SB2026020973 - Debian update for linux
Published: February 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 253 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2023-52658)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the esw_inline_mode_to_devlink() and mlx5_devlink_eswitch_mode_set() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c. A local user can perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2023-53421)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkcg_reset_stats() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
3) Integer overflow (CVE-ID: CVE-2023-54285)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the iomap_write_delalloc_scan() function in fs/iomap/buffered-io.c. A local user can execute arbitrary code.
4) NULL pointer dereference (CVE-ID: CVE-2024-42079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2024-46786)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fscache_exit() function in fs/fscache/main.c. A local user can escalate privileges on the system.
6) Input validation error (CVE-ID: CVE-2024-49968)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
7) Out-of-bounds read (CVE-ID: CVE-2025-21946)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_sid() and parse_sec_desc() functions in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.
8) Improper locking (CVE-ID: CVE-2025-22022)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/usb/host/xhci.h. A local user can perform a denial of service (DoS) attack.
9) Memory leak (CVE-ID: CVE-2025-22083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vhost_scsi_set_endpoint(), target_undepend_item() and vhost_scsi_flush() functions in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.
10) Resource management error (CVE-ID: CVE-2025-22090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the copy_page_range() function in mm/memory.c, within the vm_area_dup() function in kernel/fork.c, within the get_pat_info() and untrack_pfn() functions in arch/x86/mm/pat/memtype.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2025-22107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sja1105_table_delete_entry() function in drivers/net/dsa/sja1105/sja1105_static_config.c. A local user can perform a denial of service (DoS) attack.
12) Improper locking (CVE-ID: CVE-2025-22111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_write_iter(), brioctl_set(), br_ioctl_call(), sock_ioctl() and compat_sock_ioctl_trans() functions in net/socket.c, within the dev_ifsioc() and dev_ioctl() functions in net/core/dev_ioctl.c, within the old_deviceless() and br_ioctl_stub() functions in net/bridge/br_ioctl.c. A local user can perform a denial of service (DoS) attack.
13) Use-after-free (CVE-ID: CVE-2025-22121)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_xattr_check_block(), __xattr_check_inode(), ext4_xattr_ibody_get(), ext4_xattr_ibody_list(), ext4_get_inode_usage(), ext4_xattr_ibody_find() and sizeof() functions in fs/ext4/xattr.c, within the ext4_iget_extra_inode() function in fs/ext4/inode.c. A local user can escalate privileges on the system.
14) Use-after-free (CVE-ID: CVE-2025-37926)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ksmbd_session_rpc_clear_list(), ksmbd_session_rpc_open(), ksmbd_session_rpc_close() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.
15) Use-after-free (CVE-ID: CVE-2025-38022)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ib_device_notify_register() and ib_register_device() functions in drivers/infiniband/core/device.c. A local user can escalate privileges on the system.
16) Improper locking (CVE-ID: CVE-2025-38104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_virt_rlcg_reg_rw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c, within the amdgpu_device_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2025-38125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2025-38129)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the page_pool_ethtool_stats_get(), page_pool_return_page() and page_pool_scrub() functions in net/core/page_pool.c. A local user can escalate privileges on the system.
19) NULL pointer dereference (CVE-ID: CVE-2025-38232)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_nfsd(), unregister_cld_notifier() and exit_nfsd() functions in fs/nfsd/nfsctl.c. A local user can perform a denial of service (DoS) attack.
20) NULL pointer dereference (CVE-ID: CVE-2025-38361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dce110_blank_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c. A local user can perform a denial of service (DoS) attack.
21) Resource management error (CVE-ID: CVE-2025-38408)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the irq_domain_create_sim_full() function in kernel/irq/irq_sim.c. A local user can perform a denial of service (DoS) attack.
22) Resource management error (CVE-ID: CVE-2025-38591)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_skb_is_valid_access(), sock_addr_is_valid_access(), sock_ops_is_valid_access(), sk_msg_is_valid_access() and sk_lookup_is_valid_access() functions in net/core/filter.c, within the cg_sockopt_is_valid_access() function in kernel/bpf/cgroup.c. A local user can perform a denial of service (DoS) attack.
23) Improper locking (CVE-ID: CVE-2025-38718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sctp_rcv() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
24) Use-after-free (CVE-ID: CVE-2025-39721)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adf_misc_wq_queue_delayed_work() function in drivers/crypto/intel/qat/qat_common/adf_isr.c, within the adf_dev_shutdown() function in drivers/crypto/intel/qat/qat_common/adf_init.c. A local user can escalate privileges on the system.
25) Use-after-free (CVE-ID: CVE-2025-39871)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the idxd_remove() function in drivers/dma/idxd/init.c. A local user can escalate privileges on the system.
26) Use-after-free (CVE-ID: CVE-2025-40039)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ksmbd_session_rpc_open() and ksmbd_session_rpc_close() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.
27) Input validation error (CVE-ID: CVE-2025-40110)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vmw_cmd_dma() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
28) Use-after-free (CVE-ID: CVE-2025-40149)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_device_queue_ctx_destruction() function in net/tls/tls_device.c. A local user can escalate privileges on the system.
