SB2025071865 - Ubuntu update for linux-intel-iot-realtime
Published: July 18, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 139 secuirty vulnerabilities.
1) Improper locking (CVE-ID: CVE-2025-38094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the macb_update_stats() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2025-38024)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_cq_from_init() function in drivers/infiniband/sw/rxe/rxe_cq.c. A local user can escalate privileges on the system.
3) Use-after-free (CVE-ID: CVE-2025-38023)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_alloc_unlockdata() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
4) Improper resource shutdown or release (CVE-ID: CVE-2025-38009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
5) Improper locking (CVE-ID: CVE-2025-38005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the udma_check_tx_completion() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
6) Incorrect calculation (CVE-ID: CVE-2025-37998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the output_userspace() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.
7) Improper error handling (CVE-ID: CVE-2025-37995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the module_kobj_release() function in kernel/params.c. A local user can perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2025-37994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_displayport_remove_partner() function in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
9) NULL pointer dereference (CVE-ID: CVE-2025-37992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_change() function in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
10) Improper error handling (CVE-ID: CVE-2025-37991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the handle_fpe() function in arch/parisc/math-emu/driver.c. A local user can perform a denial of service (DoS) attack.
11) Improper error handling (CVE-ID: CVE-2025-37990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2025-37989)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_led_triggers_register() and phy_led_triggers_unregister() functions in drivers/net/phy/phy_led_triggers.c. A local user can escalate privileges on the system.
13) Race condition (CVE-ID: CVE-2025-37985)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can escalate privileges on the system.
14) Memory leak (CVE-ID: CVE-2025-37983)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qibfs_mknod() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
15) Memory leak (CVE-ID: CVE-2025-37982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wl1251_tx_work() function in drivers/net/wireless/ti/wl1251/tx.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2025-37970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the st_lsm6dsx_read_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
17) Infinite loop (CVE-ID: CVE-2025-37969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the st_lsm6dsx_read_tagged_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2025-37967)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ucsi_set_drvdata() function in drivers/usb/typec/ucsi/ucsi.c, within the ucsi_displayport_enter(), ucsi_displayport_exit() and ucsi_displayport_vdm() functions in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
19) Resource management error (CVE-ID: CVE-2025-37964)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the switch_mm_irqs_off() and should_flush_tlb() functions in arch/x86/mm/tlb.c. A local user can perform a denial of service (DoS) attack.
20) Improper locking (CVE-ID: CVE-2025-37949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_suspend_exit(), xs_send(), xs_wait_for_reply(), xenbus_dev_request_and_reply() and xs_talkv() functions in drivers/xen/xenbus/xenbus_xs.c, within the xenbus_dev_queue_reply() function in drivers/xen/xenbus/xenbus_dev_frontend.c, within the process_msg() and process_writes() functions in drivers/xen/xenbus/xenbus_comms.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-37940)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ftrace_graph_set_hash() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
22) Resource management error (CVE-ID: CVE-2025-37930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.
23) Buffer overflow (CVE-ID: CVE-2025-37927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
24) Buffer overflow (CVE-ID: CVE-2025-37923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tracing_splice_read_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
25) Use-after-free (CVE-ID: CVE-2025-37915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.
26) Use-after-free (CVE-ID: CVE-2025-37914)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and ets_qdisc_enqueue() functions in net/sched/sch_ets.c. A local user can escalate privileges on the system.
27) Use-after-free (CVE-ID: CVE-2025-37913)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and qfq_enqueue() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
28) NULL pointer dereference (CVE-ID: CVE-2025-37912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vc_add_fdir_fltr() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.
29) Out-of-bounds read (CVE-ID: CVE-2025-37911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.
30) Memory leak (CVE-ID: CVE-2025-37909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lan743x_tx_frame_add_lso(), lan743x_tx_frame_add_fragment() and lan743x_tx_frame_end() functions in drivers/net/ethernet/microchip/lan743x_main.c. A local user can perform a denial of service (DoS) attack.
31) Memory leak (CVE-ID: CVE-2025-37905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_child_dev_find() function in drivers/firmware/arm_scmi/bus.c. A local user can perform a denial of service (DoS) attack.
32) Out-of-bounds read (CVE-ID: CVE-2025-37892)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the INFTL_findwriteunit() function in drivers/mtd/inftlcore.c. A local user can perform a denial of service (DoS) attack.
