SB2025072831 - Ubuntu update for linux-raspi
Published: July 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 117 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2025-37974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __clp_add() function in arch/s390/pci/pci_clp.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2025-37750)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the decrypt_raw_data() function in fs/smb/client/smb2ops.c, within the cifs_crypto_secmech_release() function in fs/smb/client/cifsencrypt.c. A local user can escalate privileges on the system.
3) Incorrect calculation (CVE-ID: CVE-2025-21832)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the blkdev_read_iter() function in block/fops.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2025-21830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_mode_access() function in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2025-21829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __rxe_cleanup() function in drivers/infiniband/sw/rxe/rxe_pool.c. A local user can perform a denial of service (DoS) attack.
6) Input validation error (CVE-ID: CVE-2025-21828)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/mac80211/driver-ops.h. A local user can perform a denial of service (DoS) attack.
7) Buffer overflow (CVE-ID: CVE-2025-21826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nft_set_desc_concat_parse() and nft_set_desc_concat() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
8) Improper locking (CVE-ID: CVE-2025-21825)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_timer_cancel_and_free() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2025-21820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns_uart_handle_rx(), cdns_uart_isr() and cdns_uart_console_write() functions in drivers/tty/serial/xilinx_uartps.c. A local user can perform a denial of service (DoS) attack.
10) Resource management error (CVE-ID: CVE-2025-21816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the HRTIMER_ACTIVE_SOFT(), DEFINE_PER_CPU(), hrtimer_base_is_online(), lock_hrtimer_base(), raw_spin_unlock(), WRITE_ONCE(), hrtimer_is_hres_enabled() and __hrtimer_start_range_ns() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2025-21815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isolate_freepages_block() function in mm/compaction.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2025-21814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ptp_getcycles64() and ptp_clock_register() functions in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.
13) Use-after-free (CVE-ID: CVE-2025-21812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.
14) Improper locking (CVE-ID: CVE-2025-21811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_lookup_dirty_data_buffers() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2025-21810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the class_dev_iter_init() and class_dev_iter_next() functions in drivers/base/class.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2025-21809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_new_incoming_peer(), rxrpc_lookup_peer() and __rxrpc_put_peer() functions in net/rxrpc/peer_object.c, within the rxrpc_peer_keepalive_dispatch() and rxrpc_peer_keepalive_worker() functions in net/rxrpc/peer_event.c. A local user can perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2025-21808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dev_xdp_attach() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
18) Improper error handling (CVE-ID: CVE-2025-21806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.
19) Buffer overflow (CVE-ID: CVE-2025-21804)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rcar_pcie_parse_outbound_ranges() function in drivers/pci/controller/pcie-rcar-ep.c. A local user can perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2025-21802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hclgevf_init() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c, within the module_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c, within the EXPORT_SYMBOL() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-21801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ravb_suspend() and ravb_resume() functions in drivers/net/ethernet/renesas/ravb_main.c. A local user can perform a denial of service (DoS) attack.
22) Improper error handling (CVE-ID: CVE-2025-21799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the am65_cpsw_nuss_remove_tx_chns() function in drivers/net/ethernet/ti/am65-cpsw-nuss.c. A local user can perform a denial of service (DoS) attack.
23) NULL pointer dereference (CVE-ID: CVE-2025-21798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the device_attr_simple_avc() and device_attr_legacy_avc() functions in drivers/firewire/device-attribute-test.c. A local user can perform a denial of service (DoS) attack.
24) Reachable assertion (CVE-ID: CVE-2025-21754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the btrfs_split_ordered_extent() function in fs/btrfs/ordered-data.c. A local user can perform a denial of service (DoS) attack.
25) Use-after-free (CVE-ID: CVE-2025-21753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/btrfs/transaction.c. A local user can escalate privileges on the system.
26) Input validation error (CVE-ID: CVE-2025-21750)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the brcmf_of_probe() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c. A local user can perform a denial of service (DoS) attack.
27) Improper locking (CVE-ID: CVE-2025-21749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rose_bind() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.
28) Integer overflow (CVE-ID: CVE-2025-21748)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ksmbd_ipc_spnego_authen_request(), ksmbd_rpc_write() and ksmbd_rpc_ioctl() functions in fs/smb/server/transport_ipc.c. A local user can execute arbitrary code.