29) Resource management error (CVE-ID: CVE-2025-40164)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbnet_resume_rx() function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
30) Improper locking (CVE-ID: CVE-2025-40215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __xfrm_state_destroy(), __xfrm_state_delete(), xfrm_state_flush(), xfrm_flush_gc() and xfrm_state_fini() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
31) Improper locking (CVE-ID: CVE-2025-68211)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the should_skip_rmap_item() and scan_get_next_rmap_item() functions in mm/ksm.c. A local user can perform a denial of service (DoS) attack.
32) Improper locking (CVE-ID: CVE-2025-68223)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the radeon_fence_is_signaled() function in drivers/gpu/drm/radeon/radeon_fence.c. A local user can perform a denial of service (DoS) attack.
33) Out-of-bounds read (CVE-ID: CVE-2025-68254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the OnBeacon() function in drivers/staging/rtl8723bs/core/rtw_mlme_ext.c. A local user can perform a denial of service (DoS) attack.
34) Buffer overflow (CVE-ID: CVE-2025-68255)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the OnAssocReq() function in drivers/staging/rtl8723bs/core/rtw_mlme_ext.c. A local user can escalate privileges on the system.
35) Out-of-bounds read (CVE-ID: CVE-2025-68256)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_get_ie() function in drivers/staging/rtl8723bs/core/rtw_ieee80211.c. A local user can perform a denial of service (DoS) attack.
36) NULL pointer dereference (CVE-ID: CVE-2025-68257)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the compat_chaninfo(), compat_rangeinfo(), compat_cmd(), compat_cmdtest(), compat_insnlist() and compat_insn() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
37) Improper locking (CVE-ID: CVE-2025-68258)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the multiq3_attach() function in drivers/comedi/drivers/multiq3.c. A local user can perform a denial of service (DoS) attack.
38) Resource management error (CVE-ID: CVE-2025-68259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the is_vmware_backdoor_opcode() and x86_emulate_instruction() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
39) Reachable assertion (CVE-ID: CVE-2025-68261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ext4_destroy_inline_data_nolock() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
40) Use-after-free (CVE-ID: CVE-2025-68263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipc_msg_send_request() function in fs/smb/server/transport_ipc.c. A local user can escalate privileges on the system.
41) Improper locking (CVE-ID: CVE-2025-68264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
42) Buffer overflow (CVE-ID: CVE-2025-68266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bfs_iget() function in fs/bfs/inode.c. A local user can perform a denial of service (DoS) attack.
43) Use of uninitialized resource (CVE-ID: CVE-2025-68291)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_do_fastclose() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
44) NULL pointer dereference (CVE-ID: CVE-2025-68325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cake_drop(), cake_reconfigure() and cake_enqueue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
45) Resource management error (CVE-ID: CVE-2025-68332)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the c6xdigio_attach() function in drivers/comedi/drivers/c6xdigio.c. A local user can perform a denial of service (DoS) attack.
46) NULL pointer dereference (CVE-ID: CVE-2025-68335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcl818_detach() function in drivers/comedi/drivers/pcl818.c. A local user can perform a denial of service (DoS) attack.
47) Improper locking (CVE-ID: CVE-2025-68336)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_raw_read_unlock() function in kernel/locking/spinlock_debug.c. A local user can perform a denial of service (DoS) attack.
48) Reachable assertion (CVE-ID: CVE-2025-68337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the jbd2_journal_get_create_access() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
49) Resource management error (CVE-ID: CVE-2025-68340)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the team_port_add() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
50) Input validation error (CVE-ID: CVE-2025-68344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in sound/isa/wavefront/wavefront_synth.c. A local user can perform a denial of service (DoS) attack.
51) NULL pointer dereference (CVE-ID: CVE-2025-68345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cs35l41_hda_read_acpi() function in sound/hda/codecs/side-codecs/cs35l41_hda.c. A local user can perform a denial of service (DoS) attack.
52) Out-of-bounds read (CVE-ID: CVE-2025-68346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detect_stream_formats() function in sound/firewire/dice/dice-extension.c. A local user can perform a denial of service (DoS) attack.
53) Buffer overflow (CVE-ID: CVE-2025-68347)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hwdep_read() function in sound/firewire/motu/motu-hwdep.c. A local user can escalate privileges on the system.
54) Buffer overflow (CVE-ID: CVE-2025-68349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pnfs_mark_layout_stateid_invalid() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
55) Use-after-free (CVE-ID: CVE-2025-68354)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the regulator_supply_alias(), regulator_register_supply_alias() and regulator_unregister_supply_alias() functions in drivers/regulator/core.c. A local user can escalate privileges on the system.
56) Integer underflow (CVE-ID: CVE-2025-68362)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the rtl8187_rx_cb() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can execute arbitrary code.
57) Resource management error (CVE-ID: CVE-2025-68363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_5() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
58) Input validation error (CVE-ID: CVE-2025-68364)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __ocfs2_move_extent() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
59) Use of uninitialized resource (CVE-ID: CVE-2025-68365)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ntfs_create_inode(), ntfs_link_inode() and ntfs_unlink_inode() functions in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
60) Use-after-free (CVE-ID: CVE-2025-68366)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_genl_connect() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
61) Improper locking (CVE-ID: CVE-2025-68367)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mac_hid_toggle_emumouse() function in drivers/macintosh/mac_hid.c. A local user can perform a denial of service (DoS) attack.
