SB2025112128 - Ubuntu update for linux
Published: November 21, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 200 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-36331)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper management of cache coherency by the CPU. A local user with hypervisor access can overwrite SEV-SNP guest memory, resulting in loss of data integrity.
2) Out-of-bounds read (CVE-ID: CVE-2025-40157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the i10nm_check_ecc() and i10nm_get_dimm_config() functions in drivers/edac/i10nm_base.c. A local user can perform a denial of service (DoS) attack.
3) Resource management error (CVE-ID: CVE-2025-39818)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the thc_i2c_subip_regs_save() and thc_i2c_subip_regs_restore() functions in drivers/hid/intel-thc-hid/intel-thc/intel-thc-dev.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2025-39809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/hid/intel-thc-hid/intel-quicki2c/quicki2c-dev.h. A local user can perform a denial of service (DoS) attack.
5) Improper locking (CVE-ID: CVE-2025-39734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_file_mmap() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.
6) Resource management error (CVE-ID: CVE-2025-39732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_mac_op_set_bitrate_mask() function in drivers/net/wireless/ath/ath11k/mac.c. A local user can perform a denial of service (DoS) attack.
7) Improper error handling (CVE-ID: CVE-2025-39731)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_read_end_io() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2025-39730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_fh_to_dentry() function in fs/nfs/export.c. A local user can perform a denial of service (DoS) attack.
9) Buffer overflow (CVE-ID: CVE-2025-39727)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the setup_clusters() function in mm/swapfile.c. A local user can escalate privileges on the system.
10) Buffer overflow (CVE-ID: CVE-2025-39726)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ism_cmd() and ism_probe() functions in drivers/s390/net/ism_drv.c. A local user can perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2025-39725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_hwpoison_page() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
12) Resource management error (CVE-ID: CVE-2025-38678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_updchain() and nft_flowtable_update() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
13) Improper locking (CVE-ID: CVE-2025-38675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xfrm_state_find() function in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
14) Infinite loop (CVE-ID: CVE-2025-38671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the qup_i2c_bus_active() function in drivers/i2c/busses/i2c-qup.c. A local user can perform a denial of service (DoS) attack.
15) Improper error handling (CVE-ID: CVE-2025-38670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_END(), SYM_FUNC_START() and NOKPROBE() functions in arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2025-38668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the regulator_remove_coupling() function in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2025-38666)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_RWLOCK(), __aarp_expire(), aarp_purge() and aarp_proxy_probe_network() functions in net/appletalk/aarp.c. A local user can escalate privileges on the system.
18) NULL pointer dereference (CVE-ID: CVE-2025-38665)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_changelink() function in drivers/net/can/dev/netlink.c, within the can_change_state(), can_restart() and can_restart_now() functions in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2025-38664)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_copy_and_init_pkg() function in drivers/net/ethernet/intel/ice/ice_ddp.c. A local user can perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2025-38663)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nilfs_read_inode() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
21) Out-of-bounds read (CVE-ID: CVE-2025-38662)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mt8365_dai_i2s_set_priv() function in sound/soc/mediatek/mt8365/mt8365-dai-i2s.c. A local user can perform a denial of service (DoS) attack.
22) Input validation error (CVE-ID: CVE-2025-38660)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_longname() function in fs/ceph/crypto.c. A local user can perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2025-38659)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the signal_our_withdraw() function in fs/gfs2/util.c. A local user can escalate privileges on the system.
24) NULL pointer dereference (CVE-ID: CVE-2025-38655)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the k230_pinctrl_parse_groups() and k230_pinctrl_probe() functions in drivers/pinctrl/pinctrl-k230.c. A local user can perform a denial of service (DoS) attack.
25) Use of uninitialized resource (CVE-ID: CVE-2025-38654)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the k230_pinctrl_probe() function in drivers/pinctrl/pinctrl-k230.c. A local user can perform a denial of service (DoS) attack.
26) Use-after-free (CVE-ID: CVE-2025-38653)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_reg_open() function in fs/proc/inode.c, within the pde_set_flags() function in fs/proc/generic.c. A local user can escalate privileges on the system.
27) Out-of-bounds read (CVE-ID: CVE-2025-38652)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
28) Improper locking (CVE-ID: CVE-2025-38650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_free_extents() function in fs/hfsplus/extents.c. A local user can perform a denial of service (DoS) attack.