29) Memory leak (CVE-ID: CVE-2025-21745)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the blkcg_fill_root_iostats() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2025-21744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_txfinalize() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can perform a denial of service (DoS) attack.
31) Out-of-bounds read (CVE-ID: CVE-2025-21743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
32) Out-of-bounds read (CVE-ID: CVE-2025-21742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
33) Out-of-bounds read (CVE-ID: CVE-2025-21741)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
34) Memory leak (CVE-ID: CVE-2025-21739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ufshcd_pltfrm_init() and ufshcd_pltfrm_remove() functions in drivers/ufs/host/ufshcd-pltfrm.c, within the ufshcd_pci_remove() and ufshcd_pci_probe() functions in drivers/ufs/host/ufshcd-pci.c, within the EXPORT_SYMBOL_GPL(), ufshcd_set_dma_mask() and ufshcd_alloc_host() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
35) Buffer overflow (CVE-ID: CVE-2025-21738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ata_pio_sector() function in drivers/ata/libata-sff.c. A local user can perform a denial of service (DoS) attack.
36) Integer overflow (CVE-ID: CVE-2025-21736)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nilfs_fiemap() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.
37) Buffer overflow (CVE-ID: CVE-2025-21735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nci_hci_create_pipe() function in net/nfc/nci/hci.c. A local user can escalate privileges on the system.
38) Out-of-bounds read (CVE-ID: CVE-2025-21734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fastrpc_get_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
39) Resource management error (CVE-ID: CVE-2025-21733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the trace_sched_migrate_callback() and register_migration_monitor() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
40) Use-after-free (CVE-ID: CVE-2025-21732)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_ib_invalidate_range() function in drivers/infiniband/hw/mlx5/odp.c, within the mlx5_revoke_mr() function in drivers/infiniband/hw/mlx5/mr.c. A local user can escalate privileges on the system.
41) Use-after-free (CVE-ID: CVE-2025-21731)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_disconnect_and_put() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
42) Resource management error (CVE-ID: CVE-2025-21728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_send_signal_common() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
43) Use-after-free (CVE-ID: CVE-2025-21727)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the padata_free_shell() function in kernel/padata.c. A local user can escalate privileges on the system.
44) Use-after-free (CVE-ID: CVE-2025-21726)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the padata_reorder() and invoke_padata_reorder() functions in kernel/padata.c. A local user can escalate privileges on the system.
45) Input validation error (CVE-ID: CVE-2025-21725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
46) Out-of-bounds read (CVE-ID: CVE-2025-21724)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iova_bitmap_offset_to_index() function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2025-21723)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mpi3mr_bsg_init() function in drivers/scsi/mpi3mr/mpi3mr_app.c. A local user can perform a denial of service (DoS) attack.
48) Use-after-free (CVE-ID: CVE-2025-21722)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_clear_dirty_pages() and nilfs_clear_folio_dirty() functions in fs/nilfs2/page.c. A local user can escalate privileges on the system.
49) Input validation error (CVE-ID: CVE-2025-21721)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_rename() function in fs/nilfs2/namei.c, within the nilfs_inode_by_name(), nilfs_set_link() and nilfs_delete_entry() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
50) NULL pointer dereference (CVE-ID: CVE-2025-21720)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/xfrm.h. A local user can perform a denial of service (DoS) attack.
51) Race condition (CVE-ID: CVE-2025-21719)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.
52) Use-after-free (CVE-ID: CVE-2025-21718)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_heartbeat_expiry(), rose_timer_expiry() and rose_idletimer_expiry() functions in net/rose/rose_timer.c. A local user can escalate privileges on the system.
53) Use of uninitialized resource (CVE-ID: CVE-2025-21716)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the vxlan_vnifilter_dump() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.
54) Use-after-free (CVE-ID: CVE-2025-21715)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dm9000_drv_remove() function in drivers/net/ethernet/davicom/dm9000.c. A local user can escalate privileges on the system.
55) Use-after-free (CVE-ID: CVE-2025-21714)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the destroy_unused_implicit_child_mr() and implicit_get_child_mr() functions in drivers/infiniband/hw/mlx5/odp.c. A local user can escalate privileges on the system.
