SB20251015150 - SUSE update for the Linux Kernel
Published: October 15, 2025 Updated: November 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 149 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2023-3867)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the KSMBD implementation in the Linux kernel. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
2) Input validation error (CVE-ID: CVE-2023-4130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2023-4515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ksmbd_smb2_check_message() function in fs/ksmbd/smb2misc.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2024-26661)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn21_set_abm_immediate_disable() function in drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c. A local user can perform a denial of service (DoS) attack.
5) Memory leak (CVE-ID: CVE-2024-46733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
6) Resource management error (CVE-ID: CVE-2024-53125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the find_equal_scalars() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
7) Resource management error (CVE-ID: CVE-2024-58238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ps_start_timer(), ps_control(), ps_setup(), nxp_dequeue() and btnxpuart_tx_work() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
8) Infinite loop (CVE-ID: CVE-2024-58239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the tls_sw_recvmsg() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2025-22022)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/usb/host/xhci.h. A local user can perform a denial of service (DoS) attack.
10) Use-after-free (CVE-ID: CVE-2025-37885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
11) Input validation error (CVE-ID: CVE-2025-38006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_dump_addrinfo() function in net/mctp/device.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2025-38075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.
13) Out-of-bounds read (CVE-ID: CVE-2025-38103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
14) Input validation error (CVE-ID: CVE-2025-38125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.
15) Out-of-bounds read (CVE-ID: CVE-2025-38146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.
16) Improper error handling (CVE-ID: CVE-2025-38160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the raspberrypi_clk_register() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
17) NULL pointer dereference (CVE-ID: CVE-2025-38184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
18) Memory leak (CVE-ID: CVE-2025-38185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atmtcp_c_send() function in drivers/atm/atmtcp.c. A local user can perform a denial of service (DoS) attack.
19) Memory leak (CVE-ID: CVE-2025-38190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_pop_raw() function in net/atm/raw.c, within the vcc_sendmsg() function in net/atm/common.c. A local user can perform a denial of service (DoS) attack.
20) Buffer overflow (CVE-ID: CVE-2025-38201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
21) Division by zero (CVE-ID: CVE-2025-38205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the populate_dummy_dml_surface_cfg() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c. A local user can perform a denial of service (DoS) attack.
22) NULL pointer dereference (CVE-ID: CVE-2025-38208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the automount_fullpath() function in fs/smb/client/namespace.c. A local user can perform a denial of service (DoS) attack.
23) Incorrect calculation (CVE-ID: CVE-2025-38245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the atm_dev_deregister() function in net/atm/resources.c. A local user can perform a denial of service (DoS) attack.
24) Input validation error (CVE-ID: CVE-2025-38251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clip_push() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2025-38255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the group_cpus_evenly() function in lib/group_cpus.c. A local user can perform a denial of service (DoS) attack.
26) Use-after-free (CVE-ID: CVE-2025-38263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the CLOSURE_CALLBACK() function in drivers/md/bcache/super.c. A local user can escalate privileges on the system.
27) Resource management error (CVE-ID: CVE-2025-38360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn35_calc_blocks_to_gate() and dcn35_calc_blocks_to_ungate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c. A local user can perform a denial of service (DoS) attack.
28) Resource management error (CVE-ID: CVE-2025-38402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idpf_get_rxfh_key_size() and idpf_get_rxfh_indir_size() functions in drivers/net/ethernet/intel/idpf/idpf_ethtool.c. A local user can perform a denial of service (DoS) attack.
29) Resource management error (CVE-ID: CVE-2025-38408)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the irq_domain_create_sim_full() function in kernel/irq/irq_sim.c. A local user can perform a denial of service (DoS) attack.
30) Memory leak (CVE-ID: CVE-2025-38418)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_resource_cleanup() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
31) Memory leak (CVE-ID: CVE-2025-38419)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_attach() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
32) Resource management error (CVE-ID: CVE-2025-38439)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
33) Use of uninitialized resource (CVE-ID: CVE-2025-38441)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the include/net/netfilter/nf_flow_table.h. A local user can perform a denial of service (DoS) attack.