29) Stack-based buffer overflow (CVE-ID: CVE-2025-38649)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the arch/arm64/boot/dts/qcom/qcs615.dtsi. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2025-38648)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_spi_probe() function in drivers/spi/spi-stm32.c. A local user can perform a denial of service (DoS) attack.
31) NULL pointer dereference (CVE-ID: CVE-2025-38646)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_core_cancel_6ghz_probe_tx() function in drivers/net/wireless/realtek/rtw89/core.c. A local user can perform a denial of service (DoS) attack.
32) NULL pointer dereference (CVE-ID: CVE-2025-38645)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_init_once() function in drivers/net/ethernet/mellanox/mlx5/core/main.c, within the mlx5_dm_create() and kfree() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c, within the handle_alloc_dm_memic() function in drivers/infiniband/hw/mlx5/dm.c. A local user can perform a denial of service (DoS) attack.
33) Use of uninitialized resource (CVE-ID: CVE-2025-38644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.
34) Improper locking (CVE-ID: CVE-2025-38643)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cfg80211_check_and_end_cac() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
35) Resource management error (CVE-ID: CVE-2025-38642)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_link_info_change_notify() function in net/mac80211/main.c. A local user can perform a denial of service (DoS) attack.
36) Improper locking (CVE-ID: CVE-2025-38640)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_hook_run_bpf() function in net/netfilter/nf_bpf_link.c. A local user can perform a denial of service (DoS) attack.
37) Out-of-bounds read (CVE-ID: CVE-2025-38639)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfacct_mt_checkentry() function in net/netfilter/xt_nfacct.c. A local user can perform a denial of service (DoS) attack.
38) NULL pointer dereference (CVE-ID: CVE-2025-38635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the davinci_lpsc_clk_register() function in drivers/clk/davinci/psc.c. A local user can perform a denial of service (DoS) attack.
39) NULL pointer dereference (CVE-ID: CVE-2025-38634)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpcap_usb_detect() function in drivers/power/supply/cpcap-charger.c. A local user can perform a denial of service (DoS) attack.
40) NULL pointer dereference (CVE-ID: CVE-2025-38632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pin_free() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
41) Resource management error (CVE-ID: CVE-2025-38631)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx95_bc_probe() and clk_hw_unregister() functions in drivers/clk/imx/clk-imx95-blk-ctl.c. A local user can perform a denial of service (DoS) attack.
42) NULL pointer dereference (CVE-ID: CVE-2025-38630)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imxfb_probe() function in drivers/video/fbdev/imxfb.c. A local user can perform a denial of service (DoS) attack.
43) NULL pointer dereference (CVE-ID: CVE-2025-38629)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scarlett2_input_select_ctl_info() function in sound/usb/mixer_scarlett2.c. A local user can perform a denial of service (DoS) attack.
44) Improper locking (CVE-ID: CVE-2025-38628)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_vdpa_free() and mlx5_vdpa_dev_add() functions in drivers/vdpa/mlx5/net/mlx5_vnet.c, within the mlx5_vdpa_destroy_mr_resources() function in drivers/vdpa/mlx5/core/mr.c. A local user can perform a denial of service (DoS) attack.
45) Improper error handling (CVE-ID: CVE-2025-38626)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_map_blocks() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
46) Resource management error (CVE-ID: CVE-2025-38625)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pds_vfio_ops_info() function in drivers/vfio/pci/pds/vfio_dev.c. A local user can perform a denial of service (DoS) attack.
47) Memory leak (CVE-ID: CVE-2025-38624)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
48) Improper error handling (CVE-ID: CVE-2025-38623)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pnv_php_set_attention_state(), pnv_php_enable() and pnv_php_enable_msix() functions in drivers/pci/hotplug/pnv_php.c, within the pci_hp_add_devices() function in arch/powerpc/kernel/pci-hotplug.c. A local user can perform a denial of service (DoS) attack.
49) Improper error handling (CVE-ID: CVE-2025-38622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/net/udp.h. A local user can perform a denial of service (DoS) attack.
50) Improper locking (CVE-ID: CVE-2025-38619)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ti_csi2rx_dma_callback() function in drivers/media/platform/ti/j721e-csi2rx/j721e-csi2rx.c. A local user can perform a denial of service (DoS) attack.
51) Out-of-bounds read (CVE-ID: CVE-2025-38616)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tls_rx_rec_wait() function in net/tls/tls_sw.c, within the tls_strp_load_anchor_with_queue() and tls_strp_msg_load() functions in net/tls/tls_strp.c. A local user can perform a denial of service (DoS) attack.
