SB2026020972 - Debian update for linux
Published: February 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 252 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2024-58096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_dp_rx_mon_dest_process(), ath11k_dp_full_mon_process_rx() and ath11k_hal_srng_access_end() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
2) Infinite loop (CVE-ID: CVE-2024-58097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ath11k_dp_rx_mon_mpdu_pop() and ath11k_dp_rx_full_mon_mpdu_pop() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
3) Improper locking (CVE-ID: CVE-2025-22111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_write_iter(), brioctl_set(), br_ioctl_call(), sock_ioctl() and compat_sock_ioctl_trans() functions in net/socket.c, within the dev_ifsioc() and dev_ioctl() functions in net/core/dev_ioctl.c, within the old_deviceless() and br_ioctl_stub() functions in net/bridge/br_ioctl.c. A local user can perform a denial of service (DoS) attack.
4) Improper locking (CVE-ID: CVE-2025-38234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the find_lowest_rq() and find_lock_lowest_rq() functions in kernel/sched/rt.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2025-38248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_port_ctx_init() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
6) Resource management error (CVE-ID: CVE-2025-38591)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_skb_is_valid_access(), sock_addr_is_valid_access(), sock_ops_is_valid_access(), sk_msg_is_valid_access() and sk_lookup_is_valid_access() functions in net/core/filter.c, within the cg_sockopt_is_valid_access() function in kernel/bpf/cgroup.c. A local user can perform a denial of service (DoS) attack.
7) Use-after-free (CVE-ID: CVE-2025-39872)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hsr_get_port_ndev() function in net/hsr/hsr_device.c. A local user can escalate privileges on the system.
8) Use-after-free (CVE-ID: CVE-2025-40149)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_device_queue_ctx_destruction() function in net/tls/tls_device.c. A local user can escalate privileges on the system.
9) Resource management error (CVE-ID: CVE-2025-40164)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbnet_resume_rx() function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2025-40170)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sk_clone_lock(), sk_dst_gso_max_size() and sk_setup_caps() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
11) Memory leak (CVE-ID: CVE-2025-40276)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the panthor_gem_create_with_handle() function in drivers/gpu/drm/panthor/panthor_gem.c. A local user can perform a denial of service (DoS) attack.
12) Resource management error (CVE-ID: CVE-2025-40325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the raid10_handle_discard() function in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
13) Resource management error (CVE-ID: CVE-2025-68206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_ct_helper_obj_eval() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2025-68333)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_sched_ext_class() function in kernel/sched/ext.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2025-68345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cs35l41_hda_read_acpi() function in sound/hda/codecs/side-codecs/cs35l41_hda.c. A local user can perform a denial of service (DoS) attack.
16) Memory leak (CVE-ID: CVE-2025-68351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2025-68357)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __iomap_dio_rw() function in fs/iomap/direct-io.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2025-68358)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/btrfs/space-info.h. A local user can perform a denial of service (DoS) attack.
19) Use of uninitialized resource (CVE-ID: CVE-2025-68365)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ntfs_create_inode(), ntfs_link_inode() and ntfs_unlink_inode() functions in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
20) Infinite loop (CVE-ID: CVE-2025-68725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
21) Use-after-free (CVE-ID: CVE-2025-68749)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ivpu_gem_bo_free() function in drivers/accel/ivpu/ivpu_gem.c. A local user can escalate privileges on the system.
22) Improper privilege management (CVE-ID: CVE-2025-68767)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the hfsplus_get_perms() and hfsplus_cat_read_inode() functions in fs/hfsplus/inode.c. A local user can read and manipulate data.
23) Improper error handling (CVE-ID: CVE-2025-68769)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_fill_super() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
24) Resource management error (CVE-ID: CVE-2025-68770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_rx_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
25) Improper error handling (CVE-ID: CVE-2025-68771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_claim_suballoc_bits() function in fs/ocfs2/suballoc.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2025-68772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_alloc_inode() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
27) Buffer overflow (CVE-ID: CVE-2025-68773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the fsl_spi_prepare_message() function in drivers/spi/spi-fsl-spi.c. A local user can perform a denial of service (DoS) attack.
28) Incorrect calculation (CVE-ID: CVE-2025-68774)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __hfs_bnode_create() function in fs/hfsplus/bnode.c. A local user can perform a denial of service (DoS) attack.
29) Memory leak (CVE-ID: CVE-2025-68775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the handshake_req_cancel() function in net/handshake/request.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2025-68776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prp_get_untagged_frame() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
31) Out-of-bounds read (CVE-ID: CVE-2025-68777)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the titsc_config_wires() function in drivers/input/touchscreen/ti_am335x_tsc.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2025-68778)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the conflicting_inode_is_dir(), add_conflicting_inode() and log_conflicting_inodes() functions in fs/btrfs/tree-log.c. A local user can escalate privileges on the system.
33) Improper locking (CVE-ID: CVE-2025-68780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dec_dl_deadline(), rq_online_dl() and rq_offline_dl() functions in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
34) Use-after-free (CVE-ID: CVE-2025-68781)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fsl_otg_remove() function in drivers/usb/phy/phy-fsl-usb.c. A local user can escalate privileges on the system.