34) Memory leak (CVE-ID: CVE-2025-38444)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid10_read_request() and raid10_write_request() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
35) Use-after-free (CVE-ID: CVE-2025-38445)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_reshape() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
36) Buffer overflow (CVE-ID: CVE-2025-38456)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ipmi_create_user() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
37) NULL pointer dereference (CVE-ID: CVE-2025-38458)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atmarpd_close() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
38) Improper locking (CVE-ID: CVE-2025-38459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clip_mkip() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
39) Use-after-free (CVE-ID: CVE-2025-38464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_topsrv_stop() function in net/tipc/topsrv.c. A local user can escalate privileges on the system.
40) Buffer overflow (CVE-ID: CVE-2025-38466)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the perf_uprobe_event_init() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
41) Use-after-free (CVE-ID: CVE-2025-38472)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_ct_resolve_clash_harder(), __nf_conntrack_confirm() and __nf_conntrack_insert_prepare() functions in net/netfilter/nf_conntrack_core.c. A local user can escalate privileges on the system.
42) Use-after-free (CVE-ID: CVE-2025-38488)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the crypt_message() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
43) Input validation error (CVE-ID: CVE-2025-38491)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
44) Input validation error (CVE-ID: CVE-2025-38499)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
45) Use-after-free (CVE-ID: CVE-2025-38500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrmi_changelink() function in net/xfrm/xfrm_interface_core.c. A local user can escalate privileges on the system.
46) Reachable assertion (CVE-ID: CVE-2025-38503)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
47) Improper locking (CVE-ID: CVE-2025-38506)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_vm_set_mem_attributes() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
48) Improper locking (CVE-ID: CVE-2025-38510)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_task_stack_addr() and print_address_description() functions in mm/kasan/report.c. A local user can perform a denial of service (DoS) attack.
49) Input validation error (CVE-ID: CVE-2025-38512)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
50) NULL pointer dereference (CVE-ID: CVE-2025-38513)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
51) Improper error handling (CVE-ID: CVE-2025-38514)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rxrpc_alloc_incoming_call() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
52) Improper locking (CVE-ID: CVE-2025-38515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/drm/spsc_queue.h. A local user can perform a denial of service (DoS) attack.
53) Input validation error (CVE-ID: CVE-2025-38516)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msm_gpio_needs_dual_edge_parent_workaround() and msm_gpio_init() functions in drivers/pinctrl/qcom/pinctrl-msm.c. A local user can perform a denial of service (DoS) attack.
54) Memory leak (CVE-ID: CVE-2025-38520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svm_range_split_head(), svm_range_split_by_granularity(), svm_range_add_list_work(), schedule_deferred_list_work(), svm_range_unmap_split(), svm_range_unmap_from_cpu() and svm_range_cpu_invalidate_pagetables() functions in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
55) Improper locking (CVE-ID: CVE-2025-38524)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_see_call() and release_sock() functions in net/rxrpc/recvmsg.c, within the rxrpc_discard_prealloc() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
56) NULL pointer dereference (CVE-ID: CVE-2025-38526)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_lag_is_switchdev_running() function in drivers/net/ethernet/intel/ice/ice_lag.c. A local user can perform a denial of service (DoS) attack.
57) Use-after-free (CVE-ID: CVE-2025-38527)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.
58) Resource management error (CVE-ID: CVE-2025-38528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_bprintf_prepare() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
59) Out-of-bounds read (CVE-ID: CVE-2025-38529)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aio_iiro_16_attach() function in drivers/comedi/drivers/aio_iiro_16.c. A local user can perform a denial of service (DoS) attack.
60) Out-of-bounds read (CVE-ID: CVE-2025-38530)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl812_attach() function in drivers/comedi/drivers/pcl812.c. A local user can perform a denial of service (DoS) attack.