56) Integer overflow (CVE-ID: CVE-2025-21711)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the rose_setsockopt() function in net/rose/af_rose.c. A local user can execute arbitrary code.
57) Use-after-free (CVE-ID: CVE-2025-21710)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_select_window() function in net/ipv4/tcp_output.c. A local user can escalate privileges on the system.
58) Resource management error (CVE-ID: CVE-2025-21708)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the MSR_SPEED() and rtl8150_probe() functions in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
59) Use of uninitialized resource (CVE-ID: CVE-2025-21707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_parse_option() and mptcp_get_options() functions in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
60) Improper locking (CVE-ID: CVE-2025-21705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_sendmsg_fastopen() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
61) Buffer overflow (CVE-ID: CVE-2024-58085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tomoyo_write_control() function in security/tomoyo/common.c. A local user can perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2024-58083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/kvm_host.h. A local user can escalate privileges on the system.
63) Improper error handling (CVE-ID: CVE-2024-58082)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the npcm_video_ece_init() function in drivers/media/platform/nuvoton/npcm-video.c. A local user can perform a denial of service (DoS) attack.
64) NULL pointer dereference (CVE-ID: CVE-2024-58081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mmp_pm_domain_register() function in drivers/clk/mmp/pwr-island.c. A local user can perform a denial of service (DoS) attack.
65) NULL pointer dereference (CVE-ID: CVE-2024-58080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/dispcc-sm6350.c. A local user can perform a denial of service (DoS) attack.
66) Use-after-free (CVE-ID: CVE-2024-58079)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_gpio_parse() and uvc_unregister_video() functions in drivers/media/usb/uvc/uvc_driver.c. A local user can escalate privileges on the system.
67) Resource management error (CVE-ID: CVE-2024-58078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX() and misc_register() functions in drivers/char/misc.c. A local user can perform a denial of service (DoS) attack.
68) Input validation error (CVE-ID: CVE-2024-58077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the _soc_pcm_ret(), __soc_pcm_prepare(), soc_pcm_prepare(), dpcm_be_dai_prepare() and dpcm_set_fe_update_state() functions in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.
69) NULL pointer dereference (CVE-ID: CVE-2024-58076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/gcc-sm6350.c. A local user can perform a denial of service (DoS) attack.
70) Use-after-free (CVE-ID: CVE-2024-58072)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl_pci_get_amd_l1_patch(), _rtl_pci_find_adapter(), rtl_pci_probe(), rtl_pci_disconnect() and EXPORT_SYMBOL() functions in drivers/net/wireless/realtek/rtlwifi/pci.c, within the MODULE_AUTHOR() and rtl_core_module_init() functions in drivers/net/wireless/realtek/rtlwifi/base.c. A local user can escalate privileges on the system.
71) Improper locking (CVE-ID: CVE-2024-58071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the team_port_add() function in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.
72) Improper locking (CVE-ID: CVE-2024-58070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_local_storage_map_alloc() function in kernel/bpf/bpf_local_storage.c. A local user can perform a denial of service (DoS) attack.
73) Out-of-bounds read (CVE-ID: CVE-2024-58069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcf85063_nvmem_read() function in drivers/rtc/rtc-pcf85063.c. A local user can perform a denial of service (DoS) attack.
74) NULL pointer dereference (CVE-ID: CVE-2024-58068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the assert_clk_index(), dev_pm_opp_find_bw_ceil() and dev_pm_opp_find_bw_floor() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
75) Memory leak (CVE-ID: CVE-2024-58063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtl_pci_probe() function in drivers/net/wireless/realtek/rtlwifi/pci.c. A local user can perform a denial of service (DoS) attack.
76) Input validation error (CVE-ID: CVE-2024-58061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_if_parse_active_links() function in net/mac80211/debugfs_netdev.c. A local user can perform a denial of service (DoS) attack.
77) Use-after-free (CVE-ID: CVE-2024-58058)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ubifs_dump_tnc() function in fs/ubifs/debug.c. A local user can escalate privileges on the system.
78) Race condition (CVE-ID: CVE-2024-58057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the idpf_probe() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
79) Resource management error (CVE-ID: CVE-2024-58056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rproc_alloc() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
80) Double free (CVE-ID: CVE-2024-58055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the usbg_cmd_work() and bot_cmd_work() functions in drivers/usb/gadget/function/f_tcm.c. A local user can perform a denial of service (DoS) attack.