35) NULL pointer dereference (CVE-ID: CVE-2025-68782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the target_cmd_init_cdb() function in drivers/target/target_core_transport.c. A local user can perform a denial of service (DoS) attack.
36) Input validation error (CVE-ID: CVE-2025-68783)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the get_meter_levels_from_urb() function in sound/usb/mixer_us16x08.c. A local user can perform a denial of service (DoS) attack.
37) Use-after-free (CVE-ID: CVE-2025-68784)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xrep_xattr_salvage_remote_attr() function in fs/xfs/scrub/attr_repair.c. A local user can escalate privileges on the system.
38) Out-of-bounds read (CVE-ID: CVE-2025-68785)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_and_copy_set_tun() and __ovs_nla_copy_actions() functions in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
39) Improper locking (CVE-ID: CVE-2025-68786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_lock_range() and ksmbd_vfs_truncate() functions in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
40) Memory leak (CVE-ID: CVE-2025-68787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_output() function in net/netrom/nr_out.c. A local user can perform a denial of service (DoS) attack.
41) Input validation error (CVE-ID: CVE-2025-68788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __fsnotify_parent() function in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.
42) Use-after-free (CVE-ID: CVE-2025-68789)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmpex_high_low_store() and ibmpex_bmc_delete() functions in drivers/hwmon/ibmpex.c. A local user can escalate privileges on the system.
43) Buffer overflow (CVE-ID: CVE-2025-68792)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tpm2_seal_trusted(), tpm2_load_cmd() and tpm2_unseal_cmd() functions in security/keys/trusted-keys/trusted_tpm2.c. A local user can escalate privileges on the system.
44) Integer underflow (CVE-ID: CVE-2025-68794)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the iomap_adjust_read_range() function in fs/iomap/buffered-io.c. A local user can execute arbitrary code.
45) Buffer overflow (CVE-ID: CVE-2025-68795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ethtool_get_strings(), ethtool_get_stats(), ethtool_get_phy_stats_phydev(), ethtool_get_phy_stats_ethtool() and ethtool_get_phy_stats() functions in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.
46) Improper error handling (CVE-ID: CVE-2025-68796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_do_zero_range() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2025-68797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ac_ioctl() function in drivers/char/applicom.c. A local user can perform a denial of service (DoS) attack.
48) NULL pointer dereference (CVE-ID: CVE-2025-68798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_pmu_enable_all() function in arch/x86/events/amd/core.c. A local user can perform a denial of service (DoS) attack.
49) Use of uninitialized resource (CVE-ID: CVE-2025-68799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cffrml_receive() function in net/caif/cffrml.c. A local user can perform a denial of service (DoS) attack.
50) Use-after-free (CVE-ID: CVE-2025-68800)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_mr_route_add() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c. A local user can escalate privileges on the system.
51) Use-after-free (CVE-ID: CVE-2025-68801)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_neigh_entry_alloc(), mlxsw_sp_nexthop_dead_neigh_replace(), mlxsw_sp_nexthop_neigh_init() and mlxsw_sp_nexthop_neigh_fini() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c. A local user can escalate privileges on the system.
52) Resource management error (CVE-ID: CVE-2025-68802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/uapi/drm/xe_drm.h. A local user can perform a denial of service (DoS) attack.
53) Input validation error (CVE-ID: CVE-2025-68803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/nfsd/vfs.h. A local user can perform a denial of service (DoS) attack.
54) Use-after-free (CVE-ID: CVE-2025-68804)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cros_ec_ishtp_remove() function in drivers/platform/chrome/cros_ec_ishtp.c. A local user can escalate privileges on the system.
55) Input validation error (CVE-ID: CVE-2025-68806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smb2_set_ea() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
56) Use-after-free (CVE-ID: CVE-2025-68808)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vidtv_channel_si_init() function in drivers/media/test-drivers/vidtv/vidtv_channel.c. A local user can escalate privileges on the system.
57) Race condition within a thread (CVE-ID: CVE-2025-68809)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the ksmbd_query_inode_status() and __ksmbd_inode_close() functions in fs/smb/server/vfs_cache.c. A local user can corrupt data.
58) Use-after-free (CVE-ID: CVE-2025-68810)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __kvm_set_memory_region() function in virt/kvm/kvm_main.c. A local user can escalate privileges on the system.
59) Input validation error (CVE-ID: CVE-2025-68811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the svc_rdma_copy_inline_range() function in net/sunrpc/xprtrdma/svc_rdma_rw.c. A local user can perform a denial of service (DoS) attack.
60) NULL pointer dereference (CVE-ID: CVE-2025-68813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __ip_vs_get_out_rt() function in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
61) Memory leak (CVE-ID: CVE-2025-68814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __io_openat_prep() function in io_uring/openclose.c. A local user can perform a denial of service (DoS) attack.
62) Resource management error (CVE-ID: CVE-2025-68815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
63) Input validation error (CVE-ID: CVE-2025-68816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.h. A local user can perform a denial of service (DoS) attack.
