2025-21699)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.
72) NULL pointer dereference (CVE-ID: CVE-2025-21697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.
73) Use-after-free (CVE-ID: CVE-2025-21694)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __read_vmcore() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.
74) Out-of-bounds read (CVE-ID: CVE-2025-21692)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
75) Resource management error (CVE-ID: CVE-2025-21691)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SYSCALL_DEFINE4() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
76) Resource management error (CVE-ID: CVE-2025-21690)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dev_warn() and storvsc_on_io_completion() functions in drivers/scsi/storvsc_drv.c. A local user can perform a denial of service (DoS) attack.
77) Out-of-bounds read (CVE-ID: CVE-2025-21689)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qt2_process_read_urb() function in drivers/usb/serial/quatech2.c. A local user can perform a denial of service (DoS) attack.
78) Improper locking (CVE-ID: CVE-2025-21684)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DECLARE_BITMAP(), xgpio_set(), xgpio_set_multiple(), xgpio_dir_in(), xgpio_dir_out(), xgpio_irq_mask(), xgpio_irq_unmask(), xgpio_irqhandler() and xgpio_probe() functions in drivers/gpio/gpio-xilinx.c. A local user can perform a denial of service (DoS) attack.
79) Memory leak (CVE-ID: CVE-2025-21683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the BPF_CALL_4() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
80) NULL pointer dereference (CVE-ID: CVE-2025-21682)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bnxt_xdp_set() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_set_ring_params(), bnxt_set_rx_skb_mode() and bnxt_init_one() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
81) Improper locking (CVE-ID: CVE-2025-21681)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_output() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.
82) Out-of-bounds read (CVE-ID: CVE-2025-21680)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_imix_entries() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2025-21678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gtp_newlink() and gtp_net_exit_batch_rtnl() functions in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
84) Use-after-free (CVE-ID: CVE-2025-21676)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fec_enet_tx() and fec_enet_rx_queue() functions in drivers/net/ethernet/freescale/fec_main.c. A local user can escalate privileges on the system.
85) NULL pointer dereference (CVE-ID: CVE-2025-21675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_lag_port_sel_create() and mlx5_destroy_ttc_table() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c. A local user can perform a denial of service (DoS) attack.
86) Improper locking (CVE-ID: CVE-2025-21674)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_xfrm_add_state() and mlx5e_xfrm_del_state() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c. A local user can perform a denial of service (DoS) attack.
87) Double free (CVE-ID: CVE-2025-21673)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the clean_demultiplex_info() and cifs_put_tcp_session() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
88) Improper locking (CVE-ID: CVE-2025-21672)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the afs_proc_addr_prefs_write() function in fs/afs/addr_prefs.c. A local user can perform a denial of service (DoS) attack.
89) NULL pointer dereference (CVE-ID: CVE-2025-21670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vsock_bpf_recvmsg() function in net/vmw_vsock/vsock_bpf.c. A local user can perform a denial of service (DoS) attack.
90) NULL pointer dereference (CVE-ID: CVE-2025-21669)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the virtio_transport_recv_pkt() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
91) Out-of-bounds read (CVE-ID: CVE-2025-21668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the imx8mp_blk_ctrl_remove() function in drivers/pmdomain/imx/imx8mp-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.
92) Infinite loop (CVE-ID: CVE-2025-21667)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the iomap_write_delalloc_scan() function in fs/iomap/buffered-io.c. A local user can perform a denial of service (DoS) attack.
93) NULL pointer dereference (CVE-ID: CVE-2025-21666)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and vsock_connectible_has_data() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
94) Infinite loop (CVE-ID: CVE-2025-21665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the folio_seek_hole_data() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
95) Buffer overflow (CVE-ID: CVE-2024-58085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tomoyo_write_control() function in security/tomoyo/common.c. A local user can perform a denial of service (DoS) attack.
96) Use-after-free (CVE-ID: CVE-2024-58083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/kvm_host.h. A local user can escalate privileges on the system.
97) Improper error handling (CVE-ID: CVE-2024-58082)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the npcm_video_ece_init() function in drivers/media/platform/nuvoton/npcm-video.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2024-58081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mmp_pm_domain_register() function in drivers/clk/mmp/pwr-island.c. A local user can perform a denial of service (DoS) attack.