52) Input validation error (CVE-ID: CVE-2025-38615)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_rename() function in fs/ntfs3/namei.c, within the ni_add_name() and ni_rename() functions in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.
53) Memory leak (CVE-ID: CVE-2025-38612)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fbtft_framebuffer_alloc() function in drivers/staging/fbtft/fbtft-core.c. A local user can perform a denial of service (DoS) attack.
54) NULL pointer dereference (CVE-ID: CVE-2025-38610)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_pd_power_uw() function in drivers/powercap/dtpm_cpu.c. A local user can perform a denial of service (DoS) attack.
55) NULL pointer dereference (CVE-ID: CVE-2025-38609)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devfreq_remove_governor() function in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
56) Use of uninitialized resource (CVE-ID: CVE-2025-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
57) NULL pointer dereference (CVE-ID: CVE-2025-38606)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath12k_p2p_noa_update_vdev_iter() function in drivers/net/wireless/ath/ath12k/p2p.c, within the ath12k_get_arvif_iter(), ath12k_mac_handle_beacon_iter(), ath12k_mac_handle_beacon_miss_iter(), ath12k_mac_change_chanctx_cnt_iter() and ath12k_mac_change_chanctx_fill_iter() functions in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.
58) NULL pointer dereference (CVE-ID: CVE-2025-38605)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the u32_encode_bits() function in drivers/net/wireless/ath/ath12k/dp_tx.c. A local user can perform a denial of service (DoS) attack.
59) NULL pointer dereference (CVE-ID: CVE-2025-38604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl8187_stop() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can perform a denial of service (DoS) attack.
60) NULL pointer dereference (CVE-ID: CVE-2025-38602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
61) Improper locking (CVE-ID: CVE-2025-38601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in drivers/net/wireless/ath/ath11k/hal.c. A local user can perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2025-38595)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dmabuf_exp_from_pages() function in drivers/xen/gntdev-dmabuf.c. A local user can escalate privileges on the system.
63) NULL pointer dereference (CVE-ID: CVE-2025-38593)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/bluetooth/hci_core.h. A local user can perform a denial of service (DoS) attack.
64) NULL pointer dereference (CVE-ID: CVE-2025-38590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_ipsec_offload_handle_rx_skb() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c. A local user can perform a denial of service (DoS) attack.
65) NULL pointer dereference (CVE-ID: CVE-2025-38589)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pneigh_queue_purge(), neigh_flush_dev() and __neigh_ifdown() functions in net/core/neighbour.c. A local user can perform a denial of service (DoS) attack.
66) Infinite loop (CVE-ID: CVE-2025-38588)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rt6_nh_nlmsg_size() function in net/ipv6/route.c, within the WRITE_ONCE() and fib6_del_route() functions in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
67) Infinite loop (CVE-ID: CVE-2025-38587)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fib6_info_uses_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
68) Buffer overflow (CVE-ID: CVE-2025-38586)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the push_callee_regs() function in arch/arm64/net/bpf_jit_comp.c. A local user can escalate privileges on the system.
69) Buffer overflow (CVE-ID: CVE-2025-38585)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the gmin_get_config_var() function in drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c. A local user can escalate privileges on the system.
70) Use-after-free (CVE-ID: CVE-2025-38584)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), padata_find_next(), padata_do_serial(), padata_alloc_pd() and padata_free_shell() functions in kernel/padata.c. A local user can escalate privileges on the system.
71) NULL pointer dereference (CVE-ID: CVE-2025-38583)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xvcu_unregister_clock_provider() function in drivers/clk/xilinx/xlnx_vcu.c. A local user can perform a denial of service (DoS) attack.
72) Buffer overflow (CVE-ID: CVE-2025-38582)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hns_roce_setup_hca() and hns_roce_init() functions in drivers/infiniband/hw/hns/hns_roce_main.c, within the hns_roce_v2_init() and __hns_roce_hw_v2_init_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
73) NULL pointer dereference (CVE-ID: CVE-2025-38581)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ccp5_debugfs_setup() function in drivers/crypto/ccp/ccp-debugfs.c. A local user can perform a denial of service (DoS) attack.
74) Use of uninitialized resource (CVE-ID: CVE-2025-38579)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the f2fs_init_read_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
75) Use-after-free (CVE-ID: CVE-2025-38578)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/f2fs/inode.c. A local user can escalate privileges on the system.