64) Use-after-free (CVE-ID: CVE-2025-68817)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_tree_disconnect() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
65) Input validation error (CVE-ID: CVE-2025-68818)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
66) Out-of-bounds read (CVE-ID: CVE-2025-68819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtv5100_i2c_msg() function in drivers/media/usb/dvb-usb/dtv5100.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2025-68820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
68) Use-after-free (CVE-ID: CVE-2025-68821)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fuse_file_put() and fuse_file_open() functions in fs/fuse/file.c. A local user can escalate privileges on the system.
69) Use-after-free (CVE-ID: CVE-2025-68822)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alps_disconnect() function in drivers/input/mouse/alps.c. A local user can escalate privileges on the system.
70) Use of uninitialized resource (CVE-ID: CVE-2025-71064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hclgevf_knic_setup() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c. A local user can perform a denial of service (DoS) attack.
71) Improper locking (CVE-ID: CVE-2025-71065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_save_errors() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
72) Use-after-free (CVE-ID: CVE-2025-71066)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can escalate privileges on the system.
73) Improper error handling (CVE-ID: CVE-2025-71067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ntfs_init_from_boot() function in fs/ntfs3/super.c. A local user can perform a denial of service (DoS) attack.
74) Buffer overflow (CVE-ID: CVE-2025-71068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the svc_rdma_copy_inline_range() function in net/sunrpc/xprtrdma/svc_rdma_rw.c. A local user can perform a denial of service (DoS) attack.
75) Buffer overflow (CVE-ID: CVE-2025-71069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_rename() function in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
76) Use-after-free (CVE-ID: CVE-2025-71071)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_iommu_mm_dts_parse(), mtk_iommu_probe() and mtk_iommu_remove() functions in drivers/iommu/mtk_iommu.c. A local user can escalate privileges on the system.
77) Input validation error (CVE-ID: CVE-2025-71072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the shmem_rename2() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
78) Use-after-free (CVE-ID: CVE-2025-71073)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lkkbd_connect() and lkkbd_disconnect() functions in drivers/input/keyboard/lkkbd.c. A local user can escalate privileges on the system.
79) Race condition (CVE-ID: CVE-2025-71075)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the asd_pci_remove() function in drivers/scsi/aic94xx/aic94xx_init.c. A local user can escalate privileges on the system.
80) Resource management error (CVE-ID: CVE-2025-71076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xe_oa_set_no_preempt() function in drivers/gpu/drm/xe/xe_oa.c. A local user can perform a denial of service (DoS) attack.
81) Out-of-bounds read (CVE-ID: CVE-2025-71077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/tpm.h. A local user can perform a denial of service (DoS) attack.
82) Resource management error (CVE-ID: CVE-2025-71078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the preload_age() function in arch/powerpc/mm/book3s64/slb.c. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2025-71079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() and nfc_unregister_device() functions in net/nfc/core.c. A local user can perform a denial of service (DoS) attack.
84) Improper error handling (CVE-ID: CVE-2025-71080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rt6_make_pcpu_route() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
85) Memory leak (CVE-ID: CVE-2025-71081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_sai_sub_parse_of(), stm32_sai_sub_probe() and stm32_sai_sub_remove() functions in sound/soc/stm/stm32_sai_sub.c. A local user can perform a denial of service (DoS) attack.
86) Use-after-free (CVE-ID: CVE-2025-71082)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btusb_probe() and btusb_disconnect() functions in drivers/bluetooth/btusb.c. A local user can escalate privileges on the system.
87) NULL pointer dereference (CVE-ID: CVE-2025-71083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ttm_bo_vm_access() function in drivers/gpu/drm/ttm/ttm_bo_vm.c. A local user can perform a denial of service (DoS) attack.
88) Improper resource shutdown or release (CVE-ID: CVE-2025-71084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the destroy_mc() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
89) Resource management error (CVE-ID: CVE-2025-71085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the calipso_skbuff_setattr() function in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
90) Memory leak (CVE-ID: CVE-2025-71086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rose_kill_by_device() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.
91) Off-by-one (CVE-ID: CVE-2025-71087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the iavf_config_rss_reg() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
92) Improper locking (CVE-ID: CVE-2025-71088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the subflow_state_change() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
93) Double free (CVE-ID: CVE-2025-71089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the iommu_sva_bind_device() function in drivers/iommu/iommu-sva.c. A local user can perform a denial of service (DoS) attack.
94) Improper error handling (CVE-ID: CVE-2025-71091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __team_queue_override_enabled_check() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
95) Buffer overflow (CVE-ID: CVE-2025-71093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the e1000_tbi_should_accept() function in drivers/net/ethernet/intel/e1000/e1000_main.c. A local user can escalate privileges on the system.
96) Resource management error (CVE-ID: CVE-2025-71094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the asix_read_phy_addr() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
97) Race condition (CVE-ID: CVE-2025-71095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the MODULE_PARM_DESC(), stmmac_xdp_get_tx_queue(), stmmac_xdp_xmit_back() and stmmac_rx_zc() functions in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
98) NULL pointer dereference (CVE-ID: CVE-2025-71096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ib_nl_handle_ip_res_resp() function in drivers/infiniband/core/addr.c. A local user can perform a denial of service (DoS) attack.