62) Improper locking (CVE-ID: CVE-2025-68369)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_read_mft() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
63) Use-after-free (CVE-ID: CVE-2025-68371)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pqi_device_reset() and pqi_sdev_destroy() functions in drivers/scsi/smartpqi/smartpqi_init.c. A local user can escalate privileges on the system.
64) Use-after-free (CVE-ID: CVE-2025-68372)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the recv_work() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
65) Resource management error (CVE-ID: CVE-2025-68380)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_wmi_send_peer_assoc_cmd() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can perform a denial of service (DoS) attack.
66) Integer overflow (CVE-ID: CVE-2025-68724)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the asymmetric_key_generate_id() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can execute arbitrary code.
67) Infinite loop (CVE-ID: CVE-2025-68725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
68) Buffer overflow (CVE-ID: CVE-2025-68727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_link_inode() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
69) Buffer overflow (CVE-ID: CVE-2025-68728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_get_bh() function in fs/ntfs3/fsntfs.c. A local user can perform a denial of service (DoS) attack.
70) Improper locking (CVE-ID: CVE-2025-68732)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the syncpt_release() and host1x_syncpt_put() functions in drivers/gpu/host1x/syncpt.c. A local user can perform a denial of service (DoS) attack.
71) Resource management error (CVE-ID: CVE-2025-68733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_setattr() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.
72) Improper error handling (CVE-ID: CVE-2025-68740)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ima_match_rules() function in security/integrity/ima/ima_policy.c. A local user can perform a denial of service (DoS) attack.
73) Resource management error (CVE-ID: CVE-2025-68742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_prog_inc_misses_counter() function in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.
74) Improper error handling (CVE-ID: CVE-2025-68746)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tegra_qspi_handle_error(), tegra_qspi_combined_seq_xfer(), tegra_qspi_non_combined_seq_xfer(), handle_cpu_based_xfer() and tegra_qspi_isr_thread() functions in drivers/spi/spi-tegra210-quad.c. A local user can perform a denial of service (DoS) attack.
75) Buffer overflow (CVE-ID: CVE-2025-68753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hwdep_read() function in sound/firewire/motu/motu-hwdep.c. A local user can escalate privileges on the system.
76) Improper locking (CVE-ID: CVE-2025-68757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vgem_fence_create() function in drivers/gpu/drm/vgem/vgem_fence.c. A local user can perform a denial of service (DoS) attack.
77) NULL pointer dereference (CVE-ID: CVE-2025-68758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the led_bl_probe() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.
78) Memory leak (CVE-ID: CVE-2025-68759)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtl8180_init_rx_ring() and rtl8180_start() functions in drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c. A local user can perform a denial of service (DoS) attack.
79) Improper locking (CVE-ID: CVE-2025-68764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_get_tree_common() function in fs/nfs/super.c. A local user can perform a denial of service (DoS) attack.
80) Memory leak (CVE-ID: CVE-2025-68765)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mt7615_mcu_wtbl_sta_add() function in drivers/net/wireless/mediatek/mt76/mt7615/mcu.c. A local user can perform a denial of service (DoS) attack.
81) Out-of-bounds read (CVE-ID: CVE-2025-68766)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mchp_eic_domain_alloc() function in drivers/irqchip/irq-mchp-eic.c. A local user can perform a denial of service (DoS) attack.
82) Improper privilege management (CVE-ID: CVE-2025-68767)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the hfsplus_get_perms() and hfsplus_cat_read_inode() functions in fs/hfsplus/inode.c. A local user can read and manipulate data.
83) Improper error handling (CVE-ID: CVE-2025-68769)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_fill_super() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
84) Improper error handling (CVE-ID: CVE-2025-68771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_claim_suballoc_bits() function in fs/ocfs2/suballoc.c. A local user can perform a denial of service (DoS) attack.
85) Improper locking (CVE-ID: CVE-2025-68772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_alloc_inode() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
86) Buffer overflow (CVE-ID: CVE-2025-68773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the fsl_spi_prepare_message() function in drivers/spi/spi-fsl-spi.c. A local user can perform a denial of service (DoS) attack.
87) Incorrect calculation (CVE-ID: CVE-2025-68774)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __hfs_bnode_create() function in fs/hfsplus/bnode.c. A local user can perform a denial of service (DoS) attack.
88) NULL pointer dereference (CVE-ID: CVE-2025-68776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prp_get_untagged_frame() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
89) Out-of-bounds read (CVE-ID: CVE-2025-68777)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the titsc_config_wires() function in drivers/input/touchscreen/ti_am335x_tsc.c. A local user can perform a denial of service (DoS) attack.
90) Use-after-free (CVE-ID: CVE-2025-68778)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the conflicting_inode_is_dir(), add_conflicting_inode() and log_conflicting_inodes() functions in fs/btrfs/tree-log.c. A local user can escalate privileges on the system.
91) Improper locking (CVE-ID: CVE-2025-68780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dec_dl_deadline(), rq_online_dl() and rq_offline_dl() functions in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
92) Use-after-free (CVE-ID: CVE-2025-68781)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fsl_otg_remove() function in drivers/usb/phy/phy-fsl-usb.c. A local user can escalate privileges on the system.
