SB2025092304 - Debian update for linux
Published: September 23, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 139 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2024-47704)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_hpo_dp_throttled_vcp_size() and disable_hpo_dp_link_output() functions in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c. A local user can perform a denial of service (DoS) attack.
2) Reachable assertion (CVE-ID: CVE-2024-57924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2024-58240)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_do_decryption() function in net/tls/tls_sw.c. A local user can escalate privileges on the system.
4) NULL pointer dereference (CVE-ID: CVE-2025-23143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_lock_init() and sk_prot_free() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
5) Memory leak (CVE-ID: CVE-2025-23160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
6) Infinite loop (CVE-ID: CVE-2025-37931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the submit_eb_subpage() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2025-37968)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the opt3001_irq() function in drivers/iio/light/opt3001.c. A local user can perform a denial of service (DoS) attack.
8) Improper locking (CVE-ID: CVE-2025-38322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_pmu_read_event() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2025-38347)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2025-38491)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2025-38502)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
12) Improper locking (CVE-ID: CVE-2025-38552)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the subflow_sched_work_if_closed() and mptcp_subflow_fail() functions in net/mptcp/subflow.c, within the mptcp_data_ready(), __mptcp_finish_join(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the mptcp_pm_mp_fail_received() function in net/mptcp/pm.c. A local user can perform a denial of service (DoS) attack.
13) Infinite loop (CVE-ID: CVE-2025-38614)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ep_poll() and ep_loop_check_proc() functions in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
14) Improper error handling (CVE-ID: CVE-2025-38670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_END(), SYM_FUNC_START() and NOKPROBE() functions in arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
15) Buffer overflow (CVE-ID: CVE-2025-38676)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_ivrs_acpihid() function in drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
16) Out-of-bounds read (CVE-ID: CVE-2025-38677)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_get_dnode_of_data() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
17) Memory leak (CVE-ID: CVE-2025-38679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_seq_changed() function in drivers/media/platform/qcom/venus/hfi_msgs.c. A local user can perform a denial of service (DoS) attack.
18) Out-of-bounds read (CVE-ID: CVE-2025-38680)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can perform a denial of service (DoS) attack.
19) Use-after-free (CVE-ID: CVE-2025-38681)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ptdump_walk_pgd() function in mm/ptdump.c, within the ptdump_show() function in arch/s390/mm/dump_pagetables.c, within the ptdump_show() function in arch/arm64/mm/ptdump_debugfs.c. A local user can escalate privileges on the system.
20) NULL pointer dereference (CVE-ID: CVE-2025-38683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the netvsc_probe(), netvsc_remove(), netvsc_suspend(), netvsc_event_set_vf_ns() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
21) NULL pointer dereference (CVE-ID: CVE-2025-38684)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2025-38685)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the con2fb_init_display() and fbcon_set_disp() functions in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2025-38687)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the comedi_device_detach_cleanup() function in drivers/comedi/drivers.c, within the is_device_busy() and do_devconfig_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can escalate privileges on the system.
24) Use-after-free (CVE-ID: CVE-2025-38691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext_tree_encode_commit(), ext_tree_prepare_commit() and dprintk() functions in fs/nfs/blocklayout/extent_tree.c. A local user can escalate privileges on the system.
25) NULL pointer dereference (CVE-ID: CVE-2025-38693)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the w7090p_tuner_write_serpar() and w7090p_tuner_read_serpar() functions in drivers/media/dvb-frontends/dib7000p.c. A local user can perform a denial of service (DoS) attack.
26) NULL pointer dereference (CVE-ID: CVE-2025-38694)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dib7090p_rw_on_apb() function in drivers/media/dvb-frontends/dib7000p.c. A local user can perform a denial of service (DoS) attack.
27) NULL pointer dereference (CVE-ID: CVE-2025-38695)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli4_vport_delete_fcp_xri_aborted() function in drivers/scsi/lpfc/lpfc_scsi.c. A local user can perform a denial of service (DoS) attack.
28) NULL pointer dereference (CVE-ID: CVE-2025-38696)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mips_stack_top() function in arch/mips/kernel/process.c. A local user can perform a denial of service (DoS) attack.
29) Out-of-bounds read (CVE-ID: CVE-2025-38697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
30) Input validation error (CVE-ID: CVE-2025-38698)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_open() function in fs/jfs/file.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2025-38699)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfad_im_probe() function in drivers/scsi/bfa/bfad_im.c. A local user can escalate privileges on the system.
