SB20251017141 - SUSE update for the Linux Kernel
Published: October 17, 2025 Updated: November 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 196 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2023-3867)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the KSMBD implementation in the Linux kernel. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
2) Input validation error (CVE-ID: CVE-2023-4130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2023-4515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ksmbd_smb2_check_message() function in fs/ksmbd/smb2misc.c. A local user can perform a denial of service (DoS) attack.
4) Memory leak (CVE-ID: CVE-2023-53261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_validate_dsd_graph(), acpi_validate_coresight_graph() and acpi_coresight_parse_graph() functions in drivers/hwtracing/coresight/coresight-platform.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2023-5633)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error when running inside a VMware guest with 3D acceleration enabled. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
6) Resource management error (CVE-ID: CVE-2024-26661)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn21_set_abm_immediate_disable() function in drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c. A local user can perform a denial of service (DoS) attack.
7) Memory leak (CVE-ID: CVE-2024-46733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
8) Infinite loop (CVE-ID: CVE-2024-58090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the !defined() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
9) Resource management error (CVE-ID: CVE-2024-58238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ps_start_timer(), ps_control(), ps_setup(), nxp_dequeue() and btnxpuart_tx_work() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
10) Infinite loop (CVE-ID: CVE-2024-58239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the tls_sw_recvmsg() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2025-22022)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/usb/host/xhci.h. A local user can perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2025-37885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
13) Input validation error (CVE-ID: CVE-2025-38006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_dump_addrinfo() function in net/mctp/device.c. A local user can perform a denial of service (DoS) attack.
14) NULL pointer dereference (CVE-ID: CVE-2025-38075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.
15) Out-of-bounds read (CVE-ID: CVE-2025-38103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2025-38119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_err_handler() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2025-38125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.
18) Out-of-bounds read (CVE-ID: CVE-2025-38146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.
19) Improper error handling (CVE-ID: CVE-2025-38160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the raspberrypi_clk_register() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
20) NULL pointer dereference (CVE-ID: CVE-2025-38184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
21) Memory leak (CVE-ID: CVE-2025-38185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atmtcp_c_send() function in drivers/atm/atmtcp.c. A local user can perform a denial of service (DoS) attack.
22) Memory leak (CVE-ID: CVE-2025-38190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_pop_raw() function in net/atm/raw.c, within the vcc_sendmsg() function in net/atm/common.c. A local user can perform a denial of service (DoS) attack.
23) Buffer overflow (CVE-ID: CVE-2025-38201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
24) Division by zero (CVE-ID: CVE-2025-38205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the populate_dummy_dml_surface_cfg() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c. A local user can perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2025-38208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the automount_fullpath() function in fs/smb/client/namespace.c. A local user can perform a denial of service (DoS) attack.
26) Input validation error (CVE-ID: CVE-2025-38216)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the intel_nested_attach_dev() function in drivers/iommu/intel/nested.c, within the dmar_domain_attach_device(), device_block_translation() and identity_domain_attach_dev() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
27) Improper locking (CVE-ID: CVE-2025-38234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the find_lowest_rq() and find_lock_lowest_rq() functions in kernel/sched/rt.c. A local user can perform a denial of service (DoS) attack.
28) Incorrect calculation (CVE-ID: CVE-2025-38245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the atm_dev_deregister() function in net/atm/resources.c. A local user can perform a denial of service (DoS) attack.
29) Input validation error (CVE-ID: CVE-2025-38251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clip_push() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2025-38255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the group_cpus_evenly() function in lib/group_cpus.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2025-38263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the CLOSURE_CALLBACK() function in drivers/md/bcache/super.c. A local user can escalate privileges on the system.
32) Input validation error (CVE-ID: CVE-2025-38351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_hv_vcpu_flush_tlb() function in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.
33) Resource management error (CVE-ID: CVE-2025-38360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn35_calc_blocks_to_gate() and dcn35_calc_blocks_to_ungate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c. A local user can perform a denial of service (DoS) attack.