76) Use-after-free (CVE-ID: CVE-2025-38577)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_update_inode_page() function in fs/f2fs/inode.c. A local user can escalate privileges on the system.
77) Infinite loop (CVE-ID: CVE-2025-38576)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the eeh_bridge_check_link() function in arch/powerpc/kernel/eeh_pe.c, within the eeh_pe_report_edev(), eeh_pe_report(), eeh_dev_restore_state(), eeh_reset_device(), eeh_handle_normal_event(), eeh_pe_state_clear(), eeh_clear_slot_attention() and eeh_handle_special_event() functions in arch/powerpc/kernel/eeh_driver.c. A local user can perform a denial of service (DoS) attack.
78) Use of uninitialized resource (CVE-ID: CVE-2025-38574)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the pptp_xmit() function in drivers/net/ppp/pptp.c. A local user can perform a denial of service (DoS) attack.
79) Incorrect calculation (CVE-ID: CVE-2025-38573)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the cs42l43_create_bridge_amp() function in drivers/spi/spi-cs42l43.c. A local user can perform a denial of service (DoS) attack.
80) Integer overflow (CVE-ID: CVE-2025-38572)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
81) Incorrect calculation (CVE-ID: CVE-2025-38571)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the xs_alloc_sparse_pages(), xs_sock_process_cmsg(), xs_sock_recvmsg() and xs_read_discard() functions in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
82) Use-after-free (CVE-ID: CVE-2025-38570)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __fbnic_open() and fbnic_time_stop() functions in drivers/net/ethernet/meta/fbnic/fbnic_netdev.c. A local user can escalate privileges on the system.
83) Improper locking (CVE-ID: CVE-2025-38569)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the be_cmd_set_mac_list() function in drivers/net/ethernet/emulex/benet/be_cmds.c. A local user can perform a denial of service (DoS) attack.
84) Out-of-bounds read (CVE-ID: CVE-2025-38568)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mqprio_parse_opt() function in net/sched/sch_mqprio.c. A local user can perform a denial of service (DoS) attack.
85) Memory leak (CVE-ID: CVE-2025-38567)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfsd_open_local_fh() function in fs/nfsd/localio.c. A local user can perform a denial of service (DoS) attack.
86) Resource management error (CVE-ID: CVE-2025-38566)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
87) Memory leak (CVE-ID: CVE-2025-38565)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() and vm_flags_set() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
88) Memory leak (CVE-ID: CVE-2025-38563)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
89) NULL pointer dereference (CVE-ID: CVE-2025-38562)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A remote user can perform a denial of service (DoS) attack.
90) Race condition (CVE-ID: CVE-2025-38561)
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to a race condition within the smb2_sess_setup() function in fs/smb/server/smb2pdu.c when handling the Preauth_HashValue field. A remote user can execute arbitrary code in the context of the kernel.
91) Input validation error (CVE-ID: CVE-2025-38560)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the early_set_pages_state() function in arch/x86/kernel/sev.c, within the setup_cpuid_table() and pvalidate_pages() functions in arch/x86/kernel/sev-shared.c, within the get_cpuflags() function in arch/x86/boot/cpuflags.c, within the __page_state_change() function in arch/x86/boot/compressed/sev.c. A local user can perform a denial of service (DoS) attack.
92) NULL pointer dereference (CVE-ID: CVE-2025-38559)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_pmt_read() and intel_pmt_populate_entry() functions in drivers/platform/x86/intel/pmt/class.c. A local user can perform a denial of service (DoS) attack.
93) NULL pointer dereference (CVE-ID: CVE-2025-38558)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uvcg_framebased_make() function in drivers/usb/gadget/function/uvc_configfs.c. A local user can perform a denial of service (DoS) attack.
94) NULL pointer dereference (CVE-ID: CVE-2025-38557)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_magic_backlight_init() function in drivers/hid/hid-apple.c. A local user can perform a denial of service (DoS) attack.
95) Out-of-bounds read (CVE-ID: CVE-2025-38556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
96) Use-after-free (CVE-ID: CVE-2025-38555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the composite_os_desc_req_prepare() function in drivers/usb/gadget/composite.c. A local user can escalate privileges on the system.