33) Use-after-free (CVE-ID: CVE-2025-37885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
34) Memory leak (CVE-ID: CVE-2025-37883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __sclp_console_free_pages() and sclp_console_init() functions in drivers/s390/char/sclp_con.c. A local user can perform a denial of service (DoS) attack.
35) Improper error handling (CVE-ID: CVE-2025-37881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ast_vhub_init_dev() function in drivers/usb/gadget/udc/aspeed-vhub/dev.c. A local user can perform a denial of service (DoS) attack.
36) Resource management error (CVE-ID: CVE-2025-37875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the igc_ptm_log_error(), igc_phc_get_syncdevicetime(), igc_ptp_stop() and igc_ptp_reset() functions in drivers/net/ethernet/intel/igc/igc_ptp.c. A local user can perform a denial of service (DoS) attack.
37) Improper locking (CVE-ID: CVE-2025-37871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfsd_break_one_deleg() function in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
38) Buffer overflow (CVE-ID: CVE-2025-37867)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ib_init_umem_odp() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.
39) NULL pointer dereference (CVE-ID: CVE-2025-37862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pidff_set_autocenter() and pidff_reports_ok() functions in drivers/hid/usbhid/hid-pidff.c. A local user can perform a denial of service (DoS) attack.
40) Infinite loop (CVE-ID: CVE-2025-37859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the page_pool_release_retry() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
41) Integer overflow (CVE-ID: CVE-2025-37858)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the dbExtendFS() function in fs/jfs/jfs_dmap.c. A local user can execute arbitrary code.
42) Buffer overflow (CVE-ID: CVE-2025-37857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the validate_options() function in drivers/scsi/st.c. A local user can perform a denial of service (DoS) attack.
43) Use of uninitialized resource (CVE-ID: CVE-2025-37851)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the dispc_ovl_setup() function in drivers/video/fbdev/omap2/omapfb/dss/dispc.c. A local user can perform a denial of service (DoS) attack.
44) Division by zero (CVE-ID: CVE-2025-37850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pwm_mediatek_config() function in drivers/pwm/pwm-mediatek.c. A local user can perform a denial of service (DoS) attack.
45) NULL pointer dereference (CVE-ID: CVE-2025-37844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_handle_cancelled_close() function in fs/smb/client/smb2misc.c. A local user can perform a denial of service (DoS) attack.
46) NULL pointer dereference (CVE-ID: CVE-2025-37841)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prepare_default_config() function in tools/power/cpupower/bench/parse.c. A local user can perform a denial of service (DoS) attack.
47) Use of uninitialized resource (CVE-ID: CVE-2025-37840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the brcmnand_resume() function in drivers/mtd/nand/raw/brcmnand/brcmnand.c. A local user can perform a denial of service (DoS) attack.
48) Input validation error (CVE-ID: CVE-2025-37839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jbd2_journal_update_sb_log_tail() function in fs/jbd2/journal.c. A local user can perform a denial of service (DoS) attack.
49) Use-after-free (CVE-ID: CVE-2025-37838)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ssip_reset() function in drivers/hsi/clients/ssi_protocol.c. A local user can escalate privileges on the system.
50) Memory leak (CVE-ID: CVE-2025-37836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_register_host_bridge() function in drivers/pci/probe.c. A local user can perform a denial of service (DoS) attack.
51) NULL pointer dereference (CVE-ID: CVE-2025-37830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scmi_cpufreq_get_rate() function in drivers/cpufreq/scmi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
52) NULL pointer dereference (CVE-ID: CVE-2025-37829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_cpufreq_get_rate() function in drivers/cpufreq/scpi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
53) NULL pointer dereference (CVE-ID: CVE-2025-37824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_mon_reinit_self() function in net/tipc/monitor.c. A local user can perform a denial of service (DoS) attack.
54) Input validation error (CVE-ID: CVE-2025-37823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
55) Double free (CVE-ID: CVE-2025-37819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gicv2m_of_init() function in drivers/irqchip/irq-gic-v2m.c. A local user can perform a denial of service (DoS) attack.
56) Double free (CVE-ID: CVE-2025-37817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the chameleon_parse_gdd() function in drivers/mcb/mcb-parse.c. A local user can perform a denial of service (DoS) attack.
57) Improper locking (CVE-ID: CVE-2025-37812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns3_device_thread_irq_handler() function in drivers/usb/cdns3/cdns3-gadget.c. A local user can perform a denial of service (DoS) attack.