32) NULL pointer dereference (CVE-ID: CVE-2025-38700)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsi_conn_setup() function in drivers/scsi/libiscsi.c. A local user can perform a denial of service (DoS) attack.
33) Input validation error (CVE-ID: CVE-2025-38701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_create_inline_data(), ext4_update_inline_data() and ext4_inline_data_truncate() functions in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
34) Buffer overflow (CVE-ID: CVE-2025-38702)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the do_register_framebuffer() function in drivers/video/fbdev/core/fbmem.c. A local user can escalate privileges on the system.
35) NULL pointer dereference (CVE-ID: CVE-2025-38706)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_soc_remove_pcm_runtime() function in sound/soc/soc-core.c. A local user can perform a denial of service (DoS) attack.
36) Input validation error (CVE-ID: CVE-2025-38707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_dir_emit() function in fs/ntfs3/dir.c. A local user can perform a denial of service (DoS) attack.
37) Use-after-free (CVE-ID: CVE-2025-38708)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the handle_write_conflicts() function in drivers/block/drbd/drbd_receiver.c. A local user can escalate privileges on the system.
38) Improper locking (CVE-ID: CVE-2025-38711)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_create_link() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
39) Input validation error (CVE-ID: CVE-2025-38712)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the PTR_ERR() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
40) Out-of-bounds read (CVE-ID: CVE-2025-38713)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_uni2asc() function in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
41) Out-of-bounds read (CVE-ID: CVE-2025-38714)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the is_bnode_offset_valid(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy() and hfs_bnode_move() functions in fs/hfsplus/bnode.c. A local user can perform a denial of service (DoS) attack.
42) Out-of-bounds read (CVE-ID: CVE-2025-38715)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the is_bnode_offset_valid(), hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy() and hfs_bnode_move() functions in fs/hfs/bnode.c. A local user can perform a denial of service (DoS) attack.
43) Memory leak (CVE-ID: CVE-2025-38721)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ctnetlink_done(), ctnetlink_get_id(), NFNL_MSG_TYPE() and local_bh_enable() functions in net/netfilter/nf_conntrack_netlink.c. A local user can perform a denial of service (DoS) attack.
44) Improper locking (CVE-ID: CVE-2025-38723)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_jit_supports_kfunc_call(), emit_bpf_tail_call() and build_insn() functions in arch/loongarch/net/bpf_jit.c. A local user can perform a denial of service (DoS) attack.
45) Use-after-free (CVE-ID: CVE-2025-38724)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfsd4_setclientid_confirm() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
46) NULL pointer dereference (CVE-ID: CVE-2025-38725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ax88772_init_mdio() function in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.
47) Improper locking (CVE-ID: CVE-2025-38727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netlink_attachskb() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
48) Out-of-bounds read (CVE-ID: CVE-2025-38728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sizeof() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
49) Out-of-bounds read (CVE-ID: CVE-2025-38729)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_uac3_feature_unit() and FUNC() functions in sound/usb/validate.c. A local user can perform a denial of service (DoS) attack.
50) Memory leak (CVE-ID: CVE-2025-38732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nf_send_reset6() and nf_send_unreach6() functions in net/ipv6/netfilter/nf_reject_ipv6.c, within the nf_send_reset() and nf_send_unreach() functions in net/ipv4/netfilter/nf_reject_ipv4.c. A local user can perform a denial of service (DoS) attack.
51) NULL pointer dereference (CVE-ID: CVE-2025-38735)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_shutdown() function in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.
52) Out-of-bounds read (CVE-ID: CVE-2025-38736)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ax88772_init_mdio() function in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.
53) NULL pointer dereference (CVE-ID: CVE-2025-39673)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ppp_fill_forward_path(), ppp_unregister_channel(), ppp_connect_channel() and ppp_disconnect_channel() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
54) NULL pointer dereference (CVE-ID: CVE-2025-39675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_create_session() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.
55) NULL pointer dereference (CVE-ID: CVE-2025-39676)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla4xxx_get_ep_fwdb() function in drivers/scsi/qla4xxx/ql4_os.c. A local user can perform a denial of service (DoS) attack.
56) Use of uninitialized resource (CVE-ID: CVE-2025-39681)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the bsp_init_hygon() function in arch/x86/kernel/cpu/hygon.c. A local user can perform a denial of service (DoS) attack.