93) NULL pointer dereference (CVE-ID: CVE-2025-68782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the target_cmd_init_cdb() function in drivers/target/target_core_transport.c. A local user can perform a denial of service (DoS) attack.
94) Input validation error (CVE-ID: CVE-2025-68783)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the get_meter_levels_from_urb() function in sound/usb/mixer_us16x08.c. A local user can perform a denial of service (DoS) attack.
95) Out-of-bounds read (CVE-ID: CVE-2025-68785)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_and_copy_set_tun() and __ovs_nla_copy_actions() functions in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
96) Improper locking (CVE-ID: CVE-2025-68786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_lock_range() and ksmbd_vfs_truncate() functions in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
97) Memory leak (CVE-ID: CVE-2025-68787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_output() function in net/netrom/nr_out.c. A local user can perform a denial of service (DoS) attack.
98) Input validation error (CVE-ID: CVE-2025-68788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __fsnotify_parent() function in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.
99) Use-after-free (CVE-ID: CVE-2025-68789)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmpex_high_low_store() and ibmpex_bmc_delete() functions in drivers/hwmon/ibmpex.c. A local user can escalate privileges on the system.
100) Buffer overflow (CVE-ID: CVE-2025-68795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ethtool_get_strings(), ethtool_get_stats(), ethtool_get_phy_stats_phydev(), ethtool_get_phy_stats_ethtool() and ethtool_get_phy_stats() functions in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.
101) Improper error handling (CVE-ID: CVE-2025-68796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_do_zero_range() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
102) NULL pointer dereference (CVE-ID: CVE-2025-68797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ac_ioctl() function in drivers/char/applicom.c. A local user can perform a denial of service (DoS) attack.
103) NULL pointer dereference (CVE-ID: CVE-2025-68798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_pmu_enable_all() function in arch/x86/events/amd/core.c. A local user can perform a denial of service (DoS) attack.
104) Use of uninitialized resource (CVE-ID: CVE-2025-68799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cffrml_receive() function in net/caif/cffrml.c. A local user can perform a denial of service (DoS) attack.
105) Use-after-free (CVE-ID: CVE-2025-68800)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_mr_route_add() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c. A local user can escalate privileges on the system.
106) Use-after-free (CVE-ID: CVE-2025-68801)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_neigh_entry_alloc(), mlxsw_sp_nexthop_dead_neigh_replace(), mlxsw_sp_nexthop_neigh_init() and mlxsw_sp_nexthop_neigh_fini() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c. A local user can escalate privileges on the system.
107) Input validation error (CVE-ID: CVE-2025-68803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/nfsd/vfs.h. A local user can perform a denial of service (DoS) attack.
108) Use-after-free (CVE-ID: CVE-2025-68804)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cros_ec_ishtp_remove() function in drivers/platform/chrome/cros_ec_ishtp.c. A local user can escalate privileges on the system.
109) Input validation error (CVE-ID: CVE-2025-68806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smb2_set_ea() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
110) Use-after-free (CVE-ID: CVE-2025-68808)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vidtv_channel_si_init() function in drivers/media/test-drivers/vidtv/vidtv_channel.c. A local user can escalate privileges on the system.
111) NULL pointer dereference (CVE-ID: CVE-2025-68813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __ip_vs_get_out_rt() function in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
112) Memory leak (CVE-ID: CVE-2025-68814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __io_openat_prep() function in io_uring/openclose.c. A local user can perform a denial of service (DoS) attack.
113) Resource management error (CVE-ID: CVE-2025-68815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
114) Input validation error (CVE-ID: CVE-2025-68816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.h. A local user can perform a denial of service (DoS) attack.
115) Use-after-free (CVE-ID: CVE-2025-68817)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_tree_disconnect() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
116) Input validation error (CVE-ID: CVE-2025-68818)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
117) Out-of-bounds read (CVE-ID: CVE-2025-68819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtv5100_i2c_msg() function in drivers/media/usb/dvb-usb/dtv5100.c. A local user can perform a denial of service (DoS) attack.
118) NULL pointer dereference (CVE-ID: CVE-2025-68820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
119) Use-after-free (CVE-ID: CVE-2025-68821)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fuse_file_put() and fuse_file_open() functions in fs/fuse/file.c. A local user can escalate privileges on the system.
120) Use of uninitialized resource (CVE-ID: CVE-2025-71064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hclgevf_knic_setup() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c. A local user can perform a denial of service (DoS) attack.
121) Use-after-free (CVE-ID: CVE-2025-71066)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can escalate privileges on the system.
122) Buffer overflow (CVE-ID: CVE-2025-71069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_rename() function in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
123) Use-after-free (CVE-ID: CVE-2025-71071)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_iommu_mm_dts_parse(), mtk_iommu_probe() and mtk_iommu_remove() functions in drivers/iommu/mtk_iommu.c. A local user can escalate privileges on the system.
124) Race condition (CVE-ID: CVE-2025-71075)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the asd_pci_remove() function in drivers/scsi/aic94xx/aic94xx_init.c. A local user can escalate privileges on the system.
125) Out-of-bounds read (CVE-ID: CVE-2025-71077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/tpm.h. A local user can perform a denial of service (DoS) attack.