99) Memory leak (CVE-ID: CVE-2025-71097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fib_table_flush() function in net/ipv4/fib_trie.c. A local user can perform a denial of service (DoS) attack.
100) Improper error handling (CVE-ID: CVE-2025-71098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ip6gre_header() function in net/ipv6/ip6_gre.c. A local user can perform a denial of service (DoS) attack.
101) Use-after-free (CVE-ID: CVE-2025-71099)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xe_oa_add_config_ioctl() function in drivers/gpu/drm/xe/xe_oa.c. A local user can escalate privileges on the system.
102) Out-of-bounds read (CVE-ID: CVE-2025-71100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl92cu_tx_fill_desc() function in drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c. A local user can perform a denial of service (DoS) attack.
103) Out-of-bounds read (CVE-ID: CVE-2025-71101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hp_populate_string_elements_from_package() function in drivers/platform/x86/hp/hp-bioscfg/string-attributes.c. A local user can perform a denial of service (DoS) attack.
104) Input validation error (CVE-ID: CVE-2025-71102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the scs_check_usage() function in kernel/scs.c. A local user can perform a denial of service (DoS) attack.
105) Improper locking (CVE-ID: CVE-2025-71104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the advance_periodic_target_expiration() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
106) Resource management error (CVE-ID: CVE-2025-71105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fs/f2fs/xattr.h. A local user can perform a denial of service (DoS) attack.
107) Memory leak (CVE-ID: CVE-2025-71107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the f2fs_put_super() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
108) Input validation error (CVE-ID: CVE-2025-71108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ucsi_init() function in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
109) Integer overflow (CVE-ID: CVE-2025-71109)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ftrace_dyn_arch_init_insns() and ftrace_make_call() functions in arch/mips/kernel/ftrace.c. A local user can execute arbitrary code.
110) Race condition (CVE-ID: CVE-2025-71111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/hwmon/w83791d.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
111) Out-of-bounds read (CVE-ID: CVE-2025-71112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hclge_set_vlan_filter() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
112) Use of uninitialized resource (CVE-ID: CVE-2025-71113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the rng_accept_parent() function in crypto/algif_rng.c. A local user can perform a denial of service (DoS) attack.
113) Buffer overflow (CVE-ID: CVE-2025-71114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the wdt_probe() function in drivers/watchdog/via_wdt.c. A local user can perform a denial of service (DoS) attack.
114) Out-of-bounds read (CVE-ID: CVE-2025-71116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_pool() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
115) NULL pointer dereference (CVE-ID: CVE-2025-71118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ns_walk_namespace() function in drivers/acpi/acpica/nswalk.c. A local user can perform a denial of service (DoS) attack.
116) Resource management error (CVE-ID: CVE-2025-71119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kexec_prepare_cpus_wait() and wake_offline_cpus() functions in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
117) NULL pointer dereference (CVE-ID: CVE-2025-71120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
118) Input validation error (CVE-ID: CVE-2025-71121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gsc_set_affinity_irq() function in drivers/parisc/gsc.c. A local user can perform a denial of service (DoS) attack.
119) Input validation error (CVE-ID: CVE-2025-71122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iommufd_test_add_reserved() function in drivers/iommu/iommufd/selftest.c. A local user can perform a denial of service (DoS) attack.
120) Memory leak (CVE-ID: CVE-2025-71123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_apply_sb_mount_options() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
121) NULL pointer dereference (CVE-ID: CVE-2025-71125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_event_reg() function in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
122) Improper locking (CVE-ID: CVE-2025-71126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __mptcp_retrans() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
123) Resource management error (CVE-ID: CVE-2025-71127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_rx_h_mgmt_check() function in net/mac80211/rx.c. A local user can perform a denial of service (DoS) attack.
124) Resource management error (CVE-ID: CVE-2025-71129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/loongarch/net/bpf_jit.h. A local user can perform a denial of service (DoS) attack.
125) NULL pointer dereference (CVE-ID: CVE-2025-71130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eb_lookup_vmas(), i915_gem_do_execbuffer() and i915_gem_execbuffer2_ioctl() functions in drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c. A local user can perform a denial of service (DoS) attack.
126) Double free (CVE-ID: CVE-2025-71131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the seqiv_aead_encrypt() function in crypto/seqiv.c. A local user can perform a denial of service (DoS) attack.
127) Memory leak (CVE-ID: CVE-2025-71132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smc_rcv() function in drivers/net/ethernet/smsc/smc91x.c. A local user can perform a denial of service (DoS) attack.
128) Out-of-bounds read (CVE-ID: CVE-2025-71133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the irdma_net_event() function in drivers/infiniband/hw/irdma/utils.c. A local user can perform a denial of service (DoS) attack.
129) Infinite loop (CVE-ID: CVE-2025-71134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the buddy_merge_likely(), __free_one_page() and pageblock_unisolate_and_move_free_pages() functions in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
130) NULL pointer dereference (CVE-ID: CVE-2025-71135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the raid5_store_group_thread_cnt() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
131) Out-of-bounds read (CVE-ID: CVE-2025-71136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the adv7842_cp_log_status() function in drivers/media/i2c/adv7842.c. A local user can perform a denial of service (DoS) attack.