34) Resource management error (CVE-ID: CVE-2025-38402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idpf_get_rxfh_key_size() and idpf_get_rxfh_indir_size() functions in drivers/net/ethernet/intel/idpf/idpf_ethtool.c. A local user can perform a denial of service (DoS) attack.
35) Resource management error (CVE-ID: CVE-2025-38408)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the irq_domain_create_sim_full() function in kernel/irq/irq_sim.c. A local user can perform a denial of service (DoS) attack.
36) Memory leak (CVE-ID: CVE-2025-38418)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_resource_cleanup() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
37) Memory leak (CVE-ID: CVE-2025-38419)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_attach() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
38) Resource management error (CVE-ID: CVE-2025-38439)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
39) NULL pointer dereference (CVE-ID: CVE-2025-38440)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_dim_rx_change() and mlx5e_dim_tx_change() functions in drivers/net/ethernet/mellanox/mlx5/core/en_dim.c. A local user can perform a denial of service (DoS) attack.
40) Use of uninitialized resource (CVE-ID: CVE-2025-38441)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the include/net/netfilter/nf_flow_table.h. A local user can perform a denial of service (DoS) attack.
41) Memory leak (CVE-ID: CVE-2025-38444)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid10_read_request() and raid10_write_request() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
42) Use-after-free (CVE-ID: CVE-2025-38445)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_reshape() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
43) Buffer overflow (CVE-ID: CVE-2025-38456)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ipmi_create_user() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
44) NULL pointer dereference (CVE-ID: CVE-2025-38458)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atmarpd_close() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
45) Improper locking (CVE-ID: CVE-2025-38459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clip_mkip() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
46) Use-after-free (CVE-ID: CVE-2025-38464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_topsrv_stop() function in net/tipc/topsrv.c. A local user can escalate privileges on the system.
47) Buffer overflow (CVE-ID: CVE-2025-38466)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the perf_uprobe_event_init() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
48) Use-after-free (CVE-ID: CVE-2025-38472)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_ct_resolve_clash_harder(), __nf_conntrack_confirm() and __nf_conntrack_insert_prepare() functions in net/netfilter/nf_conntrack_core.c. A local user can escalate privileges on the system.
49) Use-after-free (CVE-ID: CVE-2025-38488)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the crypt_message() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
50) Double free (CVE-ID: CVE-2025-38490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the wx_dma_sync_frag(), wx_put_rx_buffer() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
51) Input validation error (CVE-ID: CVE-2025-38491)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
52) Input validation error (CVE-ID: CVE-2025-38499)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
53) Use-after-free (CVE-ID: CVE-2025-38500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrmi_changelink() function in net/xfrm/xfrm_interface_core.c. A local user can escalate privileges on the system.
54) Reachable assertion (CVE-ID: CVE-2025-38503)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
55) Improper locking (CVE-ID: CVE-2025-38506)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_vm_set_mem_attributes() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
56) Improper locking (CVE-ID: CVE-2025-38510)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_task_stack_addr() and print_address_description() functions in mm/kasan/report.c. A local user can perform a denial of service (DoS) attack.
57) Reachable assertion (CVE-ID: CVE-2025-38511)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the lmtt_pt_alloc(), lmtt_pt_free() and lmtt_write_pte() functions in drivers/gpu/drm/xe/xe_lmtt.c. A local user can perform a denial of service (DoS) attack.
58) Input validation error (CVE-ID: CVE-2025-38512)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
59) NULL pointer dereference (CVE-ID: CVE-2025-38513)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
60) Improper error handling (CVE-ID: CVE-2025-38514)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rxrpc_alloc_incoming_call() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
61) Improper locking (CVE-ID: CVE-2025-38515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/drm/spsc_queue.h. A local user can perform a denial of service (DoS) attack.
62) Input validation error (CVE-ID: CVE-2025-38516)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msm_gpio_needs_dual_edge_parent_workaround() and msm_gpio_init() functions in drivers/pinctrl/qcom/pinctrl-msm.c. A local user can perform a denial of service (DoS) attack.