126) Resource management error (CVE-ID: CVE-2025-71078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the preload_age() function in arch/powerpc/mm/book3s64/slb.c. A local user can perform a denial of service (DoS) attack.
127) Improper locking (CVE-ID: CVE-2025-71079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() and nfc_unregister_device() functions in net/nfc/core.c. A local user can perform a denial of service (DoS) attack.
128) Memory leak (CVE-ID: CVE-2025-71081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_sai_sub_parse_of(), stm32_sai_sub_probe() and stm32_sai_sub_remove() functions in sound/soc/stm/stm32_sai_sub.c. A local user can perform a denial of service (DoS) attack.
129) Use-after-free (CVE-ID: CVE-2025-71082)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btusb_probe() and btusb_disconnect() functions in drivers/bluetooth/btusb.c. A local user can escalate privileges on the system.
130) NULL pointer dereference (CVE-ID: CVE-2025-71083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ttm_bo_vm_access() function in drivers/gpu/drm/ttm/ttm_bo_vm.c. A local user can perform a denial of service (DoS) attack.
131) Improper resource shutdown or release (CVE-ID: CVE-2025-71084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the destroy_mc() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
132) Resource management error (CVE-ID: CVE-2025-71085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the calipso_skbuff_setattr() function in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
133) Memory leak (CVE-ID: CVE-2025-71086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rose_kill_by_device() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.
134) Off-by-one (CVE-ID: CVE-2025-71087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the iavf_config_rss_reg() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
135) Improper locking (CVE-ID: CVE-2025-71088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the subflow_state_change() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
136) Improper error handling (CVE-ID: CVE-2025-71091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __team_queue_override_enabled_check() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
137) Buffer overflow (CVE-ID: CVE-2025-71093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the e1000_tbi_should_accept() function in drivers/net/ethernet/intel/e1000/e1000_main.c. A local user can escalate privileges on the system.
138) Resource management error (CVE-ID: CVE-2025-71094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the asix_read_phy_addr() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
139) Race condition (CVE-ID: CVE-2025-71095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the MODULE_PARM_DESC(), stmmac_xdp_get_tx_queue(), stmmac_xdp_xmit_back() and stmmac_rx_zc() functions in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
140) NULL pointer dereference (CVE-ID: CVE-2025-71096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ib_nl_handle_ip_res_resp() function in drivers/infiniband/core/addr.c. A local user can perform a denial of service (DoS) attack.
141) Memory leak (CVE-ID: CVE-2025-71097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fib_table_flush() function in net/ipv4/fib_trie.c. A local user can perform a denial of service (DoS) attack.
142) Improper error handling (CVE-ID: CVE-2025-71098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ip6gre_header() function in net/ipv6/ip6_gre.c. A local user can perform a denial of service (DoS) attack.
143) Input validation error (CVE-ID: CVE-2025-71102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the scs_check_usage() function in kernel/scs.c. A local user can perform a denial of service (DoS) attack.
144) Improper locking (CVE-ID: CVE-2025-71104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the advance_periodic_target_expiration() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
145) Resource management error (CVE-ID: CVE-2025-71105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fs/f2fs/xattr.h. A local user can perform a denial of service (DoS) attack.
146) Input validation error (CVE-ID: CVE-2025-71108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ucsi_init() function in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
147) Race condition (CVE-ID: CVE-2025-71111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/hwmon/w83791d.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
148) Out-of-bounds read (CVE-ID: CVE-2025-71112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hclge_set_vlan_filter() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
149) Use of uninitialized resource (CVE-ID: CVE-2025-71113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the rng_accept_parent() function in crypto/algif_rng.c. A local user can perform a denial of service (DoS) attack.
150) Buffer overflow (CVE-ID: CVE-2025-71114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the wdt_probe() function in drivers/watchdog/via_wdt.c. A local user can perform a denial of service (DoS) attack.
151) Out-of-bounds read (CVE-ID: CVE-2025-71116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_pool() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
152) NULL pointer dereference (CVE-ID: CVE-2025-71118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ns_walk_namespace() function in drivers/acpi/acpica/nswalk.c. A local user can perform a denial of service (DoS) attack.
153) Resource management error (CVE-ID: CVE-2025-71119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kexec_prepare_cpus_wait() and wake_offline_cpus() functions in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
154) NULL pointer dereference (CVE-ID: CVE-2025-71120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
155) Input validation error (CVE-ID: CVE-2025-71121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gsc_set_affinity_irq() function in drivers/parisc/gsc.c. A local user can perform a denial of service (DoS) attack.
156) Memory leak (CVE-ID: CVE-2025-71123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_apply_sb_mount_options() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
157) NULL pointer dereference (CVE-ID: CVE-2025-71125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_event_reg() function in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
158) Improper locking (CVE-ID: CVE-2025-71126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __mptcp_retrans() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
159) Resource management error (CVE-ID: CVE-2025-71127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_rx_h_mgmt_check() function in net/mac80211/rx.c. A local user can perform a denial of service (DoS) attack.
160) NULL pointer dereference (CVE-ID: CVE-2025-71130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eb_lookup_vmas(), i915_gem_do_execbuffer() and i915_gem_execbuffer2_ioctl() functions in drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c. A local user can perform a denial of service (DoS) attack.