97) Improper locking (CVE-ID: CVE-2025-38553)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
98) Improper locking (CVE-ID: CVE-2025-38552)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the subflow_sched_work_if_closed() and mptcp_subflow_fail() functions in net/mptcp/subflow.c, within the mptcp_data_ready(), __mptcp_finish_join(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the mptcp_pm_mp_fail_received() function in net/mptcp/pm.c. A local user can perform a denial of service (DoS) attack.
99) Improper locking (CVE-ID: CVE-2025-38551)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtnet_probe() function in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
100) Input validation error (CVE-ID: CVE-2025-38550)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mld_del_delrec() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
101) Memory leak (CVE-ID: CVE-2025-38549)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the efivarfs_reconfigure() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
102) Input validation error (CVE-ID: CVE-2025-38548)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_BITMAP(), send_usb_cmd() and ccp_raw_event() functions in drivers/hwmon/corsair-cpro.c. A local user can perform a denial of service (DoS) attack.
103) Resource management error (CVE-ID: CVE-2025-38547)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/iio/adc/axp20x_adc.c. A local user can perform a denial of service (DoS) attack.
104) Memory leak (CVE-ID: CVE-2025-38546)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
105) Buffer overflow (CVE-ID: CVE-2025-38545)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the am65_cpsw_build_skb() and am65_cpsw_nuss_rx_packets() functions in drivers/net/ethernet/ti/am65-cpsw-nuss.c. A local user can perform a denial of service (DoS) attack.
106) Reachable assertion (CVE-ID: CVE-2025-38544)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rxrpc_service_prealloc_one() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
107) Improper error handling (CVE-ID: CVE-2025-38543)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvdec_load_falcon_firmware() function in drivers/gpu/drm/tegra/nvdec.c. A local user can perform a denial of service (DoS) attack.
108) Memory leak (CVE-ID: CVE-2025-38542)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atrtr_create() function in net/appletalk/ddp.c. A local user can perform a denial of service (DoS) attack.
109) Input validation error (CVE-ID: CVE-2025-38540)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
110) Improper locking (CVE-ID: CVE-2025-38539)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __register_event() and __trace_add_event_dirs() functions in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
111) Buffer overflow (CVE-ID: CVE-2025-38538)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nbpf_probe() function in drivers/dma/nbpfaxi.c. A local user can escalate privileges on the system.
112) Improper locking (CVE-ID: CVE-2025-38537)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the phy_probe() and phy_remove() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
113) Resource management error (CVE-ID: CVE-2025-38535)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tegra186_xusb_padctl_vbus_override(), tegra186_xusb_padctl_id_override() and tegra186_utmi_phy_set_mode() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can perform a denial of service (DoS) attack.
114) Improper locking (CVE-ID: CVE-2025-38534)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netfs_pgpriv2_begin_copy_to_cache() function in fs/netfs/read_pgpriv2.c. A local user can perform a denial of service (DoS) attack.
115) Use-after-free (CVE-ID: CVE-2025-38533)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wx_alloc_mapped_page() and wx_alloc_rx_buffers() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can escalate privileges on the system.
116) Improper locking (CVE-ID: CVE-2025-38532)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wx_alloc_rx_buffers() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c, within the wx_configure_rx_ring() function in drivers/net/ethernet/wangxun/libwx/wx_hw.c. A local user can perform a denial of service (DoS) attack.
117) Use of uninitialized resource (CVE-ID: CVE-2025-38531)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the st_sensors_allocate_trigger() function in drivers/iio/common/st_sensors/st_sensors_trigger.c, within the st_sensors_set_fullscale(), st_sensors_power_enable(), EXPORT_SYMBOL_NS(), st_sensors_set_drdy_int_pin() and st_sensors_init_sensor() functions in drivers/iio/common/st_sensors/st_sensors_core.c, within the apply_acpi_orientation() function in drivers/iio/accel/st_accel_core.c. A local user can perform a denial of service (DoS) attack.
118) Out-of-bounds read (CVE-ID: CVE-2025-38530)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl812_attach() function in drivers/comedi/drivers/pcl812.c. A local user can perform a denial of service (DoS) attack.
119) Out-of-bounds read (CVE-ID: CVE-2025-38529)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aio_iiro_16_attach() function in drivers/comedi/drivers/aio_iiro_16.c. A local user can perform a denial of service (DoS) attack.
120) Resource management error (CVE-ID: CVE-2025-38528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_bprintf_prepare() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
121) Use-after-free (CVE-ID: CVE-2025-38527)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.