63) Memory leak (CVE-ID: CVE-2025-38520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svm_range_split_head(), svm_range_split_by_granularity(), svm_range_add_list_work(), schedule_deferred_list_work(), svm_range_unmap_split(), svm_range_unmap_from_cpu() and svm_range_cpu_invalidate_pagetables() functions in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
64) Resource management error (CVE-ID: CVE-2025-38521)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pvr_power_reset() function in drivers/gpu/drm/imagination/pvr_power.c. A local user can perform a denial of service (DoS) attack.
65) Improper locking (CVE-ID: CVE-2025-38524)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_see_call() and release_sock() functions in net/rxrpc/recvmsg.c, within the rxrpc_discard_prealloc() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
66) NULL pointer dereference (CVE-ID: CVE-2025-38526)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_lag_is_switchdev_running() function in drivers/net/ethernet/intel/ice/ice_lag.c. A local user can perform a denial of service (DoS) attack.
67) Use-after-free (CVE-ID: CVE-2025-38527)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.
68) Resource management error (CVE-ID: CVE-2025-38528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_bprintf_prepare() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
69) Out-of-bounds read (CVE-ID: CVE-2025-38529)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aio_iiro_16_attach() function in drivers/comedi/drivers/aio_iiro_16.c. A local user can perform a denial of service (DoS) attack.
70) Out-of-bounds read (CVE-ID: CVE-2025-38530)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl812_attach() function in drivers/comedi/drivers/pcl812.c. A local user can perform a denial of service (DoS) attack.
71) Use of uninitialized resource (CVE-ID: CVE-2025-38531)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the st_sensors_allocate_trigger() function in drivers/iio/common/st_sensors/st_sensors_trigger.c, within the st_sensors_set_fullscale(), st_sensors_power_enable(), EXPORT_SYMBOL_NS(), st_sensors_set_drdy_int_pin() and st_sensors_init_sensor() functions in drivers/iio/common/st_sensors/st_sensors_core.c, within the apply_acpi_orientation() function in drivers/iio/accel/st_accel_core.c. A local user can perform a denial of service (DoS) attack.
72) Use-after-free (CVE-ID: CVE-2025-38533)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wx_alloc_mapped_page() and wx_alloc_rx_buffers() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can escalate privileges on the system.
73) Resource management error (CVE-ID: CVE-2025-38535)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tegra186_xusb_padctl_vbus_override(), tegra186_xusb_padctl_id_override() and tegra186_utmi_phy_set_mode() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can perform a denial of service (DoS) attack.
74) Improper locking (CVE-ID: CVE-2025-38537)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the phy_probe() and phy_remove() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
75) Buffer overflow (CVE-ID: CVE-2025-38538)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nbpf_probe() function in drivers/dma/nbpfaxi.c. A local user can escalate privileges on the system.
76) Input validation error (CVE-ID: CVE-2025-38540)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
77) NULL pointer dereference (CVE-ID: CVE-2025-38541)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7925_thermal_init() function in drivers/net/wireless/mediatek/mt76/mt7925/init.c. A local user can perform a denial of service (DoS) attack.
78) Improper error handling (CVE-ID: CVE-2025-38543)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvdec_load_falcon_firmware() function in drivers/gpu/drm/tegra/nvdec.c. A local user can perform a denial of service (DoS) attack.
79) Reachable assertion (CVE-ID: CVE-2025-38544)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rxrpc_service_prealloc_one() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
80) Memory leak (CVE-ID: CVE-2025-38546)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
81) Input validation error (CVE-ID: CVE-2025-38548)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_BITMAP(), send_usb_cmd() and ccp_raw_event() functions in drivers/hwmon/corsair-cpro.c. A local user can perform a denial of service (DoS) attack.
82) Input validation error (CVE-ID: CVE-2025-38550)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mld_del_delrec() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2025-38553)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
84) Use-after-free (CVE-ID: CVE-2025-38555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the composite_os_desc_req_prepare() function in drivers/usb/gadget/composite.c. A local user can escalate privileges on the system.