161) Double free (CVE-ID: CVE-2025-71131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the seqiv_aead_encrypt() function in crypto/seqiv.c. A local user can perform a denial of service (DoS) attack.
162) Memory leak (CVE-ID: CVE-2025-71132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smc_rcv() function in drivers/net/ethernet/smsc/smc91x.c. A local user can perform a denial of service (DoS) attack.
163) Out-of-bounds read (CVE-ID: CVE-2025-71133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the irdma_net_event() function in drivers/infiniband/hw/irdma/utils.c. A local user can perform a denial of service (DoS) attack.
164) Out-of-bounds read (CVE-ID: CVE-2025-71136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the adv7842_cp_log_status() function in drivers/media/i2c/adv7842.c. A local user can perform a denial of service (DoS) attack.
165) Out-of-bounds read (CVE-ID: CVE-2025-71137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the otx2_set_ringparam() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c. A local user can perform a denial of service (DoS) attack.
166) Memory leak (CVE-ID: CVE-2025-71147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_load_cmd() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
167) Resource management error (CVE-ID: CVE-2025-71149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_poll_remove() function in io_uring/poll.c. A local user can perform a denial of service (DoS) attack.
168) Memory leak (CVE-ID: CVE-2025-71150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ksmbd_session_lookup_all() function in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.
169) Memory leak (CVE-ID: CVE-2025-71154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the async_set_registers() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
170) Use-after-free (CVE-ID: CVE-2025-71162)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tegra_adma_stop() and tegra_adma_probe() functions in drivers/dma/tegra210-adma.c. A local user can escalate privileges on the system.
171) Memory leak (CVE-ID: CVE-2025-71163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the unbind_store() and bind_store() functions in drivers/dma/idxd/compat.c. A local user can perform a denial of service (DoS) attack.
172) Improper locking (CVE-ID: CVE-2025-71180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the interrupt_cnt_probe() function in drivers/counter/interrupt-cnt.c. A local user can perform a denial of service (DoS) attack.
173) Improper locking (CVE-ID: CVE-2025-71182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the j1939_session_activate() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
174) Infinite loop (CVE-ID: CVE-2025-71183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the copy_inode_items_to_log() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
175) Memory leak (CVE-ID: CVE-2025-71185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ti_am335x_xbar_route_allocate() function in drivers/dma/ti/dma-crossbar.c. A local user can perform a denial of service (DoS) attack.
176) Memory leak (CVE-ID: CVE-2025-71186)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_dmamux_route_allocate() function in drivers/dma/stm32-dmamux.c. A local user can perform a denial of service (DoS) attack.
177) Memory leak (CVE-ID: CVE-2025-71189)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rzn1_dmamux_route_allocate() function in drivers/dma/dw/rzn1-dmamux.c. A local user can perform a denial of service (DoS) attack.
178) Memory leak (CVE-ID: CVE-2025-71190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sba_probe() and sba_remove() functions in drivers/dma/bcm-sba-raid.c. A local user can perform a denial of service (DoS) attack.
179) Memory leak (CVE-ID: CVE-2025-71191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atc_alloc_chan_resources() and atc_free_chan_resources() functions in drivers/dma/at_hdmac.c. A local user can perform a denial of service (DoS) attack.
180) Double free (CVE-ID: CVE-2025-71192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ac97_adapter_release(), ac97_add_adapter() and snd_ac97_controller_register() functions in sound/ac97/bus.c. A local user can perform a denial of service (DoS) attack.
181) Improper locking (CVE-ID: CVE-2025-71194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_transaction_blocked(), start_transaction() and btrfs_wait_for_commit() functions in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.
182) Out-of-bounds read (CVE-ID: CVE-2025-71196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stm32_usbphyc_probe() function in drivers/phy/st/phy-stm32-usbphyc.c. A local user can perform a denial of service (DoS) attack.
183) Off-by-one (CVE-ID: CVE-2025-71197)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the alarms_store() function in drivers/w1/slaves/w1_therm.c. A local user can perform a denial of service (DoS) attack.
184) Use-after-free (CVE-ID: CVE-2025-71199)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the at91_adc_remove() function in drivers/iio/adc/at91-sama5d2_adc.c. A local user can escalate privileges on the system.
185) NULL pointer dereference (CVE-ID: CVE-2026-22976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qfq_reset_qdisc() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
186) Memory leak (CVE-ID: CVE-2026-22977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sock_enable_timestamp() and sock_recv_errqueue() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
187) Buffer overflow (CVE-ID: CVE-2026-22978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the compat_private_call() function in net/wireless/wext-priv.c. A local user can perform a denial of service (DoS) attack.
188) Memory leak (CVE-ID: CVE-2026-22979)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the skb_segment_list() function in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
189) Use-after-free (CVE-ID: CVE-2026-22980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/nfsd/state.h. A local user can escalate privileges on the system.
190) NULL pointer dereference (CVE-ID: CVE-2026-22982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocelot_set_aggr_pgids() function in drivers/net/ethernet/mscc/ocelot.c. A local user can perform a denial of service (DoS) attack.
191) Out-of-bounds read (CVE-ID: CVE-2026-22984)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the process_auth_done() function in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
192) Input validation error (CVE-ID: CVE-2026-22990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the osdmap_apply_incremental() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
193) Use-after-free (CVE-ID: CVE-2026-22991)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_choose_arg_map() function in net/ceph/osdmap.c. A local user can escalate privileges on the system.