57) Memory leak (CVE-ID: CVE-2025-39682)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the decrypt_skb() and tls_sw_recvmsg() functions in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
58) Out-of-bounds read (CVE-ID: CVE-2025-39683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trace_get_user() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
59) Memory leak (CVE-ID: CVE-2025-39684)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the do_insnlist_ioctl() and do_insn_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
60) Out-of-bounds read (CVE-ID: CVE-2025-39685)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl726_attach() function in drivers/comedi/drivers/pcl726.c. A local user can perform a denial of service (DoS) attack.
61) Memory leak (CVE-ID: CVE-2025-39686)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the insn_rw_emulate_bits() function in drivers/comedi/drivers.c. A local user can perform a denial of service (DoS) attack.
62) Buffer overflow (CVE-ID: CVE-2025-39687)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the as73211_trigger_handler() function in drivers/iio/light/as73211.c. A local user can perform a denial of service (DoS) attack.
63) Use-after-free (CVE-ID: CVE-2025-39689)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_regex_open() and ftrace_regex_release() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
64) Use-after-free (CVE-ID: CVE-2025-39691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __end_buffer_read_notouch() function in fs/buffer.c. A local user can escalate privileges on the system.
65) NULL pointer dereference (CVE-ID: CVE-2025-39692)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ksmbd_rdma_init() and ksmbd_rdma_destroy() functions in fs/smb/server/transport_rdma.c, within the ksmbd_conn_transport_destroy() function in fs/smb/server/connection.c. A local user can perform a denial of service (DoS) attack.
66) NULL pointer dereference (CVE-ID: CVE-2025-39693)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_connector_atomic_check() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
67) Improper error handling (CVE-ID: CVE-2025-39694)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sclpint_to_sccb(), __sclp_find_req() and sclp_interrupt_handler() functions in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
68) Improper locking (CVE-ID: CVE-2025-39697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_page_set_inode_ref(), nfs_page_group_lock() and nfs_inode_remove_request() functions in fs/nfs/write.c, within the nfs_page_group_unlock() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
69) Input validation error (CVE-ID: CVE-2025-39701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the applicable_image() function in drivers/acpi/pfr_update.c. A local user can perform a denial of service (DoS) attack.
70) Resource management error (CVE-ID: CVE-2025-39702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the seg6_hmac_validate_skb() function in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
71) Input validation error (CVE-ID: CVE-2025-39703)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hsr_handle_frame() function in net/hsr/hsr_slave.c. A local user can perform a denial of service (DoS) attack.
72) NULL pointer dereference (CVE-ID: CVE-2025-39706)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kfd_exit() function in drivers/gpu/drm/amd/amdkfd/kfd_module.c. A local user can perform a denial of service (DoS) attack.
73) NULL pointer dereference (CVE-ID: CVE-2025-39709)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the venus_probe() function in drivers/media/platform/qcom/venus/core.c. A local user can perform a denial of service (DoS) attack.
74) Out-of-bounds read (CVE-ID: CVE-2025-39710)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the venus_write_queue() and venus_read_queue() functions in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.
75) Improper locking (CVE-ID: CVE-2025-39713)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rain_interrupt() function in drivers/media/cec/usb/rainshadow/rainshadow-cec.c. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-39714)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usbtv_configure_for_norm() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.
77) Input validation error (CVE-ID: CVE-2025-39715)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the 1: ldw 0(), 10: ldw 0() and 1: ldb 0() functions in arch/parisc/kernel/syscall.S. A local user can perform a denial of service (DoS) attack.
78) Input validation error (CVE-ID: CVE-2025-39716)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/parisc/include/asm/uaccess.h. A local user can perform a denial of service (DoS) attack.
79) Buffer overflow (CVE-ID: CVE-2025-39718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtio_transport_rx_work() function in net/vmw_vsock/virtio_transport.c. A local user can perform a denial of service (DoS) attack.
80) Out-of-bounds read (CVE-ID: CVE-2025-39719)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ARRAY_SIZE() and bno055_get_regmask() functions in drivers/iio/imu/bno055/bno055.c. A local user can perform a denial of service (DoS) attack.
81) Improper error handling (CVE-ID: CVE-2025-39724)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the serial8250_do_startup() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
82) Memory leak (CVE-ID: CVE-2025-39736)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mem_pool_alloc() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.