85) Out-of-bounds read (CVE-ID: CVE-2025-38556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
86) Input validation error (CVE-ID: CVE-2025-38560)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the early_set_pages_state() function in arch/x86/kernel/sev.c, within the setup_cpuid_table() and pvalidate_pages() functions in arch/x86/kernel/sev-shared.c, within the get_cpuflags() function in arch/x86/boot/cpuflags.c, within the __page_state_change() function in arch/x86/boot/compressed/sev.c. A local user can perform a denial of service (DoS) attack.
87) Memory leak (CVE-ID: CVE-2025-38563)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
88) Memory leak (CVE-ID: CVE-2025-38565)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() and vm_flags_set() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
89) Resource management error (CVE-ID: CVE-2025-38566)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
90) Out-of-bounds read (CVE-ID: CVE-2025-38568)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mqprio_parse_opt() function in net/sched/sch_mqprio.c. A local user can perform a denial of service (DoS) attack.
91) Incorrect calculation (CVE-ID: CVE-2025-38571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the xs_alloc_sparse_pages(), xs_sock_process_cmsg(), xs_sock_recvmsg() and xs_read_discard() functions in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
92) Integer overflow (CVE-ID: CVE-2025-38572)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
93) Use of uninitialized resource (CVE-ID: CVE-2025-38574)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the pptp_xmit() function in drivers/net/ppp/pptp.c. A local user can perform a denial of service (DoS) attack.
94) Infinite loop (CVE-ID: CVE-2025-38576)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the eeh_bridge_check_link() function in arch/powerpc/kernel/eeh_pe.c, within the eeh_pe_report_edev(), eeh_pe_report(), eeh_dev_restore_state(), eeh_reset_device(), eeh_handle_normal_event(), eeh_pe_state_clear(), eeh_clear_slot_attention() and eeh_handle_special_event() functions in arch/powerpc/kernel/eeh_driver.c. A local user can perform a denial of service (DoS) attack.
95) NULL pointer dereference (CVE-ID: CVE-2025-38581)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ccp5_debugfs_setup() function in drivers/crypto/ccp/ccp-debugfs.c. A local user can perform a denial of service (DoS) attack.
96) Buffer overflow (CVE-ID: CVE-2025-38582)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hns_roce_setup_hca() and hns_roce_init() functions in drivers/infiniband/hw/hns/hns_roce_main.c, within the hns_roce_v2_init() and __hns_roce_hw_v2_init_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
97) NULL pointer dereference (CVE-ID: CVE-2025-38583)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xvcu_unregister_clock_provider() function in drivers/clk/xilinx/xlnx_vcu.c. A local user can perform a denial of service (DoS) attack.
98) Use-after-free (CVE-ID: CVE-2025-38584)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), padata_find_next(), padata_do_serial(), padata_alloc_pd() and padata_free_shell() functions in kernel/padata.c. A local user can escalate privileges on the system.
99) Buffer overflow (CVE-ID: CVE-2025-38585)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the gmin_get_config_var() function in drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c. A local user can escalate privileges on the system.
100) Infinite loop (CVE-ID: CVE-2025-38587)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fib6_info_uses_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
101) Infinite loop (CVE-ID: CVE-2025-38588)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rt6_nh_nlmsg_size() function in net/ipv6/route.c, within the WRITE_ONCE() and fib6_del_route() functions in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
102) NULL pointer dereference (CVE-ID: CVE-2025-38590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_ipsec_offload_handle_rx_skb() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c. A local user can perform a denial of service (DoS) attack.
103) Resource management error (CVE-ID: CVE-2025-38591)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_skb_is_valid_access(), sock_addr_is_valid_access(), sock_ops_is_valid_access(), sk_msg_is_valid_access() and sk_lookup_is_valid_access() functions in net/core/filter.c, within the cg_sockopt_is_valid_access() function in kernel/bpf/cgroup.c. A local user can perform a denial of service (DoS) attack.
104) NULL pointer dereference (CVE-ID: CVE-2025-38593)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/bluetooth/hci_core.h. A local user can perform a denial of service (DoS) attack.
105) Use-after-free (CVE-ID: CVE-2025-38595)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dmabuf_exp_from_pages() function in drivers/xen/gntdev-dmabuf.c. A local user can escalate privileges on the system.