194) NULL pointer dereference (CVE-ID: CVE-2026-22992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mon_handle_auth_done() function in net/ceph/mon_client.c. A local user can perform a denial of service (DoS) attack.
195) Memory leak (CVE-ID: CVE-2026-22994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bpf_prog_test_run_xdp() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.
196) Memory leak (CVE-ID: CVE-2026-22997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the j1939_xtp_rx_rts_session_active() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
197) NULL pointer dereference (CVE-ID: CVE-2026-22998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_handle_h2c_data_pdu() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
198) Use-after-free (CVE-ID: CVE-2026-22999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qfq_change_class() function in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
199) Use-after-free (CVE-ID: CVE-2026-23001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macvlan_hash_lookup_source(), macvlan_hash_add_source(), macvlan_hash_add(), macvlan_flush_sources(), macvlan_forward_source() and macvlan_fill_info_macaddr() functions in drivers/net/macvlan.c. A local user can escalate privileges on the system.
200) Use of uninitialized resource (CVE-ID: CVE-2026-23003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.
201) Resource management error (CVE-ID: CVE-2026-23005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_vcpu_ioctl_x86_get_xsave() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
202) NULL pointer dereference (CVE-ID: CVE-2026-23006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the adcx140_pwr_ctrl() function in sound/soc/codecs/tlv320adcx140.c. A local user can perform a denial of service (DoS) attack.
203) Use-after-free (CVE-ID: CVE-2026-23010)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inet6_addr_del() function in net/ipv6/addrconf.c. A local user can escalate privileges on the system.
204) Improper error handling (CVE-ID: CVE-2026-23011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ipgre_header() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
205) NULL pointer dereference (CVE-ID: CVE-2026-23019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prestera_devlink_alloc() function in drivers/net/ethernet/marvell/prestera/prestera_devlink.c. A local user can perform a denial of service (DoS) attack.
206) NULL pointer dereference (CVE-ID: CVE-2026-23020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vortex_probe1() function in drivers/net/ethernet/3com/3c59x.c. A local user can perform a denial of service (DoS) attack.
207) Memory leak (CVE-ID: CVE-2026-23021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the update_eth_regs_async() function in drivers/net/usb/pegasus.c. A local user can perform a denial of service (DoS) attack.
208) Improper locking (CVE-ID: CVE-2026-23025)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __pcp_trylock_noop(), rmqueue_bulk(), decay_pcp_high(), drain_zone_pages(), drain_pages_zone() and zone_pcp_update_cacheinfo() functions in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
209) Memory leak (CVE-ID: CVE-2026-23026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the function in drivers/dma/qcom/gpi.c. A local user can perform a denial of service (DoS) attack.
210) Double free (CVE-ID: CVE-2026-23030)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the rockchip_usb2phy_probe() function in drivers/phy/rockchip/phy-rockchip-inno-usb2.c. A local user can perform a denial of service (DoS) attack.
211) Memory leak (CVE-ID: CVE-2026-23031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gs_usb_receive_bulk_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
212) Memory leak (CVE-ID: CVE-2026-23033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the omap_dma_probe() function in drivers/dma/ti/omap-dma.c. A local user can perform a denial of service (DoS) attack.
213) Memory leak (CVE-ID: CVE-2026-23037)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the es58x_alloc_rx_urbs() function in drivers/net/can/usb/etas_es58x/es58x_core.c. A local user can perform a denial of service (DoS) attack.
214) Memory leak (CVE-ID: CVE-2026-23038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_ff_alloc_deviceid_node() function in fs/nfs/flexfilelayout/flexfilelayoutdev.c. A local user can perform a denial of service (DoS) attack.
215) Input validation error (CVE-ID: CVE-2026-23047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the calc_target() function in net/ceph/osd_client.c. A local user can perform a denial of service (DoS) attack.
216) Resource management error (CVE-ID: CVE-2026-23049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/gpu/drm/panel/panel-simple.c. A local user can perform a denial of service (DoS) attack.
217) Buffer overflow (CVE-ID: CVE-2026-23054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netvsc_set_rxfh() function in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
218) Improper error handling (CVE-ID: CVE-2026-23056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the uacce_vma_close() function in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
219) Memory leak (CVE-ID: CVE-2026-23058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ems_usb_read_bulk_callback() function in drivers/net/can/usb/ems_usb.c. A local user can perform a denial of service (DoS) attack.
220) NULL pointer dereference (CVE-ID: CVE-2026-23060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.
221) Memory leak (CVE-ID: CVE-2026-23061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvaser_usb_read_bulk_callback() function in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c. A local user can perform a denial of service (DoS) attack.
222) NULL pointer dereference (CVE-ID: CVE-2026-23063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uacce_start_queue() and uacce_fops_unl_ioctl() functions in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
223) NULL pointer dereference (CVE-ID: CVE-2026-23064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcf_ife_encode() function in net/sched/act_ife.c. A local user can perform a denial of service (DoS) attack.
224) Double free (CVE-ID: CVE-2026-23068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the sprd_adi_probe() function in drivers/spi/spi-sprd-adi.c. A local user can perform a denial of service (DoS) attack.