132) Out-of-bounds read (CVE-ID: CVE-2025-71137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the otx2_set_ringparam() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2025-71138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_encoder_phys_wb_setup_ctl() function in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c. A local user can perform a denial of service (DoS) attack.
134) NULL pointer dereference (CVE-ID: CVE-2025-71140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the handle_enc_encode_msg() function in drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c. A local user can perform a denial of service (DoS) attack.
135) Out-of-bounds read (CVE-ID: CVE-2025-71143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the exynos_clkout_probe() function in drivers/clk/samsung/clk-exynos-clkout.c. A local user can perform a denial of service (DoS) attack.
136) Resource management error (CVE-ID: CVE-2025-71144)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the net/mptcp/protocol.h. A local user can perform a denial of service (DoS) attack.
137) Memory leak (CVE-ID: CVE-2025-71146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __nf_conncount_add() and insert_tree() functions in net/netfilter/nf_conncount.c. A local user can perform a denial of service (DoS) attack.
138) Memory leak (CVE-ID: CVE-2025-71147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_load_cmd() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
139) Memory leak (CVE-ID: CVE-2025-71148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the handshake_req_submit() function in net/handshake/request.c. A local user can perform a denial of service (DoS) attack.
140) Resource management error (CVE-ID: CVE-2025-71149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_poll_remove() function in io_uring/poll.c. A local user can perform a denial of service (DoS) attack.
141) Memory leak (CVE-ID: CVE-2025-71150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ksmbd_session_lookup_all() function in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.
142) Memory leak (CVE-ID: CVE-2025-71151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb3_reconfigure() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
143) Memory leak (CVE-ID: CVE-2025-71153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_file_all_info() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
144) Memory leak (CVE-ID: CVE-2025-71154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the async_set_registers() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
145) Resource management error (CVE-ID: CVE-2025-71156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gve_add_napi() function in drivers/net/ethernet/google/gve/gve_utils.c. A local user can perform a denial of service (DoS) attack.
146) Incorrect calculation (CVE-ID: CVE-2025-71157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the ib_del_sub_device_and_put() function in drivers/infiniband/core/device.c. A local user can perform a denial of service (DoS) attack.
147) Improper locking (CVE-ID: CVE-2025-71160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nft_validate_state_update(), nf_tables_rule_release(), nft_chain_validate() and nft_table_validate() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
148) Use-after-free (CVE-ID: CVE-2025-71162)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tegra_adma_stop() and tegra_adma_probe() functions in drivers/dma/tegra210-adma.c. A local user can escalate privileges on the system.
149) Memory leak (CVE-ID: CVE-2025-71163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the unbind_store() and bind_store() functions in drivers/dma/idxd/compat.c. A local user can perform a denial of service (DoS) attack.
150) Improper locking (CVE-ID: CVE-2025-71180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the interrupt_cnt_probe() function in drivers/counter/interrupt-cnt.c. A local user can perform a denial of service (DoS) attack.
151) Improper locking (CVE-ID: CVE-2025-71182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the j1939_session_activate() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
152) Infinite loop (CVE-ID: CVE-2025-71183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the copy_inode_items_to_log() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
153) NULL pointer dereference (CVE-ID: CVE-2025-71184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.
154) Memory leak (CVE-ID: CVE-2025-71185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ti_am335x_xbar_route_allocate() function in drivers/dma/ti/dma-crossbar.c. A local user can perform a denial of service (DoS) attack.
155) Memory leak (CVE-ID: CVE-2025-71186)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_dmamux_route_allocate() function in drivers/dma/stm32-dmamux.c. A local user can perform a denial of service (DoS) attack.
156) Memory leak (CVE-ID: CVE-2025-71189)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rzn1_dmamux_route_allocate() function in drivers/dma/dw/rzn1-dmamux.c. A local user can perform a denial of service (DoS) attack.
157) Memory leak (CVE-ID: CVE-2025-71190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sba_probe() and sba_remove() functions in drivers/dma/bcm-sba-raid.c. A local user can perform a denial of service (DoS) attack.
158) Memory leak (CVE-ID: CVE-2025-71191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atc_alloc_chan_resources() and atc_free_chan_resources() functions in drivers/dma/at_hdmac.c. A local user can perform a denial of service (DoS) attack.
159) Double free (CVE-ID: CVE-2025-71192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ac97_adapter_release(), ac97_add_adapter() and snd_ac97_controller_register() functions in sound/ac97/bus.c. A local user can perform a denial of service (DoS) attack.
160) NULL pointer dereference (CVE-ID: CVE-2025-71193)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qusb2_phy_probe() function in drivers/phy/qualcomm/phy-qcom-qusb2.c. A local user can perform a denial of service (DoS) attack.
161) Improper locking (CVE-ID: CVE-2025-71194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_transaction_blocked(), start_transaction() and btrfs_wait_for_commit() functions in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.
162) Resource management error (CVE-ID: CVE-2025-71195)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/dma/xilinx/xdma.c. A local user can perform a denial of service (DoS) attack.