61) Use of uninitialized resource (CVE-ID: CVE-2025-38531)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the st_sensors_allocate_trigger() function in drivers/iio/common/st_sensors/st_sensors_trigger.c, within the st_sensors_set_fullscale(), st_sensors_power_enable(), EXPORT_SYMBOL_NS(), st_sensors_set_drdy_int_pin() and st_sensors_init_sensor() functions in drivers/iio/common/st_sensors/st_sensors_core.c, within the apply_acpi_orientation() function in drivers/iio/accel/st_accel_core.c. A local user can perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2025-38533)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wx_alloc_mapped_page() and wx_alloc_rx_buffers() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can escalate privileges on the system.
63) Resource management error (CVE-ID: CVE-2025-38535)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tegra186_xusb_padctl_vbus_override(), tegra186_xusb_padctl_id_override() and tegra186_utmi_phy_set_mode() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can perform a denial of service (DoS) attack.
64) Improper locking (CVE-ID: CVE-2025-38537)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the phy_probe() and phy_remove() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
65) Buffer overflow (CVE-ID: CVE-2025-38538)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nbpf_probe() function in drivers/dma/nbpfaxi.c. A local user can escalate privileges on the system.
66) Input validation error (CVE-ID: CVE-2025-38540)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2025-38541)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7925_thermal_init() function in drivers/net/wireless/mediatek/mt76/mt7925/init.c. A local user can perform a denial of service (DoS) attack.
68) Improper error handling (CVE-ID: CVE-2025-38543)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvdec_load_falcon_firmware() function in drivers/gpu/drm/tegra/nvdec.c. A local user can perform a denial of service (DoS) attack.
69) Reachable assertion (CVE-ID: CVE-2025-38544)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rxrpc_service_prealloc_one() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
70) Memory leak (CVE-ID: CVE-2025-38546)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
71) Input validation error (CVE-ID: CVE-2025-38548)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_BITMAP(), send_usb_cmd() and ccp_raw_event() functions in drivers/hwmon/corsair-cpro.c. A local user can perform a denial of service (DoS) attack.
72) Input validation error (CVE-ID: CVE-2025-38550)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mld_del_delrec() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
73) Improper locking (CVE-ID: CVE-2025-38553)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
74) Use-after-free (CVE-ID: CVE-2025-38555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the composite_os_desc_req_prepare() function in drivers/usb/gadget/composite.c. A local user can escalate privileges on the system.
75) Out-of-bounds read (CVE-ID: CVE-2025-38556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
76) Input validation error (CVE-ID: CVE-2025-38560)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the early_set_pages_state() function in arch/x86/kernel/sev.c, within the setup_cpuid_table() and pvalidate_pages() functions in arch/x86/kernel/sev-shared.c, within the get_cpuflags() function in arch/x86/boot/cpuflags.c, within the __page_state_change() function in arch/x86/boot/compressed/sev.c. A local user can perform a denial of service (DoS) attack.
77) Memory leak (CVE-ID: CVE-2025-38563)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
78) Memory leak (CVE-ID: CVE-2025-38565)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() and vm_flags_set() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
79) Resource management error (CVE-ID: CVE-2025-38566)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
80) Out-of-bounds read (CVE-ID: CVE-2025-38568)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mqprio_parse_opt() function in net/sched/sch_mqprio.c. A local user can perform a denial of service (DoS) attack.
81) Incorrect calculation (CVE-ID: CVE-2025-38571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the xs_alloc_sparse_pages(), xs_sock_process_cmsg(), xs_sock_recvmsg() and xs_read_discard() functions in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
82) Integer overflow (CVE-ID: CVE-2025-38572)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
83) Use of uninitialized resource (CVE-ID: CVE-2025-38574)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the pptp_xmit() function in drivers/net/ppp/pptp.c. A local user can perform a denial of service (DoS) attack.
