SB2025111180 - SUSE update for the Linux Kernel
Published: November 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 180 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2022-3564)
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.
2) Memory leak (CVE-ID: CVE-2022-3619)
The vulnerability allows an attacker to perform a DoS attack.
The vulnerability exists due memory leak within the l2cap_recv_acldata() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to device can force the system to leak memory and perform denial of service attack.
3) Use-after-free (CVE-ID: CVE-2022-3640)
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error in the 2cap_conn_del() function in net/bluetooth/l2cap_core.c in Linux kernel. An attacker with physical proximity to device can trigger a use-after-free error and execute arbitrary code on the system.
4) Buffer overflow (CVE-ID: CVE-2022-49762)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_attr_find() function in fs/ntfs/attrib.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2022-49763)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ntfs_read_inode_mount() function in fs/ntfs/inode.c. A local user can escalate privileges on the system.
6) Out-of-bounds read (CVE-ID: CVE-2022-49769)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gfs2_check_sb() function in fs/gfs2/ops_fstype.c. A local user can perform a denial of service (DoS) attack.
7) Use-after-free (CVE-ID: CVE-2022-49770)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ceph_update_snap_trace() function in fs/ceph/snap.c. A local user can escalate privileges on the system.
8) Buffer overflow (CVE-ID: CVE-2022-49771)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the list_version_get_needed() and list_versions() functions in drivers/md/dm-ioctl.c. A local user can escalate privileges on the system.
9) Buffer overflow (CVE-ID: CVE-2022-49772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the snd_usbmidi_output_open() function in sound/usb/midi.c. A local user can perform a denial of service (DoS) attack.
10) Resource management error (CVE-ID: CVE-2022-49773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/gpu/drm/amd/display/dc/dcn314/dcn314_optc.c. A local user can perform a denial of service (DoS) attack.
11) Buffer overflow (CVE-ID: CVE-2022-49775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tcp_cdg_init() and tcp_cdg_release() functions in net/ipv4/tcp_cdg.c. A local user can perform a denial of service (DoS) attack.
12) Buffer overflow (CVE-ID: CVE-2022-49776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the macvlan_common_setup() function in drivers/net/macvlan.c. A local user can perform a denial of service (DoS) attack.
13) Memory leak (CVE-ID: CVE-2022-49777)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the i8042_probe() and i8042_remove() functions in drivers/input/serio/i8042.c. A local user can perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2022-49779)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __unregister_kprobe_top() function in kernel/kprobes.c. A local user can escalate privileges on the system.
15) NULL pointer dereference (CVE-ID: CVE-2022-49781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_pmu_handle_irq() function in arch/x86/events/amd/core.c. A local user can perform a denial of service (DoS) attack.
16) Resource management error (CVE-ID: CVE-2022-49783)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fpu_clone() function in arch/x86/kernel/fpu/core.c. A local user can perform a denial of service (DoS) attack.
17) Memory leak (CVE-ID: CVE-2022-49784)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uncore_clean_online() function in arch/x86/events/amd/uncore.c. A local user can perform a denial of service (DoS) attack.
18) Memory leak (CVE-ID: CVE-2022-49786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the blkcg_css_online() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
19) Memory leak (CVE-ID: CVE-2022-49787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amd_probe() function in drivers/mmc/host/sdhci-pci-core.c. A local user can perform a denial of service (DoS) attack.
20) Memory leak (CVE-ID: CVE-2022-49788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qp_notify_peer_local() and qp_notify_peer() functions in drivers/misc/vmw_vmci/vmci_queue_pair.c. A local user can perform a denial of service (DoS) attack.
21) Use-after-free (CVE-ID: CVE-2022-49789)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zfcp_fsf_req_send() function in drivers/s390/scsi/zfcp_fsf.c. A local user can escalate privileges on the system.
22) Buffer overflow (CVE-ID: CVE-2022-49790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iforce_init_device() function in drivers/input/joystick/iforce/iforce-main.c. A local user can perform a denial of service (DoS) attack.