163) Out-of-bounds read (CVE-ID: CVE-2025-71196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stm32_usbphyc_probe() function in drivers/phy/st/phy-stm32-usbphyc.c. A local user can perform a denial of service (DoS) attack.
164) Off-by-one (CVE-ID: CVE-2025-71197)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the alarms_store() function in drivers/w1/slaves/w1_therm.c. A local user can perform a denial of service (DoS) attack.
165) NULL pointer dereference (CVE-ID: CVE-2025-71198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c. A local user can perform a denial of service (DoS) attack.
166) Use-after-free (CVE-ID: CVE-2025-71199)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the at91_adc_remove() function in drivers/iio/adc/at91-sama5d2_adc.c. A local user can escalate privileges on the system.
167) NULL pointer dereference (CVE-ID: CVE-2026-22976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qfq_reset_qdisc() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
168) Memory leak (CVE-ID: CVE-2026-22977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sock_enable_timestamp() and sock_recv_errqueue() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
169) Buffer overflow (CVE-ID: CVE-2026-22978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the compat_private_call() function in net/wireless/wext-priv.c. A local user can perform a denial of service (DoS) attack.
170) Memory leak (CVE-ID: CVE-2026-22979)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the skb_segment_list() function in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
171) Use-after-free (CVE-ID: CVE-2026-22980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/nfsd/state.h. A local user can escalate privileges on the system.
172) NULL pointer dereference (CVE-ID: CVE-2026-22982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocelot_set_aggr_pgids() function in drivers/net/ethernet/mscc/ocelot.c. A local user can perform a denial of service (DoS) attack.
173) Out-of-bounds read (CVE-ID: CVE-2026-22984)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the process_auth_done() function in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
174) Input validation error (CVE-ID: CVE-2026-22989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/nfsd/state.h. A local user can perform a denial of service (DoS) attack.
175) Input validation error (CVE-ID: CVE-2026-22990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the osdmap_apply_incremental() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
176) Use-after-free (CVE-ID: CVE-2026-22991)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_choose_arg_map() function in net/ceph/osdmap.c. A local user can escalate privileges on the system.
177) NULL pointer dereference (CVE-ID: CVE-2026-22992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mon_handle_auth_done() function in net/ceph/mon_client.c. A local user can perform a denial of service (DoS) attack.
178) Memory leak (CVE-ID: CVE-2026-22994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bpf_prog_test_run_xdp() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.
179) NULL pointer dereference (CVE-ID: CVE-2026-22996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the _mlx5e_resume(), mlx5e_resume(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
180) Memory leak (CVE-ID: CVE-2026-22997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the j1939_xtp_rx_rts_session_active() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
181) NULL pointer dereference (CVE-ID: CVE-2026-22998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_handle_h2c_data_pdu() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
182) Use-after-free (CVE-ID: CVE-2026-22999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qfq_change_class() function in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
183) NULL pointer dereference (CVE-ID: CVE-2026-23000)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_vport_uplink_rep_load() and mlx5e_vport_uplink_rep_unload() functions in drivers/net/ethernet/mellanox/mlx5/core/en_rep.c. A local user can perform a denial of service (DoS) attack.
184) Use-after-free (CVE-ID: CVE-2026-23001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macvlan_hash_lookup_source(), macvlan_hash_add_source(), macvlan_hash_add(), macvlan_flush_sources(), macvlan_forward_source() and macvlan_fill_info_macaddr() functions in drivers/net/macvlan.c. A local user can escalate privileges on the system.
185) NULL pointer dereference (CVE-ID: CVE-2026-23002)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the freader_get_folio() and freader_fetch() functions in lib/buildid.c. A local user can perform a denial of service (DoS) attack.
186) Use of uninitialized resource (CVE-ID: CVE-2026-23003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.
187) Resource management error (CVE-ID: CVE-2026-23005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_vcpu_ioctl_x86_get_xsave() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
188) NULL pointer dereference (CVE-ID: CVE-2026-23006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the adcx140_pwr_ctrl() function in sound/soc/codecs/tlv320adcx140.c. A local user can perform a denial of service (DoS) attack.
189) Use-after-free (CVE-ID: CVE-2026-23010)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inet6_addr_del() function in net/ipv6/addrconf.c. A local user can escalate privileges on the system.
190) Improper error handling (CVE-ID: CVE-2026-23011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ipgre_header() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
191) Use-after-free (CVE-ID: CVE-2026-23013)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the octep_vf_request_irqs() function in drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c. A local user can escalate privileges on the system.
192) NULL pointer dereference (CVE-ID: CVE-2026-23019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prestera_devlink_alloc() function in drivers/net/ethernet/marvell/prestera/prestera_devlink.c. A local user can perform a denial of service (DoS) attack.
193) NULL pointer dereference (CVE-ID: CVE-2026-23020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vortex_probe1() function in drivers/net/ethernet/3com/3c59x.c. A local user can perform a denial of service (DoS) attack.
194) Memory leak (CVE-ID: CVE-2026-23021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the update_eth_regs_async() function in drivers/net/usb/pegasus.c. A local user can perform a denial of service (DoS) attack.
