SB2026021239 - Ubuntu update for linux-gcp
Published: February 12, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 366 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2025-68734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the setup_instance() and hfcsusb_probe() functions in drivers/isdn/hardware/mISDN/hfcsusb.c. A local user can perform a denial of service (DoS) attack.
2) Improper locking (CVE-ID: CVE-2025-68322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the unwind_special() and unwind_frame_regs() functions in arch/parisc/kernel/unwind.c. A local user can perform a denial of service (DoS) attack.
3) Buffer overflow (CVE-ID: CVE-2025-68321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __page_pool_alloc_pages_slow() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
4) Improper locking (CVE-ID: CVE-2025-68320)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lan966x_es0_read_esdx_counter() and lan966x_es0_write_esdx_counter() functions in drivers/net/ethernet/microchip/lan966x/lan966x_vcap_impl.c. A local user can perform a denial of service (DoS) attack.
5) Improper locking (CVE-ID: CVE-2025-68319)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the userdatum_value_store(), sysdata_msgid_enabled_store(), sysdata_release_enabled_store(), sysdata_taskname_enabled_store() and sysdata_cpu_nr_enabled_store() functions in drivers/net/netconsole.c. A local user can perform a denial of service (DoS) attack.
6) Input validation error (CVE-ID: CVE-2025-68318)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CCU_GATE() function in drivers/clk/thead/clk-th1520-ap.c. A local user can perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2025-68317)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in io_uring/notif.c. A local user can perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2025-68316)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ufshcd_add_scsi_host() and ufshcd_init() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2025-68315)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/linux/f2fs_fs.h. A local user can perform a denial of service (DoS) attack.
10) Improper locking (CVE-ID: CVE-2025-68314)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the submit_attach_object_fences() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
11) Input validation error (CVE-ID: CVE-2025-68313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
12) Resource management error (CVE-ID: CVE-2025-68312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
13) Input validation error (CVE-ID: CVE-2025-68311)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip22zilog_transmit_chars() and __ip22zilog_reset() functions in drivers/tty/serial/ip22zilog.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2025-68310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the zpci_event_attempt_error_recovery() function in arch/s390/pci/pci_event.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2025-68309)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_aer_init() function in drivers/pci/pcie/aer.c. A local user can perform a denial of service (DoS) attack.
16) Incorrect calculation (CVE-ID: CVE-2025-68253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the add_stack_record_to_list() function in mm/page_owner.c. A local user can perform a denial of service (DoS) attack.
17) Infinite loop (CVE-ID: CVE-2025-68251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the z_erofs_load_full_lcluster() and z_erofs_load_compact_lcluster() functions in fs/erofs/zmap.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2025-68250)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/linux/hung_task.h. A local user can perform a denial of service (DoS) attack.
19) Use of uninitialized resource (CVE-ID: CVE-2025-68249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hdm_probe() function in drivers/most/most_usb.c. A local user can perform a denial of service (DoS) attack.
20) Resource management error (CVE-ID: CVE-2025-68248)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmballoon_migratepage() function in drivers/misc/vmw_balloon.c. A local user can perform a denial of service (DoS) attack.
21) Memory leak (CVE-ID: CVE-2025-68247)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the do_timer_create() function in kernel/time/posix-timers.c. A local user can perform a denial of service (DoS) attack.
22) Memory leak (CVE-ID: CVE-2025-68246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ksmbd_kthread_fn() function in fs/smb/server/transport_tcp.c. A local user can perform a denial of service (DoS) attack.
23) Memory leak (CVE-ID: CVE-2025-68245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __netpoll_cleanup() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
24) Improper locking (CVE-ID: CVE-2025-68244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i915_vma_pin_ww() function in drivers/gpu/drm/i915/i915_vma.c. A local user can perform a denial of service (DoS) attack.
25) Input validation error (CVE-ID: CVE-2025-68243)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_match_client() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.
26) Improper privilege management (CVE-ID: CVE-2025-68242)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the nfs_setattr() function in fs/nfs/inode.c. A local user can read and manipulate data.