23) Out-of-bounds read (CVE-ID: CVE-2022-49792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sctp_transport_free() function in net/sctp/transport.c, within the sctp_writeable(), sctp_sendmsg_to_asoc(), sctp_sock_rfree() and sctp_wait_for_sndbuf() functions in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.
24) Memory leak (CVE-ID: CVE-2022-49793)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_sysfs_trigger_remove() function in drivers/iio/trigger/iio-trig-sysfs.c. A local user can perform a denial of service (DoS) attack.
25) Memory leak (CVE-ID: CVE-2022-49794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at91_adc_allocate_trigger() function in drivers/iio/adc/at91_adc.c. A local user can perform a denial of service (DoS) attack.
26) Memory leak (CVE-ID: CVE-2022-49795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rethook_alloc() function in kernel/trace/rethook.c. A local user can perform a denial of service (DoS) attack.
27) NULL pointer dereference (CVE-ID: CVE-2022-49796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the test_gen_kprobe_cmd() and test_gen_kretprobe_cmd() functions in kernel/trace/kprobe_event_gen_test.c. A local user can perform a denial of service (DoS) attack.
28) NULL pointer dereference (CVE-ID: CVE-2022-49797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_event_file_is_valid() and kprobe_event_gen_test_init() functions in kernel/trace/kprobe_event_gen_test.c. A local user can perform a denial of service (DoS) attack.
29) Resource management error (CVE-ID: CVE-2022-49799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the register_synth_event() function in kernel/trace/trace_events_synth.c. A local user can perform a denial of service (DoS) attack.
30) Memory leak (CVE-ID: CVE-2022-49800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the test_gen_synth_cmd() and test_empty_synth_event() functions in kernel/trace/synth_event_gen_test.c. A local user can perform a denial of service (DoS) attack.
31) Memory leak (CVE-ID: CVE-2022-49801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tracing_release_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
32) Improper Initialization (CVE-ID: CVE-2022-49802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the ftrace_add_mod() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
33) Memory leak (CVE-ID: CVE-2022-49807)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_auth_set_key() function in drivers/nvme/target/auth.c. A local user can perform a denial of service (DoS) attack.
34) Memory leak (CVE-ID: CVE-2022-49809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the x25_lapb_receive_frame() function in net/x25/x25_dev.c. A local user can perform a denial of service (DoS) attack.
35) Improper locking (CVE-ID: CVE-2022-49810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netfs_rreq_unmark_after_write() function in fs/netfs/io.c, within the netfs_rreq_unlock_folios() function in fs/netfs/buffered_read.c. A local user can perform a denial of service (DoS) attack.
36) Memory leak (CVE-ID: CVE-2022-49812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __br_vlan_set_proto() and ntohs() functions in net/bridge/br_vlan.c. A local user can perform a denial of service (DoS) attack.
37) Memory leak (CVE-ID: CVE-2022-49813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ena_init() function in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
38) Resource management error (CVE-ID: CVE-2022-49818)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mISDN_register_device() function in drivers/isdn/mISDN/core.c. A local user can perform a denial of service (DoS) attack.
39) Memory leak (CVE-ID: CVE-2022-49821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mISDN_dsp_element_register() and device_unregister() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
40) Memory leak (CVE-ID: CVE-2022-49822)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_mount() function in fs/cifs/connect.c. A local user can perform a denial of service (DoS) attack.
41) NULL pointer dereference (CVE-ID: CVE-2022-49823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_tdev_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.
42) NULL pointer dereference (CVE-ID: CVE-2022-49824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_tlink_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.
43) NULL pointer dereference (CVE-ID: CVE-2022-49825)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_tport_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.
44) NULL pointer dereference (CVE-ID: CVE-2022-49826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_tport_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.
45) NULL pointer dereference (CVE-ID: CVE-2022-49827)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/gpu/drm/drm_internal.h. A local user can perform a denial of service (DoS) attack.