81) Resource management error (CVE-ID: CVE-2024-58054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the max96712_probe() function in drivers/staging/media/max96712/max96712.c. A local user can perform a denial of service (DoS) attack.
82) Input validation error (CVE-ID: CVE-2024-58053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_abort_conn() and rxrpc_abort_calls() functions in net/rxrpc/conn_event.c. A local user can perform a denial of service (DoS) attack.
83) NULL pointer dereference (CVE-ID: CVE-2024-58052)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atomctrl_get_smc_sclk_range_table() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
84) NULL pointer dereference (CVE-ID: CVE-2024-58051)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ipmb_probe() function in drivers/char/ipmi/ipmb_dev_int.c. A local user can perform a denial of service (DoS) attack.
85) Use-after-free (CVE-ID: CVE-2024-58034)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tegra_emc_find_node_by_ram_code() function in drivers/memory/tegra/tegra20-emc.c. A local user can escalate privileges on the system.
86) NULL pointer dereference (CVE-ID: CVE-2024-58019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the r535_gsp_msgq_wait() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c. A local user can perform a denial of service (DoS) attack.
87) Improper locking (CVE-ID: CVE-2024-58018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the r535_gsp_cmdq_push() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c. A local user can perform a denial of service (DoS) attack.
88) Integer overflow (CVE-ID: CVE-2024-58017)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __alignof__() function in kernel/printk/printk.c. A local user can execute arbitrary code.
89) Resource management error (CVE-ID: CVE-2024-58016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the handle_policy_update() function in security/safesetid/securityfs.c. A local user can perform a denial of service (DoS) attack.
90) Out-of-bounds read (CVE-ID: CVE-2024-58014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the wlc_phy_iqcal_gainparams_nphy() function in drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c. A local user can perform a denial of service (DoS) attack.
91) Use-after-free (CVE-ID: CVE-2024-58013)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_remove_adv_monitor_complete() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.
92) NULL pointer dereference (CVE-ID: CVE-2024-58011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the skl_int3472_tps68470_probe() function in drivers/platform/x86/intel/int3472/tps68470.c, within the skl_int3472_discrete_probe() function in drivers/platform/x86/intel/int3472/discrete.c. A local user can perform a denial of service (DoS) attack.
93) Integer overflow (CVE-ID: CVE-2024-58010)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the load_flat_file() function in fs/binfmt_flat.c. A local user can execute arbitrary code.
94) Out-of-bounds read (CVE-ID: CVE-2024-58007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qcom_socinfo_probe() function in drivers/soc/qcom/socinfo.c. A local user can perform a denial of service (DoS) attack.
95) Input validation error (CVE-ID: CVE-2024-58006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dw_pcie_ep_set_bar() function in drivers/pci/controller/dwc/pcie-designware-ep.c. A local user can perform a denial of service (DoS) attack.
96) Resource management error (CVE-ID: CVE-2024-58005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tpm_is_tpm2_log() and tpm_read_log_acpi() functions in drivers/char/tpm/eventlog/acpi.c. A local user can perform a denial of service (DoS) attack.
97) Buffer overflow (CVE-ID: CVE-2024-58003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ub953_subdev_uninit() function in drivers/media/i2c/ds90ub953.c, within the ub913_subdev_uninit() function in drivers/media/i2c/ds90ub913.c. A local user can perform a denial of service (DoS) attack.
98) Resource management error (CVE-ID: CVE-2024-58002)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the uvc_v4l2_release() function in drivers/media/usb/uvc/uvc_v4l2.c, within the uvc_ctrl_send_slave_event(), uvc_ctrl_status_event(), uvc_ctrl_commit_entity() and uvc_ctrl_init_device() functions in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.
99) Resource management error (CVE-ID: CVE-2024-58001)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.
100) Improper locking (CVE-ID: CVE-2024-57999)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enable_ddw() and spapr_tce_create_table() functions in arch/powerpc/platforms/pseries/iommu.c, within the iommu_table_clear() function in arch/powerpc/kernel/iommu.c. A local user can perform a denial of service (DoS) attack.