27) Memory leak (CVE-ID: CVE-2025-68241)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fnhe_remove_oldest() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
28) Improper locking (CVE-ID: CVE-2025-68240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_destroy() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
29) Resource management error (CVE-ID: CVE-2025-68239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bm_register_write() function in fs/binfmt_misc.c. A local user can perform a denial of service (DoS) attack.
30) Improper locking (CVE-ID: CVE-2025-68211)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the should_skip_rmap_item() and scan_get_next_rmap_item() functions in mm/ksm.c. A local user can perform a denial of service (DoS) attack.
31) Infinite loop (CVE-ID: CVE-2025-68210)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the z_erofs_zstd_decompress() function in fs/erofs/decompressor_zstd.c. A local user can perform a denial of service (DoS) attack.
32) NULL pointer dereference (CVE-ID: CVE-2025-68209)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mlx5/cq.h. A local user can perform a denial of service (DoS) attack.
33) Out-of-bounds read (CVE-ID: CVE-2025-68208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the widen_imprecise_scalars() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
34) Input validation error (CVE-ID: CVE-2025-68207)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the guc_ct_fini() function in drivers/gpu/drm/xe/xe_guc_ct.c. A local user can perform a denial of service (DoS) attack.
35) Resource management error (CVE-ID: CVE-2025-68206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_ct_helper_obj_eval() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
36) NULL pointer dereference (CVE-ID: CVE-2025-68205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvhdmi_mcp_probe() function in sound/hda/codecs/hdmi/nvhdmi-mcp.c. A local user can perform a denial of service (DoS) attack.
37) Memory leak (CVE-ID: CVE-2025-68204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_pd_power_off() and scmi_pm_domain_probe() functions in drivers/firmware/arm_scmi/scmi_pm_domain.c. A local user can perform a denial of service (DoS) attack.
38) Improper locking (CVE-ID: CVE-2025-68202)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the scx_dump_state() function in kernel/sched/ext.c. A local user can perform a denial of service (DoS) attack.
39) Input validation error (CVE-ID: CVE-2025-68201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gfx_v12_0_ring_emit_ib_gfx() function in drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c. A local user can perform a denial of service (DoS) attack.
40) Resource management error (CVE-ID: CVE-2025-68200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cls_bpf_classify() function in net/sched/cls_bpf.c. A local user can perform a denial of service (DoS) attack.
41) Improper locking (CVE-ID: CVE-2025-68199)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mark_objexts_empty() function in mm/slub.c. A local user can perform a denial of service (DoS) attack.
42) NULL pointer dereference (CVE-ID: CVE-2025-68198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __crash_shrink_memory() function in kernel/crash_core.c. A local user can perform a denial of service (DoS) attack.
43) NULL pointer dereference (CVE-ID: CVE-2025-68197)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnxt/bnxt.h. A local user can perform a denial of service (DoS) attack.
44) Incorrect calculation (CVE-ID: CVE-2025-68196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dp_retrain_link_dp_test() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c. A local user can perform a denial of service (DoS) attack.
45) Improper locking (CVE-ID: CVE-2025-68194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the send_packet(), usb_rx_callback_intf0() and usb_rx_callback_intf1() functions in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.
46) Use-after-free (CVE-ID: CVE-2025-68193)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/gpu/drm/xe/xe_guc_ct.h. A local user can escalate privileges on the system.
47) Input validation error (CVE-ID: CVE-2025-68192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
48) Improper error handling (CVE-ID: CVE-2025-68191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the udp_tunnel_nic_netdevice_event() function in net/ipv4/udp_tunnel_nic.c. A local user can perform a denial of service (DoS) attack.
49) NULL pointer dereference (CVE-ID: CVE-2025-68190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atom_execute_table_locked() function in drivers/gpu/drm/amd/amdgpu/atom.c. A local user can perform a denial of service (DoS) attack.
50) Resource management error (CVE-ID: CVE-2025-68189)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the msm_gem_free_object() function in drivers/gpu/drm/msm/msm_gem.c. A local user can perform a denial of service (DoS) attack.
51) Use-after-free (CVE-ID: CVE-2025-68188)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_fastopen_active_disable_ofo_check() function in net/ipv4/tcp_fastopen.c. A local user can escalate privileges on the system.