99) NULL pointer dereference (CVE-ID: CVE-2024-58080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/dispcc-sm6350.c. A local user can perform a denial of service (DoS) attack.
100) Use-after-free (CVE-ID: CVE-2024-58079)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_gpio_parse() and uvc_unregister_video() functions in drivers/media/usb/uvc/uvc_driver.c. A local user can escalate privileges on the system.
101) Resource management error (CVE-ID: CVE-2024-58078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX() and misc_register() functions in drivers/char/misc.c. A local user can perform a denial of service (DoS) attack.
102) Input validation error (CVE-ID: CVE-2024-58077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the _soc_pcm_ret(), __soc_pcm_prepare(), soc_pcm_prepare(), dpcm_be_dai_prepare() and dpcm_set_fe_update_state() functions in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.
103) NULL pointer dereference (CVE-ID: CVE-2024-58076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/gcc-sm6350.c. A local user can perform a denial of service (DoS) attack.
104) Use-after-free (CVE-ID: CVE-2024-58072)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl_pci_get_amd_l1_patch(), _rtl_pci_find_adapter(), rtl_pci_probe(), rtl_pci_disconnect() and EXPORT_SYMBOL() functions in drivers/net/wireless/realtek/rtlwifi/pci.c, within the MODULE_AUTHOR() and rtl_core_module_init() functions in drivers/net/wireless/realtek/rtlwifi/base.c. A local user can escalate privileges on the system.
105) Improper locking (CVE-ID: CVE-2024-58071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the team_port_add() function in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.
106) Improper locking (CVE-ID: CVE-2024-58070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_local_storage_map_alloc() function in kernel/bpf/bpf_local_storage.c. A local user can perform a denial of service (DoS) attack.
107) Out-of-bounds read (CVE-ID: CVE-2024-58069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcf85063_nvmem_read() function in drivers/rtc/rtc-pcf85063.c. A local user can perform a denial of service (DoS) attack.
108) NULL pointer dereference (CVE-ID: CVE-2024-58068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the assert_clk_index(), dev_pm_opp_find_bw_ceil() and dev_pm_opp_find_bw_floor() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
109) Memory leak (CVE-ID: CVE-2024-58063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtl_pci_probe() function in drivers/net/wireless/realtek/rtlwifi/pci.c. A local user can perform a denial of service (DoS) attack.
110) Input validation error (CVE-ID: CVE-2024-58061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_if_parse_active_links() function in net/mac80211/debugfs_netdev.c. A local user can perform a denial of service (DoS) attack.
111) Use-after-free (CVE-ID: CVE-2024-58058)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ubifs_dump_tnc() function in fs/ubifs/debug.c. A local user can escalate privileges on the system.
112) Race condition (CVE-ID: CVE-2024-58057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the idpf_probe() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
113) Resource management error (CVE-ID: CVE-2024-58056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rproc_alloc() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
114) Double free (CVE-ID: CVE-2024-58055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the usbg_cmd_work() and bot_cmd_work() functions in drivers/usb/gadget/function/f_tcm.c. A local user can perform a denial of service (DoS) attack.
115) Resource management error (CVE-ID: CVE-2024-58054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the max96712_probe() function in drivers/staging/media/max96712/max96712.c. A local user can perform a denial of service (DoS) attack.
116) Input validation error (CVE-ID: CVE-2024-58053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_abort_conn() and rxrpc_abort_calls() functions in net/rxrpc/conn_event.c. A local user can perform a denial of service (DoS) attack.
117) NULL pointer dereference (CVE-ID: CVE-2024-58052)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atomctrl_get_smc_sclk_range_table() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
118) NULL pointer dereference (CVE-ID: CVE-2024-58051)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ipmb_probe() function in drivers/char/ipmi/ipmb_dev_int.c. A local user can perform a denial of service (DoS) attack.
119) Use-after-free (CVE-ID: CVE-2024-58034)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tegra_emc_find_node_by_ram_code() function in drivers/memory/tegra/tegra20-emc.c. A local user can escalate privileges on the system.
120) NULL pointer dereference (CVE-ID: CVE-2024-58019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the r535_gsp_msgq_wait() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c. A local user can perform a denial of service (DoS) attack.