84) Infinite loop (CVE-ID: CVE-2025-38576)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the eeh_bridge_check_link() function in arch/powerpc/kernel/eeh_pe.c, within the eeh_pe_report_edev(), eeh_pe_report(), eeh_dev_restore_state(), eeh_reset_device(), eeh_handle_normal_event(), eeh_pe_state_clear(), eeh_clear_slot_attention() and eeh_handle_special_event() functions in arch/powerpc/kernel/eeh_driver.c. A local user can perform a denial of service (DoS) attack.
85) NULL pointer dereference (CVE-ID: CVE-2025-38581)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ccp5_debugfs_setup() function in drivers/crypto/ccp/ccp-debugfs.c. A local user can perform a denial of service (DoS) attack.
86) Buffer overflow (CVE-ID: CVE-2025-38582)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hns_roce_setup_hca() and hns_roce_init() functions in drivers/infiniband/hw/hns/hns_roce_main.c, within the hns_roce_v2_init() and __hns_roce_hw_v2_init_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
87) NULL pointer dereference (CVE-ID: CVE-2025-38583)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xvcu_unregister_clock_provider() function in drivers/clk/xilinx/xlnx_vcu.c. A local user can perform a denial of service (DoS) attack.
88) Buffer overflow (CVE-ID: CVE-2025-38585)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the gmin_get_config_var() function in drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c. A local user can escalate privileges on the system.
89) Infinite loop (CVE-ID: CVE-2025-38587)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fib6_info_uses_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
90) Infinite loop (CVE-ID: CVE-2025-38588)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rt6_nh_nlmsg_size() function in net/ipv6/route.c, within the WRITE_ONCE() and fib6_del_route() functions in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
91) NULL pointer dereference (CVE-ID: CVE-2025-38590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_ipsec_offload_handle_rx_skb() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c. A local user can perform a denial of service (DoS) attack.
92) Resource management error (CVE-ID: CVE-2025-38591)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_skb_is_valid_access(), sock_addr_is_valid_access(), sock_ops_is_valid_access(), sk_msg_is_valid_access() and sk_lookup_is_valid_access() functions in net/core/filter.c, within the cg_sockopt_is_valid_access() function in kernel/bpf/cgroup.c. A local user can perform a denial of service (DoS) attack.
93) NULL pointer dereference (CVE-ID: CVE-2025-38593)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/bluetooth/hci_core.h. A local user can perform a denial of service (DoS) attack.
94) Use-after-free (CVE-ID: CVE-2025-38595)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dmabuf_exp_from_pages() function in drivers/xen/gntdev-dmabuf.c. A local user can escalate privileges on the system.
95) NULL pointer dereference (CVE-ID: CVE-2025-38597)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vop2_create_crtcs() function in drivers/gpu/drm/rockchip/rockchip_drm_vop2.c. A local user can perform a denial of service (DoS) attack.
96) Improper locking (CVE-ID: CVE-2025-38601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in drivers/net/wireless/ath/ath11k/hal.c. A local user can perform a denial of service (DoS) attack.
97) NULL pointer dereference (CVE-ID: CVE-2025-38602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2025-38604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl8187_stop() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can perform a denial of service (DoS) attack.
99) NULL pointer dereference (CVE-ID: CVE-2025-38605)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the u32_encode_bits() function in drivers/net/wireless/ath/ath12k/dp_tx.c. A local user can perform a denial of service (DoS) attack.
100) Use of uninitialized resource (CVE-ID: CVE-2025-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
101) NULL pointer dereference (CVE-ID: CVE-2025-38609)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devfreq_remove_governor() function in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
102) NULL pointer dereference (CVE-ID: CVE-2025-38610)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_pd_power_uw() function in drivers/powercap/dtpm_cpu.c. A local user can perform a denial of service (DoS) attack.
103) Memory leak (CVE-ID: CVE-2025-38612)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fbtft_framebuffer_alloc() function in drivers/staging/fbtft/fbtft-core.c. A local user can perform a denial of service (DoS) attack.