52) NULL pointer dereference (CVE-ID: CVE-2025-68187)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the airoha_mdio_probe() function in drivers/net/mdio/mdio-airoha.c. A local user can perform a denial of service (DoS) attack.
53) Improper error handling (CVE-ID: CVE-2025-68186)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ring_buffer_map_get_reader() function in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
54) Improper locking (CVE-ID: CVE-2025-68185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs4_setup_readdir() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
55) Improper locking (CVE-ID: CVE-2025-68184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_plane_format_mod_supported() function in drivers/gpu/drm/mediatek/mtk_plane.c. A local user can perform a denial of service (DoS) attack.
56) Buffer overflow (CVE-ID: CVE-2025-68183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ima_protect_xattr(), ima_reset_appraise_flags(), ima_inode_setxattr() and ima_inode_set_acl() functions in security/integrity/ima/ima_appraise.c. A local user can perform a denial of service (DoS) attack.
57) Use-after-free (CVE-ID: CVE-2025-68182)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iwl_mld_remove_link() function in drivers/net/wireless/intel/iwlwifi/mld/link.c. A local user can escalate privileges on the system.
58) Use-after-free (CVE-ID: CVE-2025-68181)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the radeon_pci_probe() function in drivers/gpu/drm/radeon/radeon_drv.c. A local user can escalate privileges on the system.
59) NULL pointer dereference (CVE-ID: CVE-2025-68180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the odm_combine_segments_show() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.
60) Buffer overflow (CVE-ID: CVE-2025-68179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the function in arch/s390/Kconfig. A local user can perform a denial of service (DoS) attack.
61) Improper locking (CVE-ID: CVE-2025-68178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blkg_conf_prep() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
62) NULL pointer dereference (CVE-ID: CVE-2025-68177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the longhaul_exit() function in drivers/cpufreq/longhaul.c. A local user can perform a denial of service (DoS) attack.
63) NULL pointer dereference (CVE-ID: CVE-2025-68176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/pci/controller/cadence/pcie-cadence.h. A local user can perform a denial of service (DoS) attack.
64) Resource management error (CVE-ID: CVE-2025-68175)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mxc_isi_video_init_channel(), mxc_isi_vb2_stop_streaming(), mxc_isi_video_s_fmt() and mxc_isi_video_release() functions in drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c. A local user can perform a denial of service (DoS) attack.
65) Incorrect calculation (CVE-ID: CVE-2025-68174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the kfd_process_destroy_pdds() and kfd_create_process_device_data() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.
66) Improper locking (CVE-ID: CVE-2025-68173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ftrace_module_enable() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
67) Double free (CVE-ID: CVE-2025-68172)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the aspeed_acry_probe() and aspeed_acry_remove() functions in drivers/crypto/aspeed/aspeed-acry.c. A local user can perform a denial of service (DoS) attack.
68) Resource management error (CVE-ID: CVE-2025-68171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fpu__clear_user_states() function in arch/x86/kernel/fpu/core.c. A local user can perform a denial of service (DoS) attack.
69) Buffer overflow (CVE-ID: CVE-2025-68170)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the radeon_driver_unload_kms() function in drivers/gpu/drm/radeon/radeon_kms.c. A local user can perform a denial of service (DoS) attack.
70) Improper locking (CVE-ID: CVE-2025-68169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the refill_skbs() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
71) Improper locking (CVE-ID: CVE-2025-68168)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the txInit() function in fs/jfs/jfs_txnmgr.c. A local user can perform a denial of service (DoS) attack.
72) NULL pointer dereference (CVE-ID: CVE-2025-68167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gpiolib_seq_start() and gpiolib_seq_next() functions in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.
73) Resource management error (CVE-ID: CVE-2025-40363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ah6_output_done() and ah6_output() functions in net/ipv6/ah6.c. A local user can perform a denial of service (DoS) attack.
74) NULL pointer dereference (CVE-ID: CVE-2025-40362)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ceph/super.h. A local user can perform a denial of service (DoS) attack.
75) NULL pointer dereference (CVE-ID: CVE-2025-40360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL() function in drivers/gpu/drm/drm_gem_atomic_helper.c. A local user can perform a denial of service (DoS) attack.