83) Memory leak (CVE-ID: CVE-2025-39737)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __kmemleak_do_cleanup() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.
84) Infinite loop (CVE-ID: CVE-2025-39738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the create_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
85) Division by zero (CVE-ID: CVE-2025-39742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the find_hw_thread_mask() function in drivers/infiniband/hw/hfi1/affinity.c. A local user can perform a denial of service (DoS) attack.
86) Input validation error (CVE-ID: CVE-2025-39743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_evict_inode() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
87) Improper locking (CVE-ID: CVE-2025-39749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/rcu/tree_plugin.h. A local user can perform a denial of service (DoS) attack.
88) Buffer overflow (CVE-ID: CVE-2025-39751)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the add_tuning_control() function in sound/pci/hda/patch_ca0132.c. A local user can escalate privileges on the system.
89) Input validation error (CVE-ID: CVE-2025-39752)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rockchip_smp_prepare_cpus() function in arch/arm/mach-rockchip/platsmp.c. A local user can perform a denial of service (DoS) attack.
90) Resource management error (CVE-ID: CVE-2025-39756)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the alloc_fdtable() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
91) Out-of-bounds read (CVE-ID: CVE-2025-39757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the convert_chmap_v3() and snd_usb_get_audioformat_uac3() functions in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
92) Use-after-free (CVE-ID: CVE-2025-39759)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_check_quota_leak() and btrfs_qgroup_rescan() functions in fs/btrfs/qgroup.c. A local user can escalate privileges on the system.
93) Out-of-bounds read (CVE-ID: CVE-2025-39760)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the usb_parse_ss_endpoint_companion() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
94) Resource management error (CVE-ID: CVE-2025-39766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cake_enqueue() function in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
95) Improper locking (CVE-ID: CVE-2025-39770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gso_features_check() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
96) NULL pointer dereference (CVE-ID: CVE-2025-39772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hibmc_load() function in drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c. A local user can perform a denial of service (DoS) attack.
97) Improper locking (CVE-ID: CVE-2025-39773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/bridge/br_private.h. A local user can perform a denial of service (DoS) attack.
98) Resource management error (CVE-ID: CVE-2025-39776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the destroy_args() function in mm/debug_vm_pgtable.c. A local user can perform a denial of service (DoS) attack.
99) Improper locking (CVE-ID: CVE-2025-39782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the jbd2_log_do_checkpoint() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
100) Use-after-free (CVE-ID: CVE-2025-39783)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_epf_remove_cfs() function in drivers/pci/endpoint/pci-epf-core.c. A local user can escalate privileges on the system.
101) Incorrect calculation (CVE-ID: CVE-2025-39787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qcom_mdt_get_size(), qcom_mdt_read_metadata() and __qcom_mdt_load() functions in drivers/soc/qcom/mdt_loader.c. A local user can perform a denial of service (DoS) attack.
102) Out-of-bounds read (CVE-ID: CVE-2025-39788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the exynos_ufs_post_link() function in drivers/scsi/ufs/ufs-exynos.c. A local user can perform a denial of service (DoS) attack.
103) Double free (CVE-ID: CVE-2025-39790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
104) Input validation error (CVE-ID: CVE-2025-39794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_cpu_reset_handler_enable() function in arch/arm/mach-tegra/reset.c. A local user can perform a denial of service (DoS) attack.
105) Buffer overflow (CVE-ID: CVE-2025-39795)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_stack_limits() function in block/blk-settings.c. A local user can escalate privileges on the system.
106) Input validation error (CVE-ID: CVE-2025-39798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs4_server_capabilities() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
107) Resource management error (CVE-ID: CVE-2025-39800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the btrfs_copy_root() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
108) Resource management error (CVE-ID: CVE-2025-39801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dwc3_stop_active_transfer() and dwc3_clear_stall_all_ep() functions in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
109) Input validation error (CVE-ID: CVE-2025-39806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt_report_fixup() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.
110) Resource management error (CVE-ID: CVE-2025-39808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ntrig_report_version() function in drivers/hid/hid-ntrig.c. A local user can perform a denial of service (DoS) attack.
111) Input validation error (CVE-ID: CVE-2025-39812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sctp_v6_from_sk() function in net/sctp/ipv6.c. A local user can perform a denial of service (DoS) attack.