122) NULL pointer dereference (CVE-ID: CVE-2025-38526)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_lag_is_switchdev_running() function in drivers/net/ethernet/intel/ice/ice_lag.c. A local user can perform a denial of service (DoS) attack.
123) Resource management error (CVE-ID: CVE-2025-38525)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rxrpc_lookup_peer_rcu(), rxrpc_init_peer() and rxrpc_create_peer() functions in net/rxrpc/peer_object.c, within the rxrpc_new_incoming_call() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
124) Improper locking (CVE-ID: CVE-2025-38524)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_see_call() and release_sock() functions in net/rxrpc/recvmsg.c, within the rxrpc_discard_prealloc() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
125) Resource management error (CVE-ID: CVE-2025-38521)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pvr_power_reset() function in drivers/gpu/drm/imagination/pvr_power.c. A local user can perform a denial of service (DoS) attack.
126) Memory leak (CVE-ID: CVE-2025-38520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svm_range_split_head(), svm_range_split_by_granularity(), svm_range_add_list_work(), schedule_deferred_list_work(), svm_range_unmap_split(), svm_range_unmap_from_cpu() and svm_range_cpu_invalidate_pagetables() functions in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
127) NULL pointer dereference (CVE-ID: CVE-2025-38517)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the alloc_tag_top_users() function in lib/alloc_tag.c. A local user can perform a denial of service (DoS) attack.
128) Input validation error (CVE-ID: CVE-2025-38516)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msm_gpio_needs_dual_edge_parent_workaround() and msm_gpio_init() functions in drivers/pinctrl/qcom/pinctrl-msm.c. A local user can perform a denial of service (DoS) attack.
129) Improper locking (CVE-ID: CVE-2025-38515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/drm/spsc_queue.h. A local user can perform a denial of service (DoS) attack.
130) Improper error handling (CVE-ID: CVE-2025-38514)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rxrpc_alloc_incoming_call() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
131) NULL pointer dereference (CVE-ID: CVE-2025-38513)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
132) Input validation error (CVE-ID: CVE-2025-38512)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
133) Reachable assertion (CVE-ID: CVE-2025-38511)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the lmtt_pt_alloc(), lmtt_pt_free() and lmtt_write_pte() functions in drivers/gpu/drm/xe/xe_lmtt.c. A local user can perform a denial of service (DoS) attack.
134) Improper locking (CVE-ID: CVE-2025-38510)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_task_stack_addr() and print_address_description() functions in mm/kasan/report.c. A local user can perform a denial of service (DoS) attack.
135) Input validation error (CVE-ID: CVE-2025-38509)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sta_link_apply_parameters() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.
136) Improper locking (CVE-ID: CVE-2025-38508)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_PER_CPU() and securetsc_get_tsc_khz() functions in arch/x86/coco/sev/core.c. A local user can perform a denial of service (DoS) attack.
137) Improper locking (CVE-ID: CVE-2025-38507)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nintendo_hid_remove() and nintendo_init() functions in drivers/hid/hid-nintendo.c. A local user can perform a denial of service (DoS) attack.
138) Improper locking (CVE-ID: CVE-2025-38506)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_vm_set_mem_attributes() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
139) Improper locking (CVE-ID: CVE-2025-38505)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mwifiex_process_mgmt_packet() function in drivers/net/wireless/marvell/mwifiex/util.c. A local user can perform a denial of service (DoS) attack.
140) Reachable assertion (CVE-ID: CVE-2025-38503)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
141) Input validation error (CVE-ID: CVE-2025-38501)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the alloc_transport() and ksmbd_kthread_fn() functions in fs/smb/server/transport_tcp.c. A remote attacker can perform a denial of service (DoS) attack.
142) Out-of-bounds read (CVE-ID: CVE-2025-38497)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the webusb_landingPage_store() and os_desc_qw_sign_store() functions in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
143) Improper locking (CVE-ID: CVE-2025-38496)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __evict_many() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
144) Incorrect calculation (CVE-ID: CVE-2025-38495)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
145) Buffer overflow (CVE-ID: CVE-2025-38494)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __hid_request() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
146) Out-of-bounds read (CVE-ID: CVE-2025-38493)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __timerlat_dump_stack() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
147) Race condition (CVE-ID: CVE-2025-38492)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the netfs_pgpriv2_begin_copy_to_cache() and netfs_pgpriv2_end_copy_to_cache() functions in fs/netfs/read_pgpriv2.c. A local user can escalate privileges on the system.
