SB20250820113 - Ubuntu update for linux
Published: August 20, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 70 secuirty vulnerabilities.
1) Improper locking (CVE-ID: CVE-2025-21871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the optee_supp_thrd_req() function in drivers/tee/optee/supp.c. A local user can perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2025-21870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc4_widget_setup_comp_dai() and sof_ipc4_prepare_copier_module() functions in sound/soc/sof/ipc4-topology.c. A local user can perform a denial of service (DoS) attack.
3) Resource management error (CVE-ID: CVE-2025-21869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __do_patch_instructions_mm() function in arch/powerpc/lib/code-patching.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2025-21868)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SKB_HEAD_ALIGN(), __netdev_alloc_skb() and napi_alloc_skb() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2025-21867)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_test_init() function in net/bpf/test_run.c. A local user can escalate privileges on the system.
6) Out-of-bounds read (CVE-ID: CVE-2025-21866)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the text_area_cpu_up() function in arch/powerpc/lib/code-patching.c. A local user can perform a denial of service (DoS) attack.
7) Memory leak (CVE-ID: CVE-2025-21864)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_add_backlog() function in net/ipv4/tcp_ipv4.c, within the tcp_ofo_queue(), tcp_queue_rcv(), tcp_data_queue() and tcp_rcv_established() functions in net/ipv4/tcp_input.c, within the tcp_fastopen_add_skb() function in net/ipv4/tcp_fastopen.c. A local user can perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2025-21863)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_init_req() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2025-21862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_net_drop_monitor() and exit_net_drop_monitor() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
10) Resource management error (CVE-ID: CVE-2025-21861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the migrate_device_finalize() function in mm/migrate_device.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2025-21859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f_midi_complete() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2025-21858)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the geneve_destroy_tunnels() function in drivers/net/geneve.c. A local user can escalate privileges on the system.
13) NULL pointer dereference (CVE-ID: CVE-2025-21857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcf_exts_miss_cookie_base_alloc() function in net/sched/cls_api.c. A local user can perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2025-21856)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ism_dev_release(), ism_probe(), device_del() and ism_remove() functions in drivers/s390/net/ism_drv.c. A local user can escalate privileges on the system.
15) Use-after-free (CVE-ID: CVE-2025-21855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmvnic_xmit() and netif_stop_subqueue() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can escalate privileges on the system.
16) NULL pointer dereference (CVE-ID: CVE-2025-21854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_sk_state_allowed() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2025-21853)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_map_mmap() function in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
18) NULL pointer dereference (CVE-ID: CVE-2025-21848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_bpf_cmsg_alloc() function in drivers/net/ethernet/netronome/nfp/bpf/cmsg.c. A local user can perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2025-21847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc_msg_data() function in sound/soc/sof/stream-ipc.c. A local user can perform a denial of service (DoS) attack.
20) NULL pointer dereference (CVE-ID: CVE-2025-21846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_acct_process(), acct_pin_kill(), close_work(), encode_float() and fill_ac() functions in kernel/acct.c. A local user can perform a denial of service (DoS) attack.
21) NULL pointer dereference (CVE-ID: CVE-2025-21844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
22) Infinite loop (CVE-ID: CVE-2025-21839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vcpu_enter_guest() function in arch/x86/kvm/x86.c, within the vmx_sync_dirty_debug_regs() and vmx_vcpu_run() functions in arch/x86/kvm/vmx/vmx.c, within the new_asid() and svm_vcpu_run() functions in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
23) Input validation error (CVE-ID: CVE-2025-21838)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_del_gadget() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
24) Buffer overflow (CVE-ID: CVE-2025-21836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_destroy_buffers() and io_register_pbuf_ring() functions in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.
25) Memory leak (CVE-ID: CVE-2025-21835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the f_midi_bind() function in drivers/usb/gadget/function/f_midi.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2025-21823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_v_elp_start_timer(), batadv_v_elp_get_throughput(), batadv_v_elp_throughput_metric_update(), batadv_v_elp_wifi_neigh_probe() and batadv_v_elp_periodic_work() functions in net/batman-adv/bat_v_elp.c, within the batadv_v_hardif_neigh_init() function in net/batman-adv/bat_v.c. A local user can perform a denial of service (DoS) attack.
27) Resource management error (CVE-ID: CVE-2025-21821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the omap_init_lcd_dma() function in drivers/video/fbdev/omap/lcd_dma.c. A local user can perform a denial of service (DoS) attack.
28) Use-after-free (CVE-ID: CVE-2025-21796)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the posix_acl_release() function in fs/nfsd/nfs3acl.c, within the posix_acl_release() function in fs/nfsd/nfs2acl.c. A local user can escalate privileges on the system.
29) Input validation error (CVE-ID: CVE-2025-21795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_run_cb_work() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.
30) Division by zero (CVE-ID: CVE-2025-21793)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the f_ospi_get_dummy_cycle() function in drivers/spi/spi-sn-f-ospi.c. A local user can perform a denial of service (DoS) attack.
31) Memory leak (CVE-ID: CVE-2025-21792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_setsockopt() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2025-21791)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/net/l3mdev.h. A local user can escalate privileges on the system.
33) NULL pointer dereference (CVE-ID: CVE-2025-21790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vxlan_init() function in drivers/net/vxlan/vxlan_core.c. A local user can perform a denial of service (DoS) attack.
34) Input validation error (CVE-ID: CVE-2025-21787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the team_nl_options_set_doit() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
35) Use-after-free (CVE-ID: CVE-2025-21786)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the send_mayday() and worker_detach_from_pool() functions in kernel/workqueue.c. A local user can escalate privileges on the system.