112) Resource management error (CVE-ID: CVE-2025-39813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ftrace_dump() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
113) Buffer overflow (CVE-ID: CVE-2025-39817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efivarfs_d_compare() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
114) Resource management error (CVE-ID: CVE-2025-39819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smb2_compound_op() function in fs/smb/client/smb2inode.c. A local user can perform a denial of service (DoS) attack.
115) Input validation error (CVE-ID: CVE-2025-39823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_sched_yield() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
116) Resource management error (CVE-ID: CVE-2025-39824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the asus_probe() function in drivers/hid/hid-asus.c. A local user can perform a denial of service (DoS) attack.
117) Race condition (CVE-ID: CVE-2025-39825)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the cifs_rename2() function in fs/smb/client/inode.c. A local user can escalate privileges on the system.
118) Race condition (CVE-ID: CVE-2025-39826)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rose_timer_expiry() function in net/rose/rose_timer.c. A local user can escalate privileges on the system.
119) Resource management error (CVE-ID: CVE-2025-39827)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rose_add_node(), rose_del_node(), rose_add_loopback_node(), rose_del_loopback_node(), rose_rt_device_down(), rose_clear_routes(), rose_neigh_show() and rose_rt_free() functions in net/rose/rose_route.c. A local user can perform a denial of service (DoS) attack.
120) Out-of-bounds write (CVE-ID: CVE-2025-39828)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the vcc_sendmsg() function in net/atm/common.c. A local user can execute arbitrary code.
121) Memory leak (CVE-ID: CVE-2025-39835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xfs_da_read_buf() function in fs/xfs/libxfs/xfs_da_btree.c. A local user can perform a denial of service (DoS) attack.
122) NULL pointer dereference (CVE-ID: CVE-2025-39838)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cifs_strndup_to_utf16() function in fs/smb/client/cifs_unicode.c. A local user can perform a denial of service (DoS) attack.
123) Out-of-bounds read (CVE-ID: CVE-2025-39839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the batadv_nc_skb_decode_packet() function in net/batman-adv/network-coding.c. A local user can perform a denial of service (DoS) attack.
124) Use-after-free (CVE-ID: CVE-2025-39841)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_nvmet_defer_rcv() function in drivers/scsi/lpfc/lpfc_nvmet.c. A local user can escalate privileges on the system.
125) NULL pointer dereference (CVE-ID: CVE-2025-39842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_clear_inode() function in fs/ocfs2/inode.c. A local user can perform a denial of service (DoS) attack.
126) Improper locking (CVE-ID: CVE-2025-39843)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the get_track(), set_track_update(), free_debug_processing(), ___slab_alloc() and free_to_partial_list() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
127) Improper Initialization (CVE-ID: CVE-2025-39844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the include/linux/vmalloc.h. A local user can perform a denial of service (DoS) attack.
128) Resource management error (CVE-ID: CVE-2025-39845)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sync_global_pgds() function in arch/x86/mm/init_64.c. A local user can perform a denial of service (DoS) attack.
129) NULL pointer dereference (CVE-ID: CVE-2025-39846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __iodyn_find_io_region() function in drivers/pcmcia/rsrc_iodyn.c. A local user can perform a denial of service (DoS) attack.
130) Memory leak (CVE-ID: CVE-2025-39847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pad_compress_skb() and ppp_send_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
131) Input validation error (CVE-ID: CVE-2025-39848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ax25_rcv() function in net/ax25/ax25_in.c. A local user can perform a denial of service (DoS) attack.
132) Buffer overflow (CVE-ID: CVE-2025-39849)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the __cfg80211_connect_result() function in net/wireless/sme.c. A local user can escalate privileges on the system.
133) NULL pointer dereference (CVE-ID: CVE-2025-39853)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_client_add_instance() function in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.
134) NULL pointer dereference (CVE-ID: CVE-2025-39857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_ib_is_sg_need_sync() function in net/smc/smc_ib.c. A local user can perform a denial of service (DoS) attack.
135) Use-after-free (CVE-ID: CVE-2025-39860)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
136) Use-after-free (CVE-ID: CVE-2025-39864)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cfg80211_update_known_bss() function in net/wireless/scan.c. A local user can escalate privileges on the system.
137) NULL pointer dereference (CVE-ID: CVE-2025-39865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
138) Use-after-free (CVE-ID: CVE-2025-39866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.
139) Input validation error (CVE-ID: CVE-2025-40300)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vcpu_enter_guest() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.