104) Infinite loop (CVE-ID: CVE-2025-38614)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ep_poll() and ep_loop_check_proc() functions in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
105) Improper locking (CVE-ID: CVE-2025-38617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the packet_set_ring() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
106) Use-after-free (CVE-ID: CVE-2025-38618)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
107) NULL pointer dereference (CVE-ID: CVE-2025-38621)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rdev_is_spare() and rdev_addable() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
108) Improper error handling (CVE-ID: CVE-2025-38622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/net/udp.h. A local user can perform a denial of service (DoS) attack.
109) Improper error handling (CVE-ID: CVE-2025-38623)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pnv_php_set_attention_state(), pnv_php_enable() and pnv_php_enable_msix() functions in drivers/pci/hotplug/pnv_php.c, within the pci_hp_add_devices() function in arch/powerpc/kernel/pci-hotplug.c. A local user can perform a denial of service (DoS) attack.
110) Memory leak (CVE-ID: CVE-2025-38624)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
111) NULL pointer dereference (CVE-ID: CVE-2025-38630)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imxfb_probe() function in drivers/video/fbdev/imxfb.c. A local user can perform a denial of service (DoS) attack.
112) NULL pointer dereference (CVE-ID: CVE-2025-38632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pin_free() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
113) NULL pointer dereference (CVE-ID: CVE-2025-38634)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpcap_usb_detect() function in drivers/power/supply/cpcap-charger.c. A local user can perform a denial of service (DoS) attack.
114) NULL pointer dereference (CVE-ID: CVE-2025-38635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the davinci_lpsc_clk_register() function in drivers/clk/davinci/psc.c. A local user can perform a denial of service (DoS) attack.
115) Out-of-bounds read (CVE-ID: CVE-2025-38639)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfacct_mt_checkentry() function in net/netfilter/xt_nfacct.c. A local user can perform a denial of service (DoS) attack.
116) Improper locking (CVE-ID: CVE-2025-38640)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_hook_run_bpf() function in net/netfilter/nf_bpf_link.c. A local user can perform a denial of service (DoS) attack.
117) Improper locking (CVE-ID: CVE-2025-38643)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cfg80211_check_and_end_cac() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
118) Use of uninitialized resource (CVE-ID: CVE-2025-38644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.
119) NULL pointer dereference (CVE-ID: CVE-2025-38645)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_init_once() function in drivers/net/ethernet/mellanox/mlx5/core/main.c, within the mlx5_dm_create() and kfree() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c, within the handle_alloc_dm_memic() function in drivers/infiniband/hw/mlx5/dm.c. A local user can perform a denial of service (DoS) attack.
120) NULL pointer dereference (CVE-ID: CVE-2025-38646)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_core_cancel_6ghz_probe_tx() function in drivers/net/wireless/realtek/rtw89/core.c. A local user can perform a denial of service (DoS) attack.
121) Improper locking (CVE-ID: CVE-2025-38650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_free_extents() function in fs/hfsplus/extents.c. A local user can perform a denial of service (DoS) attack.
122) Use-after-free (CVE-ID: CVE-2025-38656)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iwl_op_mode_dvm_start() function in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can escalate privileges on the system.
123) Use-after-free (CVE-ID: CVE-2025-38659)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the signal_our_withdraw() function in fs/gfs2/util.c. A local user can escalate privileges on the system.
124) Input validation error (CVE-ID: CVE-2025-38660)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_longname() function in fs/ceph/crypto.c. A local user can perform a denial of service (DoS) attack.
125) Input validation error (CVE-ID: CVE-2025-38663)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nilfs_read_inode() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
126) NULL pointer dereference (CVE-ID: CVE-2025-38664)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_copy_and_init_pkg() function in drivers/net/ethernet/intel/ice/ice_ddp.c. A local user can perform a denial of service (DoS) attack.
127) NULL pointer dereference (CVE-ID: CVE-2025-38665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_changelink() function in drivers/net/can/dev/netlink.c, within the can_change_state(), can_restart() and can_restart_now() functions in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
128) NULL pointer dereference (CVE-ID: CVE-2025-38668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the regulator_remove_coupling() function in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
129) Improper error handling (CVE-ID: CVE-2025-38670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_END(), SYM_FUNC_START() and NOKPROBE() functions in arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
130) Infinite loop (CVE-ID: CVE-2025-38671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the qup_i2c_bus_active() function in drivers/i2c/busses/i2c-qup.c. A local user can perform a denial of service (DoS) attack.