46) Memory leak (CVE-ID: CVE-2022-49830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drm_dev_init() function in drivers/gpu/drm/drm_drv.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2022-49832)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can perform a denial of service (DoS) attack.
48) Use-after-free (CVE-ID: CVE-2022-49834)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_remount() function in fs/nilfs2/super.c, within the nilfs_relax_pressure_in_lock(), nilfs_construct_segment(), nilfs_construct_dsync_segment() and nilfs_attach_log_writer() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
49) Memory leak (CVE-ID: CVE-2022-49835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the add_widget_node() function in sound/hda/hdac_sysfs.c. A local user can perform a denial of service (DoS) attack.
50) Memory leak (CVE-ID: CVE-2022-49836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the siox_device_add() function in drivers/siox/siox-core.c. A local user can perform a denial of service (DoS) attack.
51) Memory leak (CVE-ID: CVE-2022-49837)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __check_func_call() and prepare_func_exit() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
52) NULL pointer dereference (CVE-ID: CVE-2022-49839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sas_phy_add() function in drivers/scsi/scsi_transport_sas.c. A local user can perform a denial of service (DoS) attack.
53) Resource management error (CVE-ID: CVE-2022-49841)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.
54) Use-after-free (CVE-ID: CVE-2022-49842)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in sound/soc/soc-core.c. A local user can escalate privileges on the system.
55) Input validation error (CVE-ID: CVE-2022-49845)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the j1939_send_one() function in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.
56) Out-of-bounds read (CVE-ID: CVE-2022-49846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the udf_find_entry() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.
57) Improper locking (CVE-ID: CVE-2022-49850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_gfn_to_pfn_cache_unmap(), kvm_gfn_to_pfn_cache_init() and kvm_gfn_to_pfn_cache_destroy() functions in virt/kvm/pfncache.c, within the kvm_xen_shared_info_init(), kvm_xen_vcpu_set_attr(), kvm_xen_init_vcpu(), kvm_xen_destroy_vcpu() and kvm_xen_destroy_vm() functions in arch/x86/kvm/xen.c, within the kvm_write_system_time(), kvm_pv_enable_async_pf_int() and kvm_arch_vcpu_create() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
58) Memory leak (CVE-ID: CVE-2022-49853)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/net/macvlan.c. A local user can perform a denial of service (DoS) attack.
59) Memory leak (CVE-ID: CVE-2022-49858)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the otx2_tx_napi_handler() and otx2_sq_append_skb() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c, within the otx2_sq_init() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c. A local user can perform a denial of service (DoS) attack.
60) Memory leak (CVE-ID: CVE-2022-49860)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the k3_udma_glue_request_tx_chn(), k3_udma_glue_request_rx_chn_priv() and k3_udma_glue_request_remote_rx_chn() functions in drivers/dma/ti/k3-udma-glue.c. A local user can perform a denial of service (DoS) attack.
61) Memory leak (CVE-ID: CVE-2022-49861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mv_xor_v2_remove() function in drivers/dma/mv_xor_v2.c. A local user can perform a denial of service attack.
62) NULL pointer dereference (CVE-ID: CVE-2022-49863)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_rx_register() function in net/can/af_can.c. A local user can perform a denial of service (DoS) attack.
63) NULL pointer dereference (CVE-ID: CVE-2022-49864)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mutex_unlock() function in drivers/gpu/drm/amd/amdkfd/kfd_migrate.c. A local user can perform a denial of service (DoS) attack.
64) Use of uninitialized resource (CVE-ID: CVE-2022-49865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6addrlbl_putmsg() function in net/ipv6/addrlabel.c. A local user can perform a denial of service (DoS) attack.
65) Input validation error (CVE-ID: CVE-2022-49868)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt7621_pcie_phy_of_xlate() function in drivers/phy/ralink/phy-mt7621-pci.c. A local user can perform a denial of service (DoS) attack.