195) Memory leak (CVE-ID: CVE-2026-23023)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the idpf_vport_rel() function in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
196) Improper locking (CVE-ID: CVE-2026-23025)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __pcp_trylock_noop(), rmqueue_bulk(), decay_pcp_high(), drain_zone_pages(), drain_pages_zone() and zone_pcp_update_cacheinfo() functions in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
197) Memory leak (CVE-ID: CVE-2026-23026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the function in drivers/dma/qcom/gpi.c. A local user can perform a denial of service (DoS) attack.
198) Double free (CVE-ID: CVE-2026-23030)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the rockchip_usb2phy_probe() function in drivers/phy/rockchip/phy-rockchip-inno-usb2.c. A local user can perform a denial of service (DoS) attack.
199) Memory leak (CVE-ID: CVE-2026-23031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gs_usb_receive_bulk_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
200) Memory leak (CVE-ID: CVE-2026-23032)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nullb_add_fault_config() and nullb_group_drop_item() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
201) Memory leak (CVE-ID: CVE-2026-23033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the omap_dma_probe() function in drivers/dma/ti/omap-dma.c. A local user can perform a denial of service (DoS) attack.
202) NULL pointer dereference (CVE-ID: CVE-2026-23035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_vport_vf_rep_load() and mlx5e_vport_rep_unload() functions in drivers/net/ethernet/mellanox/mlx5/core/en_rep.c. A local user can perform a denial of service (DoS) attack.
203) Memory leak (CVE-ID: CVE-2026-23037)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the es58x_alloc_rx_urbs() function in drivers/net/can/usb/etas_es58x/es58x_core.c. A local user can perform a denial of service (DoS) attack.
204) Memory leak (CVE-ID: CVE-2026-23038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_ff_alloc_deviceid_node() function in fs/nfs/flexfilelayout/flexfilelayoutdev.c. A local user can perform a denial of service (DoS) attack.
205) Input validation error (CVE-ID: CVE-2026-23047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the calc_target() function in net/ceph/osd_client.c. A local user can perform a denial of service (DoS) attack.
206) Resource management error (CVE-ID: CVE-2026-23049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/gpu/drm/panel/panel-simple.c. A local user can perform a denial of service (DoS) attack.
207) Improper locking (CVE-ID: CVE-2026-23050)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/nfs/pnfs.h. A local user can perform a denial of service (DoS) attack.
208) Improper locking (CVE-ID: CVE-2026-23053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/linux/nfs_fs.h. A local user can perform a denial of service (DoS) attack.
209) Buffer overflow (CVE-ID: CVE-2026-23054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netvsc_set_rxfh() function in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
210) Resource management error (CVE-ID: CVE-2026-23055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the riic_i2c_resume() function in drivers/i2c/busses/i2c-riic.c. A local user can perform a denial of service (DoS) attack.
211) Improper error handling (CVE-ID: CVE-2026-23056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the uacce_vma_close() function in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
212) Use of uninitialized resource (CVE-ID: CVE-2026-23057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the virtio_transport_recv_enqueue() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
213) Memory leak (CVE-ID: CVE-2026-23058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ems_usb_read_bulk_callback() function in drivers/net/can/usb/ems_usb.c. A local user can perform a denial of service (DoS) attack.
214) Buffer overflow (CVE-ID: CVE-2026-23059)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qla27xx_copy_multiple_pkt() and qla27xx_copy_fpin_pkt() functions in drivers/scsi/qla2xxx/qla_isr.c. A local user can escalate privileges on the system.
215) NULL pointer dereference (CVE-ID: CVE-2026-23060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.
216) Memory leak (CVE-ID: CVE-2026-23061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvaser_usb_read_bulk_callback() function in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c. A local user can perform a denial of service (DoS) attack.
217) NULL pointer dereference (CVE-ID: CVE-2026-23062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/platform/x86/hp/hp-bioscfg/bioscfg.h. A local user can perform a denial of service (DoS) attack.
218) NULL pointer dereference (CVE-ID: CVE-2026-23063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uacce_start_queue() and uacce_fops_unl_ioctl() functions in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
219) NULL pointer dereference (CVE-ID: CVE-2026-23064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcf_ife_encode() function in net/sched/act_ife.c. A local user can perform a denial of service (DoS) attack.
220) Memory leak (CVE-ID: CVE-2026-23065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wbrf_record() function in drivers/platform/x86/amd/wbrf.c. A local user can perform a denial of service (DoS) attack.
221) Double free (CVE-ID: CVE-2026-23068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the sprd_adi_probe() function in drivers/spi/spi-sprd-adi.c. A local user can perform a denial of service (DoS) attack.
222) Integer underflow (CVE-ID: CVE-2026-23069)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the virtio_transport_get_credit(), virtio_transport_seqpacket_has_data(), virtio_transport_stream_has_space() and virtio_transport_space_update() functions in net/vmw_vsock/virtio_transport_common.c. A local user can execute arbitrary code.