148) Input validation error (CVE-ID: CVE-2025-38491)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
149) Double free (CVE-ID: CVE-2025-38490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the wx_dma_sync_frag(), wx_put_rx_buffer() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
150) NULL pointer dereference (CVE-ID: CVE-2025-38489)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_jit_plt() function in arch/s390/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
151) Use-after-free (CVE-ID: CVE-2025-38488)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the crypt_message() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
152) NULL pointer dereference (CVE-ID: CVE-2025-38487)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() and aspeed_lpc_disable_snoop() functions in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
153) Use-after-free (CVE-ID: CVE-2025-38485)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fxls8962af_buffer_predisable() function in drivers/iio/accel/fxls8962af-core.c. A local user can escalate privileges on the system.
154) Out-of-bounds read (CVE-ID: CVE-2025-38484)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iio_backend_debugfs_write_reg() function in drivers/iio/industrialio-backend.c. A local user can perform a denial of service (DoS) attack.
155) Out-of-bounds read (CVE-ID: CVE-2025-38483)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das16m1_attach() function in drivers/comedi/drivers/das16m1.c. A local user can perform a denial of service (DoS) attack.
156) Out-of-bounds read (CVE-ID: CVE-2025-38482)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das6402_attach() function in drivers/comedi/drivers/das6402.c. A local user can perform a denial of service (DoS) attack.
157) Resource management error (CVE-ID: CVE-2025-38481)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_insnlist_len(), comedi_unlocked_ioctl() and compat_insnlist() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
158) Use of uninitialized resource (CVE-ID: CVE-2025-38480)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the insn_rw_emulate_bits() function in drivers/comedi/drivers.c. A local user can perform a denial of service (DoS) attack.
159) Use of uninitialized resource (CVE-ID: CVE-2025-38478)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_insnlist_ioctl() and do_insn_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
160) Use-after-free (CVE-ID: CVE-2025-38476)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpl_do_srh_inline() function in net/ipv6/rpl_iptunnel.c. A local user can escalate privileges on the system.
161) Use-after-free (CVE-ID: CVE-2025-38475)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() and smc_destruct() functions in net/smc/af_smc.c. A local user can escalate privileges on the system.
162) Input validation error (CVE-ID: CVE-2025-38474)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sierra_net_bind() function in drivers/net/usb/sierra_net.c. A local user can perform a denial of service (DoS) attack.
163) Use-after-free (CVE-ID: CVE-2025-38473)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_resume_cb() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
164) Use-after-free (CVE-ID: CVE-2025-38472)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_ct_resolve_clash_harder(), __nf_conntrack_confirm() and __nf_conntrack_insert_prepare() functions in net/netfilter/nf_conntrack_core.c. A local user can escalate privileges on the system.
165) Use-after-free (CVE-ID: CVE-2025-38471)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_strp_read_sock() function in net/tls/tls_strp.c. A local user can escalate privileges on the system.
166) Memory leak (CVE-ID: CVE-2025-38470)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __vlan_device_event() and vlan_device_event() functions in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
167) Resource management error (CVE-ID: CVE-2025-38469)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_xen_schedop_poll() function in arch/x86/kvm/xen.c. A local user can perform a denial of service (DoS) attack.
168) NULL pointer dereference (CVE-ID: CVE-2025-38468)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the htb_lookup_leaf() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
169) NULL pointer dereference (CVE-ID: CVE-2025-38467)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the decon_irq_handler() function in drivers/gpu/drm/exynos/exynos7_drm_decon.c. A local user can perform a denial of service (DoS) attack.
170) Buffer overflow (CVE-ID: CVE-2025-38466)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the perf_uprobe_event_init() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
171) Buffer overflow (CVE-ID: CVE-2025-38465)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netlink_skb_set_owner_r(), netlink_alloc_large_skb(), netlink_unicast_kernel(), EXPORT_SYMBOL_GPL() and netlink_dump() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
172) Use-after-free (CVE-ID: CVE-2025-38464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_topsrv_stop() function in net/tipc/topsrv.c. A local user can escalate privileges on the system.
173) Buffer overflow (CVE-ID: CVE-2025-38463)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the net/ipv4/tcp.c. A local user can escalate privileges on the system.