66) NULL pointer dereference (CVE-ID: CVE-2022-49869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bnxt_set_coalesce() function in drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c. A local user can perform a denial of service (DoS) attack.
67) Out-of-bounds read (CVE-ID: CVE-2022-49870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/uapi/linux/capability.h. A local user can perform a denial of service (DoS) attack.
68) Memory leak (CVE-ID: CVE-2022-49871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the local_bh_disable() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
69) Memory leak (CVE-ID: CVE-2022-49874)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mousevsc_probe() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
70) Improper error handling (CVE-ID: CVE-2022-49879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the make_indexed_dir() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
71) Infinite loop (CVE-ID: CVE-2022-49880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ext4_ext_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.
72) Memory leak (CVE-ID: CVE-2022-49881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the regdb_fw_cb() and query_regdb_file() functions in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
73) Integer overflow (CVE-ID: CVE-2022-49885)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ghes_unmap() function in drivers/acpi/apei/ghes.c. A local user can execute arbitrary code.
74) Buffer overflow (CVE-ID: CVE-2022-49886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the VE_GET_PORT_NUM() and tdx_parse_tdinfo() functions in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.
75) Memory leak (CVE-ID: CVE-2022-49887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vdec_probe() function in drivers/staging/media/meson/vdec/vdec.c. A local user can perform a denial of service attack.
76) Improper error handling (CVE-ID: CVE-2022-49888)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the cortex_a76_erratum_1463225_svc_handler() function in arch/arm64/kernel/entry-common.c. A local user can perform a denial of service (DoS) attack.
77) NULL pointer dereference (CVE-ID: CVE-2022-49889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ring_buffer_wake_waiters() function in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
78) Memory leak (CVE-ID: CVE-2022-49890)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cap_inode_getsecurity() function in security/commoncap.c. A local user can perform a denial of service (DoS) attack.
79) Memory leak (CVE-ID: CVE-2022-49891)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the test_gen_kprobe_cmd() and test_gen_kretprobe_cmd() functions in kernel/trace/kprobe_event_gen_test.c. A local user can perform a denial of service (DoS) attack.
80) Use-after-free (CVE-ID: CVE-2022-49892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_shutdown() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
81) Memory leak (CVE-ID: CVE-2022-49900)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the piix4_probe() function in drivers/i2c/busses/i2c-piix4.c. A local user can perform a denial of service (DoS) attack.
82) Memory leak (CVE-ID: CVE-2022-49901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the blk_mq_init_allocated_queue() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
83) Memory leak (CVE-ID: CVE-2022-49902)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bdi_unregister() function in block/genhd.c. A local user can perform a denial of service (DoS) attack.
84) Memory leak (CVE-ID: CVE-2022-49905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smc_init() and smc_pnet_exit() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
85) Memory leak (CVE-ID: CVE-2022-49906)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __ibmvnic_reset() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
86) Memory leak (CVE-ID: CVE-2022-49908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the l2cap_recv_acldata() function in net/bluetooth/l2cap_core.c. A local user can perform a denial of service (DoS) attack.
87) Use-after-free (CVE-ID: CVE-2022-49909)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_data_channel() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
88) Use-after-free (CVE-ID: CVE-2022-49910)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_rx_state_recv(), l2cap_rx() and l2cap_stream_rx() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
89) Memory leak (CVE-ID: CVE-2022-49915)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mISDN_register_device() function in drivers/isdn/mISDN/core.c. A local user can perform a denial of service (DoS) attack.
90) Use of uninitialized resource (CVE-ID: CVE-2022-49916)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the rose_transmit_clear_request() function in net/rose/rose_link.c. A local user can perform a denial of service (DoS) attack.
91) Resource management error (CVE-ID: CVE-2022-49917)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip_vs_app_net_init() function in net/netfilter/ipvs/ip_vs_app.c. A local user can perform a denial of service (DoS) attack.