106) NULL pointer dereference (CVE-ID: CVE-2025-38597)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vop2_create_crtcs() function in drivers/gpu/drm/rockchip/rockchip_drm_vop2.c. A local user can perform a denial of service (DoS) attack.
107) Improper locking (CVE-ID: CVE-2025-38601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in drivers/net/wireless/ath/ath11k/hal.c. A local user can perform a denial of service (DoS) attack.
108) NULL pointer dereference (CVE-ID: CVE-2025-38602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
109) NULL pointer dereference (CVE-ID: CVE-2025-38604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl8187_stop() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can perform a denial of service (DoS) attack.
110) NULL pointer dereference (CVE-ID: CVE-2025-38605)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the u32_encode_bits() function in drivers/net/wireless/ath/ath12k/dp_tx.c. A local user can perform a denial of service (DoS) attack.
111) Use of uninitialized resource (CVE-ID: CVE-2025-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
112) NULL pointer dereference (CVE-ID: CVE-2025-38609)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devfreq_remove_governor() function in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
113) NULL pointer dereference (CVE-ID: CVE-2025-38610)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_pd_power_uw() function in drivers/powercap/dtpm_cpu.c. A local user can perform a denial of service (DoS) attack.
114) Memory leak (CVE-ID: CVE-2025-38612)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fbtft_framebuffer_alloc() function in drivers/staging/fbtft/fbtft-core.c. A local user can perform a denial of service (DoS) attack.
115) Infinite loop (CVE-ID: CVE-2025-38614)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ep_poll() and ep_loop_check_proc() functions in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
116) Out-of-bounds read (CVE-ID: CVE-2025-38616)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tls_rx_rec_wait() function in net/tls/tls_sw.c, within the tls_strp_load_anchor_with_queue() and tls_strp_msg_load() functions in net/tls/tls_strp.c. A local user can perform a denial of service (DoS) attack.
117) Improper locking (CVE-ID: CVE-2025-38617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the packet_set_ring() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
118) Use-after-free (CVE-ID: CVE-2025-38618)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
119) NULL pointer dereference (CVE-ID: CVE-2025-38621)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rdev_is_spare() and rdev_addable() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
120) Improper error handling (CVE-ID: CVE-2025-38622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/net/udp.h. A local user can perform a denial of service (DoS) attack.
121) Improper error handling (CVE-ID: CVE-2025-38623)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pnv_php_set_attention_state(), pnv_php_enable() and pnv_php_enable_msix() functions in drivers/pci/hotplug/pnv_php.c, within the pci_hp_add_devices() function in arch/powerpc/kernel/pci-hotplug.c. A local user can perform a denial of service (DoS) attack.
122) Memory leak (CVE-ID: CVE-2025-38624)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
123) Improper locking (CVE-ID: CVE-2025-38628)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_vdpa_free() and mlx5_vdpa_dev_add() functions in drivers/vdpa/mlx5/net/mlx5_vnet.c, within the mlx5_vdpa_destroy_mr_resources() function in drivers/vdpa/mlx5/core/mr.c. A local user can perform a denial of service (DoS) attack.
124) NULL pointer dereference (CVE-ID: CVE-2025-38630)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imxfb_probe() function in drivers/video/fbdev/imxfb.c. A local user can perform a denial of service (DoS) attack.
125) NULL pointer dereference (CVE-ID: CVE-2025-38632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pin_free() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
126) NULL pointer dereference (CVE-ID: CVE-2025-38634)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpcap_usb_detect() function in drivers/power/supply/cpcap-charger.c. A local user can perform a denial of service (DoS) attack.
127) NULL pointer dereference (CVE-ID: CVE-2025-38635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the davinci_lpsc_clk_register() function in drivers/clk/davinci/psc.c. A local user can perform a denial of service (DoS) attack.
128) Out-of-bounds read (CVE-ID: CVE-2025-38639)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfacct_mt_checkentry() function in net/netfilter/xt_nfacct.c. A local user can perform a denial of service (DoS) attack.