131) Buffer overflow (CVE-ID: CVE-2025-38676)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_ivrs_acpihid() function in drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
132) Resource management error (CVE-ID: CVE-2025-38678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_updchain() and nft_flowtable_update() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
133) Memory leak (CVE-ID: CVE-2025-38679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_seq_changed() function in drivers/media/platform/qcom/venus/hfi_msgs.c. A local user can perform a denial of service (DoS) attack.
134) Input validation error (CVE-ID: CVE-2025-38701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_create_inline_data(), ext4_update_inline_data() and ext4_inline_data_truncate() functions in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
135) NULL pointer dereference (CVE-ID: CVE-2025-38705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_set_pp_power_profile_mode() and parse_input_od_command_lines() functions in drivers/gpu/drm/amd/pm/amdgpu_pm.c. A local user can perform a denial of service (DoS) attack.
136) Buffer overflow (CVE-ID: CVE-2025-38709)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the loop_set_dio(), loop_set_block_size(), lo_simple_ioctl() and lo_ioctl() functions in drivers/block/loop.c. A local user can escalate privileges on the system.
137) Memory leak (CVE-ID: CVE-2025-38721)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ctnetlink_done(), ctnetlink_get_id(), NFNL_MSG_TYPE() and local_bh_enable() functions in net/netfilter/nf_conntrack_netlink.c. A local user can perform a denial of service (DoS) attack.
138) Use-after-free (CVE-ID: CVE-2025-38722)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hl_release_dmabuf() and export_dmabuf() functions in drivers/accel/habanalabs/common/memory.c. A local user can escalate privileges on the system.
139) Improper locking (CVE-ID: CVE-2025-38730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_bundle_nbufs(), io_sendmsg(), io_net_kbuf_recyle(), io_send_zc() and io_sendmsg_zc() functions in io_uring/net.c. A local user can perform a denial of service (DoS) attack.
140) Memory leak (CVE-ID: CVE-2025-38732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nf_send_reset6() and nf_send_unreach6() functions in net/ipv6/netfilter/nf_reject_ipv6.c, within the nf_send_reset() and nf_send_unreach() functions in net/ipv4/netfilter/nf_reject_ipv4.c. A local user can perform a denial of service (DoS) attack.
141) NULL pointer dereference (CVE-ID: CVE-2025-39678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hsmp_metric_tbl_read() function in drivers/platform/x86/amd/hsmp/hsmp.c. A local user can perform a denial of service (DoS) attack.
142) Memory leak (CVE-ID: CVE-2025-39682)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the decrypt_skb() and tls_sw_recvmsg() functions in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
143) Use-after-free (CVE-ID: CVE-2025-39691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __end_buffer_read_notouch() function in fs/buffer.c. A local user can escalate privileges on the system.
144) Input validation error (CVE-ID: CVE-2025-39703)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hsr_handle_frame() function in net/hsr/hsr_slave.c. A local user can perform a denial of service (DoS) attack.
145) NULL pointer dereference (CVE-ID: CVE-2025-39705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_destruct() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
146) Buffer overflow (CVE-ID: CVE-2025-39718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtio_transport_rx_work() function in net/vmw_vsock/virtio_transport.c. A local user can perform a denial of service (DoS) attack.
147) Input validation error (CVE-ID: CVE-2025-39746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath10k_wmi_cmd_send() function in drivers/net/wireless/ath/ath10k/wmi.c. A local user can perform a denial of service (DoS) attack.
148) Improper locking (CVE-ID: CVE-2025-39773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/bridge/br_private.h. A local user can perform a denial of service (DoS) attack.
149) Improper locking (CVE-ID: CVE-2025-39782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the jbd2_log_do_checkpoint() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.