58) NULL pointer dereference (CVE-ID: CVE-2025-37811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpu_latency_qos_remove_request() and ci_hdrc_imx_remove() functions in drivers/usb/chipidea/ci_hdrc_imx.c. A local user can perform a denial of service (DoS) attack.
59) Out-of-bounds read (CVE-ID: CVE-2025-37810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dwc3_check_event_buf() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
60) Resource management error (CVE-ID: CVE-2025-37808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX(), MODULE_ALIAS_CRYPTO() and EXPORT_SYMBOL_GPL() functions in crypto/crypto_null.c. A local user can perform a denial of service (DoS) attack.
61) Improper locking (CVE-ID: CVE-2025-37805)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtsnd_pcm_parse_cfg() function in sound/virtio/virtio_pcm.c. A local user can perform a denial of service (DoS) attack.
62) Buffer overflow (CVE-ID: CVE-2025-37803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udmabuf_create() function in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.
63) Input validation error (CVE-ID: CVE-2025-37797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
64) Memory leak (CVE-ID: CVE-2025-37796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at76_disconnect() function in drivers/net/wireless/atmel/at76c50x-usb.c. A local user can perform a denial of service (DoS) attack.
65) NULL pointer dereference (CVE-ID: CVE-2025-37794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
66) NULL pointer dereference (CVE-ID: CVE-2025-37792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl_dev_err() function in drivers/bluetooth/btrtl.c. A local user can perform a denial of service (DoS) attack.
67) Input validation error (CVE-ID: CVE-2025-37790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_sk_hash() function in net/mctp/af_mctp.c. A local user can perform a denial of service (DoS) attack.
68) Input validation error (CVE-ID: CVE-2025-37789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
69) Memory leak (CVE-ID: CVE-2025-37788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cxgb4_init_ethtool_filters() function in drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c. A local user can perform a denial of service (DoS) attack.
70) Input validation error (CVE-ID: CVE-2025-37787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv88e6xxx_teardown_devlink_regions_global() function in drivers/net/dsa/mv88e6xxx/devlink.c. A local user can perform a denial of service (DoS) attack.
71) Resource management error (CVE-ID: CVE-2025-37781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.
72) Out-of-bounds read (CVE-ID: CVE-2025-37780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_fh_to_parent() function in fs/isofs/export.c. A local user can perform a denial of service (DoS) attack.
73) Input validation error (CVE-ID: CVE-2025-37773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c. A local user can perform a denial of service (DoS) attack.
74) Division by zero (CVE-ID: CVE-2025-37771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the arcturus_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c. A local user can perform a denial of service (DoS) attack.
75) Division by zero (CVE-ID: CVE-2025-37770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the vega10_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c. A local user can perform a denial of service (DoS) attack.
76) Division by zero (CVE-ID: CVE-2025-37768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu7_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c. A local user can perform a denial of service (DoS) attack.
77) Division by zero (CVE-ID: CVE-2025-37767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the smu_v13_0_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c. A local user can perform a denial of service (DoS) attack.
78) Input validation error (CVE-ID: CVE-2025-37766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vega20_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c. A local user can perform a denial of service (DoS) attack.
79) Use-after-free (CVE-ID: CVE-2025-37765)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nouveau_gem_object_del() function in drivers/gpu/drm/nouveau/nouveau_gem.c, within the nouveau_bo_del_ttm() function in drivers/gpu/drm/nouveau/nouveau_bo.c. A local user can escalate privileges on the system.
80) NULL pointer dereference (CVE-ID: CVE-2025-37758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pxa_ata_probe() function in drivers/ata/pata_pxa.c. A local user can perform a denial of service (DoS) attack.
81) Memory leak (CVE-ID: CVE-2025-37757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_link_xmit() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
82) Resource management error (CVE-ID: CVE-2025-37756)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tls_setsockopt() and build_protos() functions in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
83) Out-of-bounds read (CVE-ID: CVE-2025-37749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ppp_sync_txmunge() function in drivers/net/ppp/ppp_synctty.c. A local user can perform a denial of service (DoS) attack.
84) Use-after-free (CVE-ID: CVE-2025-37742)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the diMount() function in fs/jfs/jfs_imap.c. A local user can escalate privileges on the system.