92) Improper locking (CVE-ID: CVE-2022-49918)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip_vs_conn_net_init() function in net/netfilter/ipvs/ip_vs_conn.c. A local user can perform a denial of service (DoS) attack.
93) Use-after-free (CVE-ID: CVE-2022-49921)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the red_enqueue() function in net/sched/sch_red.c. A local user can escalate privileges on the system.
94) Memory leak (CVE-ID: CVE-2022-49922)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfcmrvl_i2c_nci_send() function in drivers/nfc/nfcmrvl/i2c.c. A local user can perform a denial of service (DoS) attack.
95) Memory leak (CVE-ID: CVE-2022-49923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nxp_nci_send() function in drivers/nfc/nxp-nci/core.c. A local user can perform a denial of service (DoS) attack.
96) Memory leak (CVE-ID: CVE-2022-49924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fdp_nci_close() function in drivers/nfc/fdp/fdp.c. A local user can perform a denial of service (DoS) attack.
97) Improper locking (CVE-ID: CVE-2022-49925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nldev_init() function in drivers/infiniband/core/nldev.c, within the ib_core_init() function in drivers/infiniband/core/device.c. A local user can perform a denial of service (DoS) attack.
98) Memory leak (CVE-ID: CVE-2022-49927)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs40_init_client() function in fs/nfs/nfs4client.c. A local user can perform a denial of service (DoS) attack.
99) NULL pointer dereference (CVE-ID: CVE-2022-49928)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rpc_sysfs_client_setup(), rpc_sysfs_xprt_switch_setup() and rpc_sysfs_xprt_setup() functions in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.
100) Memory leak (CVE-ID: CVE-2022-49929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the read_reply() function in drivers/infiniband/sw/rxe/rxe_resp.c. A local user can perform a denial of service (DoS) attack.
101) NULL pointer dereference (CVE-ID: CVE-2022-49931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sc_disable() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.
102) Use-after-free (CVE-ID: CVE-2023-1990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the ndlc_remove() function in drivers/nfc/st-nci/ndlc.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
103) Out-of-bounds read (CVE-ID: CVE-2023-28866)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in net/bluetooth/hci_sync.c in Linux kernel. An attacker with physical proximity to device can trigger an out-of-bounds read error and read contents of memory on the system.
104) Memory leak (CVE-ID: CVE-2023-53035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nilfs_ioctl_wrap_copy() function in fs/nilfs2/ioctl.c. A local user can perform a denial of service (DoS) attack.
105) Improper resource shutdown or release (CVE-ID: CVE-2023-53036)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the amdgpu_bo_release_notify() function in drivers/gpu/drm/amd/amdgpu/amdgpu_object.c. A local user can perform a denial of service (DoS) attack.
106) NULL pointer dereference (CVE-ID: CVE-2023-53038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_read_object() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_sli4_cgn_params_read() function in drivers/scsi/lpfc/lpfc_init.c. A local user can perform a denial of service (DoS) attack.
107) Double free (CVE-ID: CVE-2023-53039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the void recv_ipc() and ish_dev_init() functions in drivers/hid/intel-ish-hid/ipc/ipc.c. A local user can perform a denial of service (DoS) attack.
108) Buffer overflow (CVE-ID: CVE-2023-53040)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ca8210_skb_tx() function in drivers/net/ieee802154/ca8210.c. A local user can escalate privileges on the system.
109) Improper locking (CVE-ID: CVE-2023-53041)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
110) Integer underflow (CVE-ID: CVE-2023-53042)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the dcn30_prepare_bandwidth() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can execute arbitrary code.
111) NULL pointer dereference (CVE-ID: CVE-2023-53044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the alloc_dev() function in drivers/md/dm.c, within the dm_stat_in_flight() and dm_stats_init() functions in drivers/md/dm-stats.c. A local user can perform a denial of service (DoS) attack.
112) Improper locking (CVE-ID: CVE-2023-53045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the g_audio_cleanup() function in drivers/usb/gadget/function/u_audio.c. A local user can perform a denial of service (DoS) attack.