129) Improper locking (CVE-ID: CVE-2025-38640)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_hook_run_bpf() function in net/netfilter/nf_bpf_link.c. A local user can perform a denial of service (DoS) attack.
130) Improper locking (CVE-ID: CVE-2025-38643)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cfg80211_check_and_end_cac() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
131) Use of uninitialized resource (CVE-ID: CVE-2025-38644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.
132) NULL pointer dereference (CVE-ID: CVE-2025-38645)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_init_once() function in drivers/net/ethernet/mellanox/mlx5/core/main.c, within the mlx5_dm_create() and kfree() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c, within the handle_alloc_dm_memic() function in drivers/infiniband/hw/mlx5/dm.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2025-38646)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_core_cancel_6ghz_probe_tx() function in drivers/net/wireless/realtek/rtw89/core.c. A local user can perform a denial of service (DoS) attack.
134) Improper locking (CVE-ID: CVE-2025-38650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_free_extents() function in fs/hfsplus/extents.c. A local user can perform a denial of service (DoS) attack.
135) Use-after-free (CVE-ID: CVE-2025-38656)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iwl_op_mode_dvm_start() function in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can escalate privileges on the system.
136) Use-after-free (CVE-ID: CVE-2025-38659)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the signal_our_withdraw() function in fs/gfs2/util.c. A local user can escalate privileges on the system.
137) Input validation error (CVE-ID: CVE-2025-38660)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_longname() function in fs/ceph/crypto.c. A local user can perform a denial of service (DoS) attack.
138) Input validation error (CVE-ID: CVE-2025-38663)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nilfs_read_inode() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
139) NULL pointer dereference (CVE-ID: CVE-2025-38664)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_copy_and_init_pkg() function in drivers/net/ethernet/intel/ice/ice_ddp.c. A local user can perform a denial of service (DoS) attack.
140) NULL pointer dereference (CVE-ID: CVE-2025-38665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_changelink() function in drivers/net/can/dev/netlink.c, within the can_change_state(), can_restart() and can_restart_now() functions in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
141) NULL pointer dereference (CVE-ID: CVE-2025-38668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the regulator_remove_coupling() function in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
142) Improper error handling (CVE-ID: CVE-2025-38670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_END(), SYM_FUNC_START() and NOKPROBE() functions in arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
143) Infinite loop (CVE-ID: CVE-2025-38671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the qup_i2c_bus_active() function in drivers/i2c/busses/i2c-qup.c. A local user can perform a denial of service (DoS) attack.
144) Buffer overflow (CVE-ID: CVE-2025-38676)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_ivrs_acpihid() function in drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
145) Resource management error (CVE-ID: CVE-2025-38678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_updchain() and nft_flowtable_update() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
146) Memory leak (CVE-ID: CVE-2025-38679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_seq_changed() function in drivers/media/platform/qcom/venus/hfi_msgs.c. A local user can perform a denial of service (DoS) attack.
147) NULL pointer dereference (CVE-ID: CVE-2025-38684)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
148) Input validation error (CVE-ID: CVE-2025-38701)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_create_inline_data(), ext4_update_inline_data() and ext4_inline_data_truncate() functions in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
149) Improper locking (CVE-ID: CVE-2025-38703)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xe_hw_fence_irq_finish() function in drivers/gpu/drm/xe/xe_hw_fence.c, within the __guc_exec_queue_fini_async() and guc_exec_queue_init() functions in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
150) NULL pointer dereference (CVE-ID: CVE-2025-38705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_set_pp_power_profile_mode() and parse_input_od_command_lines() functions in drivers/gpu/drm/amd/pm/amdgpu_pm.c. A local user can perform a denial of service (DoS) attack.
151) Buffer overflow (CVE-ID: CVE-2025-38709)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the loop_set_dio(), loop_set_block_size(), lo_simple_ioctl() and lo_ioctl() functions in drivers/block/loop.c. A local user can escalate privileges on the system.
152) Input validation error (CVE-ID: CVE-2025-38710)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gfs2_dinode_in() function in fs/gfs2/glops.c, within the dir_make_exhash() function in fs/gfs2/dir.c. A local user can perform a denial of service (DoS) attack.