85) Improper locking (CVE-ID: CVE-2025-37741)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the diReadSpecial() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
86) Input validation error (CVE-ID: CVE-2025-37740)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
87) Out-of-bounds read (CVE-ID: CVE-2025-37739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_truncate_inode_blocks() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
88) Use-after-free (CVE-ID: CVE-2025-37738)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can escalate privileges on the system.
89) Resource management error (CVE-ID: CVE-2025-23163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vlan_dev_open(), vlan_dev_stop() and vlan_dev_change_rx_flags() functions in net/8021q/vlan_dev.c. A local user can perform a denial of service (DoS) attack.
90) Improper locking (CVE-ID: CVE-2025-23161)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmd_pci_read(), vmd_pci_write() and vmd_probe() functions in drivers/pci/controller/vmd.c. A local user can perform a denial of service (DoS) attack.
91) Buffer overflow (CVE-ID: CVE-2025-23159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the venus_sfr_print() function in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.
92) Out-of-bounds write (CVE-ID: CVE-2025-23158)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the venus_write_queue() and venus_read_queue() functions in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can execute arbitrary code.
93) Out-of-bounds read (CVE-ID: CVE-2025-23157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the init_codecs() function in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.
94) Out-of-bounds read (CVE-ID: CVE-2025-23156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fill_buf_mode(), parse_alloc_mode(), fill_profile_level(), parse_profile_level(), fill_caps(), parse_caps(), fill_raw_fmts(), parse_raw_formats(), parse_codecs(), hfi_platform_parser() and hfi_parser() functions in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.
95) Improper locking (CVE-ID: CVE-2025-23151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mhi_gen_tre() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
96) Use-after-free (CVE-ID: CVE-2025-23150)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_split() function in fs/ext4/namei.c. A local user can escalate privileges on the system.
97) NULL pointer dereference (CVE-ID: CVE-2025-23148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the exynos_chipid_probe() function in drivers/soc/samsung/exynos-chipid.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2025-23147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i3c_master_unregister_i3c_devs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
99) NULL pointer dereference (CVE-ID: CVE-2025-23146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kb3930_probe() function in drivers/mfd/ene-kb3930.c. A local user can perform a denial of service (DoS) attack.
100) NULL pointer dereference (CVE-ID: CVE-2025-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subflow_hmac_valid() and subflow_syn_recv_sock() functions in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
101) Improper locking (CVE-ID: CVE-2025-23144)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the led_bl_remove() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.
102) Use-after-free (CVE-ID: CVE-2025-23142)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_transport_free() function in net/sctp/transport.c, within the sctp_writeable(), sctp_sendmsg_to_asoc(), sctp_sock_rfree() and sctp_wait_for_sndbuf() functions in net/sctp/socket.c. A local user can escalate privileges on the system.
103) Memory leak (CVE-ID: CVE-2025-23140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_endpoint_test_release_irq() function in drivers/misc/pci_endpoint_test.c. A local user can perform a denial of service (DoS) attack.
104) NULL pointer dereference (CVE-ID: CVE-2025-22062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() and proc_sctp_do_udp_port() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
105) NULL pointer dereference (CVE-ID: CVE-2025-22027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the streamzap_disconnect() function in drivers/media/rc/streamzap.c. A local user can perform a denial of service (DoS) attack.
106) Use-after-free (CVE-ID: CVE-2025-21853)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_map_mmap() function in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
107) Infinite loop (CVE-ID: CVE-2025-21839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vcpu_enter_guest() function in arch/x86/kvm/x86.c, within the vmx_sync_dirty_debug_regs() and vmx_vcpu_run() functions in arch/x86/kvm/vmx/vmx.c, within the new_asid() and svm_vcpu_run() functions in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
108) Improper locking (CVE-ID: CVE-2024-56751)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6_dst_ifdown(), DEFINE_SPINLOCK() and rt6_remove_exception() functions in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
109) Use-after-free (CVE-ID: CVE-2024-54458)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ufs_bsg_remove() function in drivers/ufs/core/ufs_bsg.c. A local user can escalate privileges on the system.
110) Integer underflow (CVE-ID: CVE-2024-53203)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the ucsi_ccg_sync_control() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can execute arbitrary code.
111) Improper locking (CVE-ID: CVE-2024-53128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/linux/sched/task_stack.h. A local user can perform a denial of service (DoS) attack.
112) Use-after-free (CVE-ID: CVE-2024-50280)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_migrations(), destroy(), cache_create() and cache_ctr() functions in drivers/md/dm-cache-target.c. A local user can escalate privileges on the system.