113) NULL pointer dereference (CVE-ID: CVE-2023-53049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_init() function in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
114) Improper locking (CVE-ID: CVE-2023-53052)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tconInfoAlloc() and tconInfoFree() functions in fs/cifs/misc.c, within the DECLARE_RWSEM(), dfs_cache_destroy(), dfs_cache_add_refsrv_session() and dfs_cache_remount_fs() functions in fs/cifs/dfs_cache.c, within the get_session(), get_dfs_conn(), __dfs_mount_share() and dfs_mount_share() functions in fs/cifs/dfs.c, within the cifs_mount() and cifs_umount() functions in fs/cifs/connect.c. A local user can perform a denial of service (DoS) attack.
115) Memory leak (CVE-ID: CVE-2023-53054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dwc2_get_dr_mode(), __dwc2_lowlevel_hw_enable() and __dwc2_lowlevel_hw_disable() functions in drivers/usb/dwc2/platform.c. A local user can perform a denial of service (DoS) attack.
116) NULL pointer dereference (CVE-ID: CVE-2023-53056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla2x00_get_sp_from_handle() and qla25xx_process_bidir_status_iocb() functions in drivers/scsi/qla2xxx/qla_isr.c. A local user can perform a denial of service (DoS) attack.
117) Out-of-bounds read (CVE-ID: CVE-2023-53057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the void recv_ipc() and ish_dev_init() functions in drivers/hid/intel-ish-hid/ipc/ipc.c. A local user can perform a denial of service (DoS) attack.
118) Improper error handling (CVE-ID: CVE-2023-53058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mlx5_esw_acl_ingress_vport_bond_update() function in drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c. A local user can perform a denial of service (DoS) attack.
119) Memory leak (CVE-ID: CVE-2023-53059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cros_ec_chardev_ioctl_xcmd() function in drivers/platform/chrome/cros_ec_chardev.c. A local user can perform a denial of service (DoS) attack.
120) Improper locking (CVE-ID: CVE-2023-53060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the igb_remove() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
121) Memory leak (CVE-ID: CVE-2023-53062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc95xx_rx_fixup() function in drivers/net/usb/smsc95xx.c. A local user can perform a denial of service (DoS) attack.
122) Resource management error (CVE-ID: CVE-2023-53064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iavf_remove() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
123) Out-of-bounds read (CVE-ID: CVE-2023-53065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the perf_event_bpf_output() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
124) NULL pointer dereference (CVE-ID: CVE-2023-53066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qed_iov_configure_min_tx_rate() and qed_iov_handle_trust_change() functions in drivers/net/ethernet/qlogic/qed/qed_sriov.c. A local user can perform a denial of service (DoS) attack.
125) Memory leak (CVE-ID: CVE-2023-53068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lan78xx_rx() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.
126) Improper locking (CVE-ID: CVE-2023-53070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the topology_get_acpi_cpu_tag() function in drivers/acpi/pptt.c. A local user can perform a denial of service (DoS) attack.
127) NULL pointer dereference (CVE-ID: CVE-2023-53071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt76_register_phy(), mt76_unregister_phy(), mt76_register_device() and mt76_unregister_device() functions in drivers/net/wireless/mediatek/mt76/mac80211.c. A local user can perform a denial of service (DoS) attack.
128) Improper error handling (CVE-ID: CVE-2023-53073)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amd_pmu_v2_handle_irq() function in arch/x86/events/amd/core.c. A local user can perform a denial of service (DoS) attack.
129) Improper locking (CVE-ID: CVE-2023-53074)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the psp_hdcp_initialize(), psp_dtm_initialize() and psp_rap_initialize() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.
130) Use-after-free (CVE-ID: CVE-2023-53075)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_rec() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
131) Out-of-bounds read (CVE-ID: CVE-2023-53077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the CalculateVMAndRowBytes() function in drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c. A local user can perform a denial of service (DoS) attack.