225) Integer underflow (CVE-ID: CVE-2026-23069)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the virtio_transport_get_credit(), virtio_transport_seqpacket_has_data(), virtio_transport_stream_has_space() and virtio_transport_space_update() functions in net/vmw_vsock/virtio_transport_common.c. A local user can execute arbitrary code.
226) Improper locking (CVE-ID: CVE-2026-23071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the regmap_lock_hwlock_irq() function in drivers/base/regmap/regmap.c. A local user can perform a denial of service (DoS) attack.
227) Buffer overflow (CVE-ID: CVE-2026-23073)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rsi_mac80211_attach() function in drivers/net/wireless/rsi/rsi_91x_mac80211.c. A local user can escalate privileges on the system.
228) Use-after-free (CVE-ID: CVE-2026-23074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.
229) Memory leak (CVE-ID: CVE-2026-23075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the esd_usb_read_bulk_callback() function in drivers/net/can/usb/esd_usb.c. A local user can perform a denial of service (DoS) attack.
230) Out-of-bounds read (CVE-ID: CVE-2026-23076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amixer_rsc_init() and sum_rsc_init() functions in sound/pci/ctxfi/ctamixer.c. A local user can perform a denial of service (DoS) attack.
231) Buffer overflow (CVE-ID: CVE-2026-23078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scarlett2_usb_get_config() function in sound/usb/mixer_scarlett2.c. A local user can escalate privileges on the system.
232) Memory leak (CVE-ID: CVE-2026-23080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mcba_usb_read_bulk_callback() function in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.
233) Input validation error (CVE-ID: CVE-2026-23083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in net/ipv4/fou_nl.c. A local user can perform a denial of service (DoS) attack.
234) NULL pointer dereference (CVE-ID: CVE-2026-23084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_cmd_get_perm_mac() function in drivers/net/ethernet/emulex/benet/be_cmds.c. A local user can perform a denial of service (DoS) attack.
235) Resource management error (CVE-ID: CVE-2026-23085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the its_build_mapd_cmd(), its_build_vmapp_cmd() and its_setup_baser() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
236) Use-after-free (CVE-ID: CVE-2026-23086)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_seqpacket_dequeue(), virtio_transport_seqpacket_enqueue() and virtio_transport_has_space() functions in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
237) Memory leak (CVE-ID: CVE-2026-23087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scsiback_remove() function in drivers/xen/xen-scsiback.c. A local user can perform a denial of service (DoS) attack.
238) Use-after-free (CVE-ID: CVE-2026-23089)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the parse_audio_unit() function in sound/usb/mixer.c. A local user can escalate privileges on the system.
239) Memory leak (CVE-ID: CVE-2026-23090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the slim_get_device() and slim_device_report_present() functions in drivers/slimbus/core.c. A local user can perform a denial of service (DoS) attack.
240) Memory leak (CVE-ID: CVE-2026-23091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_th_output_open() function in drivers/hwtracing/intel_th/core.c. A local user can perform a denial of service (DoS) attack.
241) Input validation error (CVE-ID: CVE-2026-23093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the get_sg_list() and smb_direct_post_send_data() functions in fs/smb/server/transport_rdma.c. A local user can perform a denial of service (DoS) attack.
242) Memory leak (CVE-ID: CVE-2026-23095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gue_udp_recv() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.
243) Improper resource shutdown or release (CVE-ID: CVE-2026-23096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the EXPORT_SYMBOL_GPL() and uacce_register() functions in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
244) Improper locking (CVE-ID: CVE-2026-23097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the unmap_and_move_huge_page() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
245) NULL pointer dereference (CVE-ID: CVE-2026-23098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nr_route_frame() function in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
246) Out-of-bounds read (CVE-ID: CVE-2026-23099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_enslave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
247) Use of uninitialized resource (CVE-ID: CVE-2026-23101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the led_classdev_register_ext() function in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.
248) Out-of-bounds read (CVE-ID: CVE-2026-23102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the restore_sve_fpsimd_context() function in arch/arm64/kernel/signal.c. A local user can perform a denial of service (DoS) attack.
249) Improper locking (CVE-ID: CVE-2026-23103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_port_create(), ipvlan_uninit(), ipvlan_open(), ipvlan_stop(), ipvlan_link_new(), ipvlan_link_delete(), ipvlan_add_addr(), ipvlan_del_addr(), ipvlan_add_addr6(), ipvlan_addr6_validator_event() and ipvlan_addr4_validator_event() functions in drivers/net/ipvlan/ipvlan_main.c. A local user can perform a denial of service (DoS) attack.
250) Input validation error (CVE-ID: CVE-2026-23105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qfq_rm_from_agg() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
251) NULL pointer dereference (CVE-ID: CVE-2026-23107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the restore_za_context() function in arch/arm64/kernel/signal.c. A local user can perform a denial of service (DoS) attack.
252) Memory leak (CVE-ID: CVE-2026-23108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_8dev_read_bulk_callback() function in drivers/net/can/usb/usb_8dev.c. A local user can perform a denial of service (DoS) attack.
253) Race condition (CVE-ID: CVE-2026-23110)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the scsi_dec_host_busy() function in drivers/scsi/scsi_lib.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.