223) Improper locking (CVE-ID: CVE-2026-23071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the regmap_lock_hwlock_irq() function in drivers/base/regmap/regmap.c. A local user can perform a denial of service (DoS) attack.
224) Memory leak (CVE-ID: CVE-2026-23072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the l2tp_udp_encap_recv() function in net/l2tp/l2tp_core.c. A local user can perform a denial of service (DoS) attack.
225) Buffer overflow (CVE-ID: CVE-2026-23073)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rsi_mac80211_attach() function in drivers/net/wireless/rsi/rsi_91x_mac80211.c. A local user can escalate privileges on the system.
226) Use-after-free (CVE-ID: CVE-2026-23074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.
227) Memory leak (CVE-ID: CVE-2026-23075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the esd_usb_read_bulk_callback() function in drivers/net/can/usb/esd_usb.c. A local user can perform a denial of service (DoS) attack.
228) Out-of-bounds read (CVE-ID: CVE-2026-23076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amixer_rsc_init() and sum_rsc_init() functions in sound/pci/ctxfi/ctamixer.c. A local user can perform a denial of service (DoS) attack.
229) Buffer overflow (CVE-ID: CVE-2026-23078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scarlett2_usb_get_config() function in sound/usb/mixer_scarlett2.c. A local user can escalate privileges on the system.
230) Memory leak (CVE-ID: CVE-2026-23080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mcba_usb_read_bulk_callback() function in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.
231) Input validation error (CVE-ID: CVE-2026-23083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in net/ipv4/fou_nl.c. A local user can perform a denial of service (DoS) attack.
232) NULL pointer dereference (CVE-ID: CVE-2026-23084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_cmd_get_perm_mac() function in drivers/net/ethernet/emulex/benet/be_cmds.c. A local user can perform a denial of service (DoS) attack.
233) Resource management error (CVE-ID: CVE-2026-23085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the its_build_mapd_cmd(), its_build_vmapp_cmd() and its_setup_baser() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
234) Use-after-free (CVE-ID: CVE-2026-23086)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_seqpacket_dequeue(), virtio_transport_seqpacket_enqueue() and virtio_transport_has_space() functions in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
235) Memory leak (CVE-ID: CVE-2026-23087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scsiback_remove() function in drivers/xen/xen-scsiback.c. A local user can perform a denial of service (DoS) attack.
236) Resource management error (CVE-ID: CVE-2026-23088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the synth_event_define_fields() function in kernel/trace/trace_events_synth.c. A local user can perform a denial of service (DoS) attack.
237) Use-after-free (CVE-ID: CVE-2026-23089)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the parse_audio_unit() function in sound/usb/mixer.c. A local user can escalate privileges on the system.
238) Memory leak (CVE-ID: CVE-2026-23090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the slim_get_device() and slim_device_report_present() functions in drivers/slimbus/core.c. A local user can perform a denial of service (DoS) attack.
239) Memory leak (CVE-ID: CVE-2026-23091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_th_output_open() function in drivers/hwtracing/intel_th/core.c. A local user can perform a denial of service (DoS) attack.
240) Input validation error (CVE-ID: CVE-2026-23093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the get_sg_list() and smb_direct_post_send_data() functions in fs/smb/server/transport_rdma.c. A local user can perform a denial of service (DoS) attack.
241) Input validation error (CVE-ID: CVE-2026-23094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the isolate_strategy_show() and isolate_strategy_store() functions in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
242) Memory leak (CVE-ID: CVE-2026-23095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gue_udp_recv() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.
243) Improper resource shutdown or release (CVE-ID: CVE-2026-23096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the EXPORT_SYMBOL_GPL() and uacce_register() functions in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
244) Improper locking (CVE-ID: CVE-2026-23097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the unmap_and_move_huge_page() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
245) NULL pointer dereference (CVE-ID: CVE-2026-23098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nr_route_frame() function in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
246) Out-of-bounds read (CVE-ID: CVE-2026-23099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_enslave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
247) Use of uninitialized resource (CVE-ID: CVE-2026-23101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the led_classdev_register_ext() function in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.
248) Improper locking (CVE-ID: CVE-2026-23103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_port_create(), ipvlan_uninit(), ipvlan_open(), ipvlan_stop(), ipvlan_link_new(), ipvlan_link_delete(), ipvlan_add_addr(), ipvlan_del_addr(), ipvlan_add_addr6(), ipvlan_addr6_validator_event() and ipvlan_addr4_validator_event() functions in drivers/net/ipvlan/ipvlan_main.c. A local user can perform a denial of service (DoS) attack.
249) Input validation error (CVE-ID: CVE-2026-23105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qfq_rm_from_agg() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
250) NULL pointer dereference (CVE-ID: CVE-2026-23107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the restore_za_context() function in arch/arm64/kernel/signal.c. A local user can perform a denial of service (DoS) attack.
251) Memory leak (CVE-ID: CVE-2026-23108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_8dev_read_bulk_callback() function in drivers/net/can/usb/usb_8dev.c. A local user can perform a denial of service (DoS) attack.
252) Race condition (CVE-ID: CVE-2026-23110)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the scsi_dec_host_busy() function in drivers/scsi/scsi_lib.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.