132) Memory leak (CVE-ID: CVE-2023-53078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the alua_activate() function in drivers/scsi/device_handler/scsi_dh_alua.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2023-53079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the esw_disable_vport() function in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can perform a denial of service (DoS) attack.
134) Buffer overflow (CVE-ID: CVE-2023-53081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ocfs2_write_end_nolock() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
135) Use-after-free (CVE-ID: CVE-2023-53082)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vp_vdpa_remove() function in drivers/vdpa/virtio_pci/vp_vdpa.c. A local user can escalate privileges on the system.
136) Use-after-free (CVE-ID: CVE-2023-53084)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can escalate privileges on the system.
137) Buffer overflow (CVE-ID: CVE-2023-53087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the replace_barrier() and i915_active_add_request() functions in drivers/gpu/drm/i915/i915_active.c. A local user can perform a denial of service (DoS) attack.
138) Infinite loop (CVE-ID: CVE-2023-53089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ext4_xattr_inode_iget() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
139) Use-after-free (CVE-ID: CVE-2023-53090)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_event_waiters() function in drivers/gpu/drm/amd/amdkfd/kfd_events.c. A local user can escalate privileges on the system.
140) NULL pointer dereference (CVE-ID: CVE-2023-53091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_load_journal() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
141) Memory leak (CVE-ID: CVE-2023-53092)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exynos_generic_icc_probe() function in drivers/interconnect/samsung/exynos.c. A local user can perform a denial of service (DoS) attack.
142) Resource management error (CVE-ID: CVE-2023-53093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __create_val_field() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
143) NULL pointer dereference (CVE-ID: CVE-2023-53095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ttm_device_swapout() function in drivers/gpu/drm/ttm/ttm_device.c. A local user can perform a denial of service (DoS) attack.
144) Memory leak (CVE-ID: CVE-2023-53096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the icc_node_destroy() function in drivers/interconnect/core.c. A local user can perform a denial of service (DoS) attack.
145) NULL pointer dereference (CVE-ID: CVE-2023-53098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gpio_ir_recv_probe() and MODULE_DEVICE_TABLE() functions in drivers/media/rc/gpio-ir-recv.c. A local user can perform a denial of service (DoS) attack.
146) Use-after-free (CVE-ID: CVE-2023-53099)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_feature_check_call() function in drivers/firmware/xilinx/zynqmp.c. A local user can escalate privileges on the system.
147) Resource management error (CVE-ID: CVE-2023-53100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
148) Resource management error (CVE-ID: CVE-2023-53101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the swap_inode_boot_loader() function in fs/ext4/ioctl.c. A local user can perform a denial of service (DoS) attack.
149) NULL pointer dereference (CVE-ID: CVE-2023-53102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_qp_dis() function in drivers/net/ethernet/intel/ice/ice_xsk.c. A local user can perform a denial of service (DoS) attack.
150) NULL pointer dereference (CVE-ID: CVE-2023-53105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tc_esw_cleanup() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can perform a denial of service (DoS) attack.
151) Use-after-free (CVE-ID: CVE-2023-53106)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() function in drivers/nfc/st-nci/ndlc.c. A local user can escalate privileges on the system.
152) Improper locking (CVE-ID: CVE-2023-53108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/iucv/iucv.c. A local user can perform a denial of service (DoS) attack.
153) Improper locking (CVE-ID: CVE-2023-53109)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the LL_RESERVED_SPACE() function in net/ipv6/ip6_tunnel.c, within the ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can perform a denial of service (DoS) attack.
154) Use-after-free (CVE-ID: CVE-2023-53111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the loop_queue_rq() function in drivers/block/loop.c. A local user can escalate privileges on the system.
155) Out-of-bounds read (CVE-ID: CVE-2023-53112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/i915/gt/intel_sseu.h. A local user can perform a denial of service (DoS) attack.