174) NULL pointer dereference (CVE-ID: CVE-2025-38462)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vsock_assign_transport() and vsock_dev_do_ioctl() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
175) Improper locking (CVE-ID: CVE-2025-38461)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL() and vsock_assign_transport() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
176) NULL pointer dereference (CVE-ID: CVE-2025-38460)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the DEFINE_MUTEX(), to_atmarpd(), atmarpd_close() and atm_init_atmarp() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
177) Improper locking (CVE-ID: CVE-2025-38459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clip_mkip() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
178) NULL pointer dereference (CVE-ID: CVE-2025-38458)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atmarpd_close() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
179) Improper error handling (CVE-ID: CVE-2025-38457)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qdisc_leaf(), tc_get_qdisc() and NL_SET_ERR_MSG() functions in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
180) Buffer overflow (CVE-ID: CVE-2025-38456)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ipmi_create_user() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
181) Input validation error (CVE-ID: CVE-2025-38455)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sev_check_source_vcpus() function in arch/x86/kvm/svm/sev.c. A local user can perform a denial of service (DoS) attack.
182) NULL pointer dereference (CVE-ID: CVE-2025-38454)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_card_ad1816a_pnp() function in sound/isa/ad1816a/ad1816a.c. A local user can perform a denial of service (DoS) attack.
183) Buffer overflow (CVE-ID: CVE-2025-38453)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_msg_tw_complete() and io_msg_remote_post() functions in io_uring/msg_ring.c. A local user can perform a denial of service (DoS) attack.
184) NULL pointer dereference (CVE-ID: CVE-2025-38452)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtsn_probe() function in drivers/net/ethernet/renesas/rtsn.c. A local user can perform a denial of service (DoS) attack.
185) Buffer overflow (CVE-ID: CVE-2025-38451)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the md_bitmap_get_stats() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
186) NULL pointer dereference (CVE-ID: CVE-2025-38450)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7925_sta_set_decap_offload() function in drivers/net/wireless/mediatek/mt76/mt7925/main.c. A local user can perform a denial of service (DoS) attack.
187) Improper locking (CVE-ID: CVE-2025-38449)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_gem_fb_destroy() and drm_gem_fb_init_with_funcs() functions in drivers/gpu/drm/drm_gem_framebuffer_helper.c, within the drm_gem_private_object_fini(), drm_gem_object_exported_dma_buf_free(), drm_gem_object_handle_put_unlocked() and drm_gem_handle_create_tail() functions in drivers/gpu/drm/drm_gem.c. A local user can perform a denial of service (DoS) attack.
188) Improper locking (CVE-ID: CVE-2025-38448)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __acquires() and gs_start_io() functions in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
189) Out-of-bounds read (CVE-ID: CVE-2025-38446)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/clk/imx/clk-imx95-blk-ctl.c. A local user can perform a denial of service (DoS) attack.
190) Use-after-free (CVE-ID: CVE-2025-38445)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_reshape() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
191) Memory leak (CVE-ID: CVE-2025-38444)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid10_read_request() and raid10_write_request() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
192) Use-after-free (CVE-ID: CVE-2025-38443)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_start_device() and set_bit() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
193) Use of uninitialized resource (CVE-ID: CVE-2025-38441)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the include/net/netfilter/nf_flow_table.h. A local user can perform a denial of service (DoS) attack.
194) NULL pointer dereference (CVE-ID: CVE-2025-38440)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_dim_rx_change() and mlx5e_dim_tx_change() functions in drivers/net/ethernet/mellanox/mlx5/core/en_dim.c. A local user can perform a denial of service (DoS) attack.
195) Resource management error (CVE-ID: CVE-2025-38439)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
196) Memory leak (CVE-ID: CVE-2025-38438)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_tplg_quirk_mask() and hda_machine_select() functions in sound/soc/sof/intel/hda.c. A local user can perform a denial of service (DoS) attack.
197) Use-after-free (CVE-ID: CVE-2025-38437)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb20_oplock_break_ack() and smb21_lease_break_ack() functions in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
198) Input validation error (CVE-ID: CVE-2025-38351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_hv_vcpu_flush_tlb() function in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.
199) Use-after-free (CVE-ID: CVE-2025-38349)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ep_remove() and ep_clear_and_put() functions in fs/eventpoll.c. A local user can escalate privileges on the system.
200) Improper locking (CVE-ID: CVE-2025-38335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gpio_keys_irq_isr() and gpio_keys_setup_key() functions in drivers/input/keyboard/gpio_keys.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.