36) Out-of-bounds read (CVE-ID: CVE-2025-21785)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the populate_cache_leaves() function in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.
37) Input validation error (CVE-ID: CVE-2025-21784)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the psp_init_cap_microcode() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.
38) NULL pointer dereference (CVE-ID: CVE-2025-21783)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gpiochip_get_ngpios() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.
39) Out-of-bounds read (CVE-ID: CVE-2025-21782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the orangefs_debug_write() function in fs/orangefs/orangefs-debugfs.c. A local user can perform a denial of service (DoS) attack.
40) Resource management error (CVE-ID: CVE-2025-21781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the batadv_v_elp_start_timer() and batadv_v_elp_get_throughput() functions in net/batman-adv/bat_v_elp.c. A local user can perform a denial of service (DoS) attack.
41) Buffer overflow (CVE-ID: CVE-2025-21780)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the smu_sys_set_pp_table() function in drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c. A local user can escalate privileges on the system.
42) NULL pointer dereference (CVE-ID: CVE-2025-21779)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_hv_send_ipi() and kvm_get_hv_cpuid() functions in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.
43) NULL pointer dereference (CVE-ID: CVE-2025-21776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hub_probe() function in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
44) NULL pointer dereference (CVE-ID: CVE-2025-21775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ctucan_err_interrupt() function in drivers/net/can/ctucanfd/ctucanfd_base.c. A local user can perform a denial of service (DoS) attack.
45) NULL pointer dereference (CVE-ID: CVE-2025-21773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the es58x_devlink_info_get() function in drivers/net/can/usb/etas_es58x/es58x_devlink.c. A local user can perform a denial of service (DoS) attack.
46) Out-of-bounds read (CVE-ID: CVE-2025-21772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mac_partition() function in block/partitions/mac.c. A local user can perform a denial of service (DoS) attack.
47) Memory leak (CVE-ID: CVE-2025-21768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_output_core() function in net/ipv6/seg6_iptunnel.c, within the rpl_output() function in net/ipv6/rpl_iptunnel.c. A local user can perform a denial of service (DoS) attack.
48) Improper locking (CVE-ID: CVE-2025-21767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clocksource_verify_percpu() function in kernel/time/clocksource.c. A local user can perform a denial of service (DoS) attack.
49) Input validation error (CVE-ID: CVE-2025-21766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the out: kfree_skb_reason() and __ip_rt_update_pmtu() functions in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
50) Input validation error (CVE-ID: CVE-2025-21765)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip6_default_advmss() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
51) Use-after-free (CVE-ID: CVE-2025-21764)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.
52) Use-after-free (CVE-ID: CVE-2025-21763)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __neigh_notify() function in net/core/neighbour.c. A local user can escalate privileges on the system.
53) Use-after-free (CVE-ID: CVE-2025-21762)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arp_xmit_finish() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
54) Use-after-free (CVE-ID: CVE-2025-21761)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovs_vport_cmd_fill_info() function in net/openvswitch/datapath.c. A local user can escalate privileges on the system.
55) Use-after-free (CVE-ID: CVE-2025-21760)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_nd_hdr() and ndisc_send_skb() functions in net/ipv6/ndisc.c. A local user can escalate privileges on the system.
56) Use-after-free (CVE-ID: CVE-2025-21759)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mld_send_cr() and igmp6_send() functions in net/ipv6/mcast.c. A local user can escalate privileges on the system.
57) Buffer overflow (CVE-ID: CVE-2025-21758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
58) Input validation error (CVE-ID: CVE-2025-21746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the synaptics_pt_stop(), synaptics_pt_create() and synaptics_process_byte() functions in drivers/input/mouse/synaptics.c. A local user can perform a denial of service (DoS) attack.
59) Improper Initialization (CVE-ID: CVE-2025-21712)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the md_seq_show() function in drivers/md/md.c, within the bitmap_get_stats() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
60) Resource management error (CVE-ID: CVE-2025-21706)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_set_flags() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
61) Buffer overflow (CVE-ID: CVE-2025-21704)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the acm_process_notification() and acm_ctrl_irq() functions in drivers/usb/class/cdc-acm.c. A local user can escalate privileges on the system.
62) Use-after-free (CVE-ID: CVE-2024-58093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.
63) NULL pointer dereference (CVE-ID: CVE-2024-58088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cgroup_storage_map_alloc() function in kernel/bpf/bpf_cgrp_storage.c. A local user can perform a denial of service (DoS) attack.
64) Input validation error (CVE-ID: CVE-2024-58086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the v3d_perfmon_destroy_ioctl() function in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.
65) NULL pointer dereference (CVE-ID: CVE-2024-58020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt_input_configured() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.
66) Improper locking (CVE-ID: CVE-2024-57977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dump_tasks() function in mm/oom_kill.c, within the mem_cgroup_scan_tasks() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2024-57834)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vidtv_start_streaming() and vidtv_stop_streaming() functions in drivers/media/test-drivers/vidtv/vidtv_bridge.c. A local user can perform a denial of service (DoS) attack.
68) Use-after-free (CVE-ID: CVE-2024-54458)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ufs_bsg_remove() function in drivers/ufs/core/ufs_bsg.c. A local user can escalate privileges on the system.
69) Buffer overflow (CVE-ID: CVE-2024-54456)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfs_sysfs_link_rpc_client() function in fs/nfs/sysfs.c. A local user can escalate privileges on the system.
70) Integer overflow (CVE-ID: CVE-2024-52559)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the msm_ioctl_gem_submit() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.