121) Improper locking (CVE-ID: CVE-2024-58018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the r535_gsp_cmdq_push() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c. A local user can perform a denial of service (DoS) attack.
122) Integer overflow (CVE-ID: CVE-2024-58017)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __alignof__() function in kernel/printk/printk.c. A local user can execute arbitrary code.
123) Resource management error (CVE-ID: CVE-2024-58016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the handle_policy_update() function in security/safesetid/securityfs.c. A local user can perform a denial of service (DoS) attack.
124) Out-of-bounds read (CVE-ID: CVE-2024-58014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the wlc_phy_iqcal_gainparams_nphy() function in drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c. A local user can perform a denial of service (DoS) attack.
125) Use-after-free (CVE-ID: CVE-2024-58013)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_remove_adv_monitor_complete() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.
126) NULL pointer dereference (CVE-ID: CVE-2024-58011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the skl_int3472_tps68470_probe() function in drivers/platform/x86/intel/int3472/tps68470.c, within the skl_int3472_discrete_probe() function in drivers/platform/x86/intel/int3472/discrete.c. A local user can perform a denial of service (DoS) attack.
127) Integer overflow (CVE-ID: CVE-2024-58010)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the load_flat_file() function in fs/binfmt_flat.c. A local user can execute arbitrary code.
128) Out-of-bounds read (CVE-ID: CVE-2024-58007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qcom_socinfo_probe() function in drivers/soc/qcom/socinfo.c. A local user can perform a denial of service (DoS) attack.
129) Input validation error (CVE-ID: CVE-2024-58006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dw_pcie_ep_set_bar() function in drivers/pci/controller/dwc/pcie-designware-ep.c. A local user can perform a denial of service (DoS) attack.
130) Resource management error (CVE-ID: CVE-2024-58005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tpm_is_tpm2_log() and tpm_read_log_acpi() functions in drivers/char/tpm/eventlog/acpi.c. A local user can perform a denial of service (DoS) attack.
131) Buffer overflow (CVE-ID: CVE-2024-58003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ub953_subdev_uninit() function in drivers/media/i2c/ds90ub953.c, within the ub913_subdev_uninit() function in drivers/media/i2c/ds90ub913.c. A local user can perform a denial of service (DoS) attack.
132) Resource management error (CVE-ID: CVE-2024-58002)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the uvc_v4l2_release() function in drivers/media/usb/uvc/uvc_v4l2.c, within the uvc_ctrl_send_slave_event(), uvc_ctrl_status_event(), uvc_ctrl_commit_entity() and uvc_ctrl_init_device() functions in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.
133) Resource management error (CVE-ID: CVE-2024-58001)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.
134) Improper locking (CVE-ID: CVE-2024-57999)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enable_ddw() and spapr_tce_create_table() functions in arch/powerpc/platforms/pseries/iommu.c, within the iommu_table_clear() function in arch/powerpc/kernel/iommu.c. A local user can perform a denial of service (DoS) attack.
135) Reachable assertion (CVE-ID: CVE-2024-57998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the _find_opp_table(), _opp_table_find_key(), _find_key(), _find_key_exact(), _opp_table_find_key_ceil(), _find_key_ceil(), dev_pm_opp_find_freq_exact_indexed(), dev_pm_opp_find_freq_ceil_indexed(), dev_pm_opp_find_freq_floor_indexed(), dev_pm_opp_remove(), _opp_add_v1(), _opp_set_availability() and dev_pm_opp_adjust_voltage() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
136) Use of uninitialized resource (CVE-ID: CVE-2024-57997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the wcn36xx_probe() function in drivers/net/wireless/ath/wcn36xx/main.c. A local user can perform a denial of service (DoS) attack.
137) Out-of-bounds read (CVE-ID: CVE-2024-57996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sfq_change() function in net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
138) Improper locking (CVE-ID: CVE-2024-57994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pfifo_fast_change_tx_queue_len() function in net/sched/sch_generic.c, within the tun_queue_resize() function in drivers/net/tun.c, within the tap_queue_resize() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
139) Resource management error (CVE-ID: CVE-2024-57993)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.
140) Out-of-bounds read (CVE-ID: CVE-2024-57990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mt7925_load_clc() function in drivers/net/wireless/mediatek/mt76/mt7925/mcu.c. A local user can perform a denial of service (DoS) attack.