153) Memory leak (CVE-ID: CVE-2025-38721)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ctnetlink_done(), ctnetlink_get_id(), NFNL_MSG_TYPE() and local_bh_enable() functions in net/netfilter/nf_conntrack_netlink.c. A local user can perform a denial of service (DoS) attack.
154) Use-after-free (CVE-ID: CVE-2025-38722)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hl_release_dmabuf() and export_dmabuf() functions in drivers/accel/habanalabs/common/memory.c. A local user can escalate privileges on the system.
155) Improper locking (CVE-ID: CVE-2025-38730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_bundle_nbufs(), io_sendmsg(), io_net_kbuf_recyle(), io_send_zc() and io_sendmsg_zc() functions in io_uring/net.c. A local user can perform a denial of service (DoS) attack.
156) Memory leak (CVE-ID: CVE-2025-38732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nf_send_reset6() and nf_send_unreach6() functions in net/ipv6/netfilter/nf_reject_ipv6.c, within the nf_send_reset() and nf_send_unreach() functions in net/ipv4/netfilter/nf_reject_ipv4.c. A local user can perform a denial of service (DoS) attack.
157) Integer underflow (CVE-ID: CVE-2025-39677)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_load_priomap() and fq_change() functions in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can execute arbitrary code.
158) NULL pointer dereference (CVE-ID: CVE-2025-39678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hsmp_metric_tbl_read() function in drivers/platform/x86/amd/hsmp/hsmp.c. A local user can perform a denial of service (DoS) attack.
159) Use of uninitialized resource (CVE-ID: CVE-2025-39681)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the bsp_init_hygon() function in arch/x86/kernel/cpu/hygon.c. A local user can perform a denial of service (DoS) attack.
160) Memory leak (CVE-ID: CVE-2025-39682)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the decrypt_skb() and tls_sw_recvmsg() functions in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
161) Use-after-free (CVE-ID: CVE-2025-39691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __end_buffer_read_notouch() function in fs/buffer.c. A local user can escalate privileges on the system.
162) Improper resource shutdown or release (CVE-ID: CVE-2025-39695)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the rxe_qp_init_req() function in drivers/infiniband/sw/rxe/rxe_qp.c, within the rxe_prepare(), rxe_send(), rxe_loopback() and rxe_init_packet() functions in drivers/infiniband/sw/rxe/rxe_net.c. A local user can perform a denial of service (DoS) attack.
163) Input validation error (CVE-ID: CVE-2025-39703)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hsr_handle_frame() function in net/hsr/hsr_slave.c. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2025-39705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_destruct() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
165) NULL pointer dereference (CVE-ID: CVE-2025-39707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the capabilities_show() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.
166) Use-after-free (CVE-ID: CVE-2025-39711)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mei_csi_remove() function in drivers/media/pci/intel/ivsc/mei_csi.c, within the mei_ace_remove() function in drivers/media/pci/intel/ivsc/mei_ace.c. A local user can escalate privileges on the system.
167) Buffer overflow (CVE-ID: CVE-2025-39718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtio_transport_rx_work() function in net/vmw_vsock/virtio_transport.c. A local user can perform a denial of service (DoS) attack.
168) Infinite loop (CVE-ID: CVE-2025-39738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the create_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
169) Improper locking (CVE-ID: CVE-2025-39744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/rcu/tree_plugin.h. A local user can perform a denial of service (DoS) attack.
170) Input validation error (CVE-ID: CVE-2025-39746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath10k_wmi_cmd_send() function in drivers/net/wireless/ath/ath10k/wmi.c. A local user can perform a denial of service (DoS) attack.
171) NULL pointer dereference (CVE-ID: CVE-2025-39747)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_ioctl_gem_info_set_metadata() function in drivers/gpu/drm/msm/msm_drv.c. A local user can perform a denial of service (DoS) attack.
172) Improper locking (CVE-ID: CVE-2025-39749)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/rcu/tree_plugin.h. A local user can perform a denial of service (DoS) attack.