156) NULL pointer dereference (CVE-ID: CVE-2023-53114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_init_recovery_mode() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
157) Use-after-free (CVE-ID: CVE-2023-53116)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __nvmet_req_complete() function in drivers/nvme/target/core.c. A local user can escalate privileges on the system.
158) Incorrect calculation (CVE-ID: CVE-2023-53118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.
159) NULL pointer dereference (CVE-ID: CVE-2023-53119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pn533_usb_send_frame() function in drivers/nfc/pn533/usb.c. A local user can perform a denial of service (DoS) attack.
160) Use-after-free (CVE-ID: CVE-2023-53123)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_bus_resource_n() function in drivers/pci/bus.c, within the zpci_bus_prepare_device() function in arch/s390/pci/pci_bus.c, within the __alloc_res() and zpci_setup_bus_resources() functions in arch/s390/pci/pci.c. A local user can escalate privileges on the system.
161) NULL pointer dereference (CVE-ID: CVE-2023-53124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mpt3sas_transport_port_add() function in drivers/scsi/mpt3sas/mpt3sas_transport.c. A local user can perform a denial of service (DoS) attack.
162) Memory leak (CVE-ID: CVE-2023-53125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_rx_fixup() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
163) Memory leak (CVE-ID: CVE-2023-53128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mpi3mr_free_mem() function in drivers/scsi/mpi3mr/mpi3mr_fw.c. A local user can perform a denial of service (DoS) attack.
164) Memory leak (CVE-ID: CVE-2023-53131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svc_start_kthreads() and svc_stop_kthreads() functions in net/sunrpc/svc.c. A local user can perform a denial of service (DoS) attack.
165) Buffer overflow (CVE-ID: CVE-2023-53134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bnxt_alloc_ring(), bnxt_free_tpa_info() and bnxt_alloc_tpa_info() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
166) Improper locking (CVE-ID: CVE-2023-53137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_rename() and ext4_journal_stop() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
167) Out-of-bounds read (CVE-ID: CVE-2023-53139)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fdp_nci_i2c_read_device_properties() and dev_dbg() functions in drivers/nfc/fdp/i2c.c. A local user can perform a denial of service (DoS) attack.
168) Memory leak (CVE-ID: CVE-2023-53140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scsi_remove_host() and scsi_host_dev_release() functions in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.
169) Buffer overflow (CVE-ID: CVE-2023-53142)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ice_get_module_eeprom() function in drivers/net/ethernet/intel/ice/ice_ethtool.c. A local user can escalate privileges on the system.
170) Input validation error (CVE-ID: CVE-2023-53143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_getfsmap_datadev() function in fs/ext4/fsmap.c. A local user can perform a denial of service (DoS) attack.
171) Use-after-free (CVE-ID: CVE-2023-53145)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btsdio_remove() function in drivers/bluetooth/btsdio.c. A local user can escalate privileges on the system.
172) Use-after-free (CVE-ID: CVE-2024-26804)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.
173) Resource management error (CVE-ID: CVE-2024-28956)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to an error in the hardware support for prediction-domain isolation dubbed "Indirect Target Selection". A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests.
174) Use-after-free (CVE-ID: CVE-2024-53168)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.
175) Use-after-free (CVE-ID: CVE-2024-56558)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the e_show() function in fs/nfsd/export.c. A local user can escalate privileges on the system.
176) Use-after-free (CVE-ID: CVE-2025-21999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
177) Resource management error (CVE-ID: CVE-2025-22056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_tunnel_obj_geneve_init() and nft_tunnel_opts_dump() functions in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
178) NULL pointer dereference (CVE-ID: CVE-2025-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subflow_hmac_valid() and subflow_syn_recv_sock() functions in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
179) Use-after-free (CVE-ID: CVE-2025-37785)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_check_dir_entry() function in fs/ext4/dir.c. A local user can escalate privileges on the system.
180) Input validation error (CVE-ID: CVE-2025-37789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.