141) NULL pointer dereference (CVE-ID: CVE-2024-57986)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hid_apply_multiplier() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
142) Use-after-free (CVE-ID: CVE-2024-57984)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in drivers/i3c/master/dw-i3c-master.c. A local user can escalate privileges on the system.
143) Out-of-bounds read (CVE-ID: CVE-2024-57982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xfrm_state_deref_prot(), xfrm_dst_hash(), xfrm_src_hash(), xfrm_spi_hash(), xfrm_init_tempstate(), __xfrm_state_lookup_all(), xfrm_input_state_lookup(), EXPORT_SYMBOL(), __xfrm_state_lookup_byaddr(), xfrm_state_find(), xfrm_state_lookup() and xfrm_state_lookup_byaddr() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
144) NULL pointer dereference (CVE-ID: CVE-2024-57981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
145) Use-after-free (CVE-ID: CVE-2024-57980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_status_init() function in drivers/media/usb/uvc/uvc_status.c. A local user can escalate privileges on the system.
146) Use-after-free (CVE-ID: CVE-2024-57979)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ptp_ocp_complete() function in drivers/ptp/ptp_ocp.c, within the DEFINE_MUTEX(), pps_cdev_pps_fetch(), pps_cdev_ioctl(), pps_cdev_compat_ioctl(), pps_device_destruct(), pps_register_cdev(), pps_unregister_cdev(), EXPORT_SYMBOL() and pps_init() functions in drivers/pps/pps.c, within the pps_kc_bind() and pps_kc_remove() functions in drivers/pps/kc.c, within the pps_add_offset(), pps_register_source() and pps_event() functions in drivers/pps/kapi.c, within the parport_irq() function in drivers/pps/clients/pps_parport.c, within the pps_tty_dcd_change(), pps_tty_open() and pps_tty_close() functions in drivers/pps/clients/pps-ldisc.c, within the pps_ktimer_exit() and pps_ktimer_init() functions in drivers/pps/clients/pps-ktimer.c, within the pps_gpio_probe() function in drivers/pps/clients/pps-gpio.c. A local user can escalate privileges on the system.
147) Improper locking (CVE-ID: CVE-2024-57975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the can_nocow_file_extent() and run_delalloc_nocow() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
148) Improper locking (CVE-ID: CVE-2024-57974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the compute_score() and __udp6_lib_lookup() functions in net/ipv6/udp.c, within the udp_ehashfn() and __udp4_lib_lookup() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
149) Integer overflow (CVE-ID: CVE-2024-57973)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the copy_gl_to_skb_pkt() function in drivers/infiniband/hw/cxgb4/device.c. A local user can execute arbitrary code.
150) Integer overflow (CVE-ID: CVE-2024-57953)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the drivers/rtc/rtc-tps6594.c. A local user can execute arbitrary code.
151) Buffer overflow (CVE-ID: CVE-2024-57952)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the simple_offset_destroy(), offset_dir_open(), offset_dir_llseek(), offset_dir_emit() and offset_iterate_dir() functions in fs/libfs.c. A local user can perform a denial of service (DoS) attack.
152) Resource management error (CVE-ID: CVE-2024-57951)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hrtimers_prepare_cpu() and hrtimers_cpu_dying() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.
153) Improper locking (CVE-ID: CVE-2024-57949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the its_irq_set_vcpu_affinity() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
154) Improper error handling (CVE-ID: CVE-2024-57948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ieee802154_if_remove() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.
155) Reachable assertion (CVE-ID: CVE-2024-57924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
156) Race condition within a thread (CVE-ID: CVE-2024-53124)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_v6_do_rcv() function in net/ipv6/tcp_ipv6.c, within the dccp_v6_do_rcv() function in net/dccp/ipv6.c. A local user can corrupt data.
157) Improper locking (CVE-ID: CVE-2024-50157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_dbr_fifo_full() and __wait_for_fifo_occupancy_below_th() functions in drivers/infiniband/hw/bnxt_re/main.c. A local user can perform a denial of service (DoS) attack.
158) Improper error handling (CVE-ID: CVE-2024-49887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the MAIN_SECS() and spin_unlock() functions in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.