173) Improper locking (CVE-ID: CVE-2025-39754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smaps_hugetlb_range() function in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
174) Memory leak (CVE-ID: CVE-2025-39764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ctnetlink_expect_event(), ctnetlink_exp_dump_table(), ctnetlink_exp_ct_dump_table(), ctnetlink_dump_exp_ct() and ctnetlink_get_expect() functions in net/netfilter/nf_conntrack_netlink.c. A local user can perform a denial of service (DoS) attack.
175) Resource management error (CVE-ID: CVE-2025-39766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cake_enqueue() function in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
176) Improper locking (CVE-ID: CVE-2025-39770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gso_features_check() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
177) Improper locking (CVE-ID: CVE-2025-39773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/bridge/br_private.h. A local user can perform a denial of service (DoS) attack.
178) Improper locking (CVE-ID: CVE-2025-39782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the jbd2_log_do_checkpoint() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
179) Incorrect calculation (CVE-ID: CVE-2025-39787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qcom_mdt_get_size(), qcom_mdt_read_metadata() and __qcom_mdt_load() functions in drivers/soc/qcom/mdt_loader.c. A local user can perform a denial of service (DoS) attack.
180) Improper error handling (CVE-ID: CVE-2025-39797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the xfrm_state_lookup_byspi() and xfrm_alloc_spi() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
181) Input validation error (CVE-ID: CVE-2025-39807)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mtk_plane_atomic_disable() function in drivers/gpu/drm/mediatek/mtk_plane.c. A local user can perform a denial of service (DoS) attack.
182) Input validation error (CVE-ID: CVE-2025-39811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xe_vm_create_scratch() function in drivers/gpu/drm/xe/xe_vm.c. A local user can perform a denial of service (DoS) attack.
183) Infinite loop (CVE-ID: CVE-2025-39816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the io_kbuf_inc_commit(), io_ring_buffer_select() and io_ring_buffers_peek() functions in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.
184) Input validation error (CVE-ID: CVE-2025-39823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_sched_yield() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
185) Race condition (CVE-ID: CVE-2025-39825)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the cifs_rename2() function in fs/smb/client/inode.c. A local user can escalate privileges on the system.
186) Memory leak (CVE-ID: CVE-2025-39830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hws_pool_buddy_init() function in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/pool.c. A local user can perform a denial of service (DoS) attack.
187) Memory leak (CVE-ID: CVE-2025-39834)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hws_action_get_shared_stc_nic() function in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/action.c. A local user can perform a denial of service (DoS) attack.
188) Memory leak (CVE-ID: CVE-2025-39835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xfs_da_read_buf() function in fs/xfs/libxfs/xfs_da_btree.c. A local user can perform a denial of service (DoS) attack.
189) NULL pointer dereference (CVE-ID: CVE-2025-39838)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cifs_strndup_to_utf16() function in fs/smb/client/cifs_unicode.c. A local user can perform a denial of service (DoS) attack.
190) NULL pointer dereference (CVE-ID: CVE-2025-39842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_clear_inode() function in fs/ocfs2/inode.c. A local user can perform a denial of service (DoS) attack.
191) NULL pointer dereference (CVE-ID: CVE-2025-39857)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_ib_is_sg_need_sync() function in net/smc/smc_ib.c. A local user can perform a denial of service (DoS) attack.
192) NULL pointer dereference (CVE-ID: CVE-2025-39865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
193) Improper locking (CVE-ID: CVE-2025-39885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_extent_map_get_blocks(), ocfs2_fiemap_inline() and ocfs2_fiemap() functions in fs/ocfs2/extent_map.c. A local user can perform a denial of service (DoS) attack.
194) Memory leak (CVE-ID: CVE-2025-39890)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_service_ready_ext_event() function in drivers/net/wireless/ath/ath12k/wmi.c. A local user can perform a denial of service (DoS) attack.
195) Out-of-bounds read (CVE-ID: CVE-2025-39922)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ixgbe_get_eee_fw() function in drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c. A local user can perform a denial of service (DoS) attack.
196) Input validation error (CVE-ID: CVE-2025-40300)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vcpu_enter_guest() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.