113) Infinite loop (CVE-ID: CVE-2024-50272)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the filemap_read() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
114) Input validation error (CVE-ID: CVE-2024-50258)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the NLA_POLICY_MIN() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
115) Use-after-free (CVE-ID: CVE-2024-50125)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SCO_CONN_TIMEOUT(), sco_sock_timeout() and sco_conn_del() functions in net/bluetooth/sco.c, within the bt_sock_unlink() function in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
116) Double free (CVE-ID: CVE-2024-49989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the link_destruct() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.
117) Use-after-free (CVE-ID: CVE-2024-49960)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.
118) Resource management error (CVE-ID: CVE-2024-46816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
119) Buffer overflow (CVE-ID: CVE-2024-46774)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.
120) Incorrect calculation (CVE-ID: CVE-2024-46751)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
121) NULL pointer dereference (CVE-ID: CVE-2024-46742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the parse_durable_handle_context() and smb2_open() functions in fs/smb/server/smb2pdu.c, within the create_lease_buf() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
122) Resource management error (CVE-ID: CVE-2024-42322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.
123) Buffer overflow (CVE-ID: CVE-2024-38541)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.
124) Out-of-bounds read (CVE-ID: CVE-2024-38540)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_qplib_create_qp() function in drivers/infiniband/hw/bnxt_re/qplib_fp.c. A local user can perform a denial of service (DoS) attack.
125) Resource management error (CVE-ID: CVE-2024-36908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iocg_pay_debt() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
126) NULL pointer dereference (CVE-ID: CVE-2024-35943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the omap_prm_domain_init() function in drivers/pmdomain/ti/omap_prm.c. A local user can perform a denial of service (DoS) attack.
127) Use-after-free (CVE-ID: CVE-2024-35867)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
128) Use-after-free (CVE-ID: CVE-2024-35866)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_dump_full_key() function in fs/smb/client/ioctl.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
129) NULL pointer dereference (CVE-ID: CVE-2024-35790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hpd_show(), dp_altmode_probe(), dp_altmode_remove() and module_typec_altmode_driver() functions in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
130) Improper locking (CVE-ID: CVE-2024-27402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pep_sock_enable() and pep_ioctl() functions in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.
131) Use-after-free (CVE-ID: CVE-2024-26739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.
132) Improper locking (CVE-ID: CVE-2024-26686)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_task_stat() function in fs/proc/array.c. A local user can perform a denial of service (DoS) attack.
133) Use-after-free (CVE-ID: CVE-2023-52757)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_mid() function in fs/smb/client/transport.c, within the __smb2_handle_cancelled_cmd() function in fs/smb/client/smb2misc.c, within the cifs_compose_mount_options(), __release_mid() and cifs_get_tcon_super() functions in fs/smb/client/cifsproto.h. A local user can escalate privileges on the system.
134) Use-after-free (CVE-ID: CVE-2023-52572)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_wake_up_task(), __release_mid(), wait_for_response(), cifs_sync_mid_result(), cifs_compound_callback(), compound_send_recv(), SendReceive() and SendReceiveBlockingLock() functions in fs/smb/client/transport.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
135) Use-after-free (CVE-ID: CVE-2022-49535)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_initial_flogi(), lpfc_initial_fdisc(), lpfc_cmpl_els_plogi(), lpfc_cmpl_els_prli() and lpfc_cmpl_els_adisc() functions in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.
136) Use-after-free (CVE-ID: CVE-2022-49168)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_repair_one_sector() function in fs/btrfs/extent_io.c. A local user can escalate privileges on the system.
137) Use-after-free (CVE-ID: CVE-2022-49063)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ice_vsi_req_irq_msix(), ice_setup_pf_sw() and ice_suspend() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_free_irq() function in drivers/net/ethernet/intel/ice/ice_lib.c, within the ice_free_cpu_rx_rmap(), ice_set_cpu_rx_rmap(), ice_remove_arfs() and ice_rebuild_arfs() functions in drivers/net/ethernet/intel/ice/ice_arfs.c. A local user can escalate privileges on the system.
138) Memory leak (CVE-ID: CVE-2022-48893)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_engines_init() function in drivers/gpu/drm/i915/gt/intel_engine_cs.c. A local user can perform a denial of service (DoS) attack.
139) Buffer overflow (CVE-ID: CVE-2022-21546)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scsi subsystem within the OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.