101) Reachable assertion (CVE-ID: CVE-2024-57998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the _find_opp_table(), _opp_table_find_key(), _find_key(), _find_key_exact(), _opp_table_find_key_ceil(), _find_key_ceil(), dev_pm_opp_find_freq_exact_indexed(), dev_pm_opp_find_freq_ceil_indexed(), dev_pm_opp_find_freq_floor_indexed(), dev_pm_opp_remove(), _opp_add_v1(), _opp_set_availability() and dev_pm_opp_adjust_voltage() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
102) Use of uninitialized resource (CVE-ID: CVE-2024-57997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the wcn36xx_probe() function in drivers/net/wireless/ath/wcn36xx/main.c. A local user can perform a denial of service (DoS) attack.
103) Out-of-bounds read (CVE-ID: CVE-2024-57996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sfq_change() function in net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
104) Improper locking (CVE-ID: CVE-2024-57994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pfifo_fast_change_tx_queue_len() function in net/sched/sch_generic.c, within the tun_queue_resize() function in drivers/net/tun.c, within the tap_queue_resize() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
105) Resource management error (CVE-ID: CVE-2024-57993)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.
106) Out-of-bounds read (CVE-ID: CVE-2024-57990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mt7925_load_clc() function in drivers/net/wireless/mediatek/mt76/mt7925/mcu.c. A local user can perform a denial of service (DoS) attack.
107) NULL pointer dereference (CVE-ID: CVE-2024-57986)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hid_apply_multiplier() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
108) Use-after-free (CVE-ID: CVE-2024-57984)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in drivers/i3c/master/dw-i3c-master.c. A local user can escalate privileges on the system.
109) Out-of-bounds read (CVE-ID: CVE-2024-57982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xfrm_state_deref_prot(), xfrm_dst_hash(), xfrm_src_hash(), xfrm_spi_hash(), xfrm_init_tempstate(), __xfrm_state_lookup_all(), xfrm_input_state_lookup(), EXPORT_SYMBOL(), __xfrm_state_lookup_byaddr(), xfrm_state_find(), xfrm_state_lookup() and xfrm_state_lookup_byaddr() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
110) NULL pointer dereference (CVE-ID: CVE-2024-57981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
111) Use-after-free (CVE-ID: CVE-2024-57980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_status_init() function in drivers/media/usb/uvc/uvc_status.c. A local user can escalate privileges on the system.
112) Use-after-free (CVE-ID: CVE-2024-57979)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ptp_ocp_complete() function in drivers/ptp/ptp_ocp.c, within the DEFINE_MUTEX(), pps_cdev_pps_fetch(), pps_cdev_ioctl(), pps_cdev_compat_ioctl(), pps_device_destruct(), pps_register_cdev(), pps_unregister_cdev(), EXPORT_SYMBOL() and pps_init() functions in drivers/pps/pps.c, within the pps_kc_bind() and pps_kc_remove() functions in drivers/pps/kc.c, within the pps_add_offset(), pps_register_source() and pps_event() functions in drivers/pps/kapi.c, within the parport_irq() function in drivers/pps/clients/pps_parport.c, within the pps_tty_dcd_change(), pps_tty_open() and pps_tty_close() functions in drivers/pps/clients/pps-ldisc.c, within the pps_ktimer_exit() and pps_ktimer_init() functions in drivers/pps/clients/pps-ktimer.c, within the pps_gpio_probe() function in drivers/pps/clients/pps-gpio.c. A local user can escalate privileges on the system.
113) Improper locking (CVE-ID: CVE-2024-57975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the can_nocow_file_extent() and run_delalloc_nocow() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
114) Improper locking (CVE-ID: CVE-2024-57974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the compute_score() and __udp6_lib_lookup() functions in net/ipv6/udp.c, within the udp_ehashfn() and __udp4_lib_lookup() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
115) Integer overflow (CVE-ID: CVE-2024-57973)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the copy_gl_to_skb_pkt() function in drivers/infiniband/hw/cxgb4/device.c. A local user can execute arbitrary code.
116) Integer overflow (CVE-ID: CVE-2024-57953)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the drivers/rtc/rtc-tps6594.c. A local user can execute arbitrary code.
117) Improper error handling (CVE-ID: CVE-2024-49887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the MAIN_SECS() and spin_unlock() functions in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.