76) Out-of-bounds read (CVE-ID: CVE-2025-40359)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __grt_latency_data() function in arch/x86/events/intel/ds.c. A local user can perform a denial of service (DoS) attack.
77) Out-of-bounds read (CVE-ID: CVE-2025-40358)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the walk_stackframe() function in arch/riscv/kernel/stacktrace.c. A local user can perform a denial of service (DoS) attack.
78) Resource management error (CVE-ID: CVE-2025-40357)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in net/smc/smc_inet.c. A local user can perform a denial of service (DoS) attack.
79) Buffer overflow (CVE-ID: CVE-2025-40356)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rockchip_sfc_probe() and rockchip_sfc_remove() functions in drivers/spi/spi-rockchip-sfc.c. A local user can perform a denial of service (DoS) attack.
80) Input validation error (CVE-ID: CVE-2025-40355)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the compat_only_sysfs_link_entry_to_kobj(), sysfs_group_attrs_change_owner() and sysfs_group_change_owner() functions in fs/sysfs/group.c. A local user can perform a denial of service (DoS) attack.
81) NULL pointer dereference (CVE-ID: CVE-2025-40354)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h. A local user can perform a denial of service (DoS) attack.
82) Buffer overflow (CVE-ID: CVE-2025-40353)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the copy_highpage() function in arch/arm64/mm/copypage.c. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2025-40352)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlxbf_pmc_init_perftype_counter() function in drivers/platform/mellanox/mlxbf-pmc.c. A local user can perform a denial of service (DoS) attack.
84) Improper locking (CVE-ID: CVE-2025-40351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_iget() function in fs/hfsplus/super.c. A local user can perform a denial of service (DoS) attack.
85) Resource management error (CVE-ID: CVE-2025-40350)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlx5e_skb_from_cqe_mpwrq_nonlinear() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
86) Out-of-bounds read (CVE-ID: CVE-2025-40349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/hfsplus/hfsplus_fs.h. A local user can perform a denial of service (DoS) attack.
87) Improper locking (CVE-ID: CVE-2025-40347)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enetc_clean_rx_ring(), enetc_clean_rx_ring_xdp() and enetc_poll() functions in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.
88) NULL pointer dereference (CVE-ID: CVE-2025-40346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the topology_parse_cpu_capacity() function in drivers/base/arch_topology.c. A local user can perform a denial of service (DoS) attack.
89) Use-after-free (CVE-ID: CVE-2025-40344)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the avs_dai_fe_shutdown() function in sound/soc/intel/avs/pcm.c. A local user can escalate privileges on the system.
90) Improper locking (CVE-ID: CVE-2025-40343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_fc_delete_assoc_work() and nvmet_fc_delete_target_assoc() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
91) Improper locking (CVE-ID: CVE-2025-40342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_create_association() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
92) Memory leak (CVE-ID: CVE-2025-40341)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the SYSCALL_DEFINE2(), SYSCALL_DEFINE3() and COMPAT_SYSCALL_DEFINE3() functions in kernel/futex/syscalls.c. A local user can perform a denial of service (DoS) attack.
93) Improper locking (CVE-ID: CVE-2025-40340)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xe_gem_fault() function in drivers/gpu/drm/xe/xe_bo.c. A local user can perform a denial of service (DoS) attack.
94) Input validation error (CVE-ID: CVE-2025-40339)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the amdgpu_amdkfd_gpuvm_restore_process_bos() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c. A local user can perform a denial of service (DoS) attack.
95) Use-after-free (CVE-ID: CVE-2025-40338)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the avs_soc_component_register() function in sound/soc/intel/avs/pcm.c. A local user can escalate privileges on the system.
96) Input validation error (CVE-ID: CVE-2025-40337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the stmmac_rx() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
97) Input validation error (CVE-ID: CVE-2025-40336)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drm_gpusvm_range_alloc(), drm_gpusvm_check_pages() and drm_gpusvm_range_get_pages() functions in drivers/gpu/drm/drm_gpusvm.c. A local user can perform a denial of service (DoS) attack.
98) Input validation error (CVE-ID: CVE-2025-40335)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mes_userq_mqd_create() function in drivers/gpu/drm/amd/amdgpu/mes_userqueue.c. A local user can perform a denial of service (DoS) attack.
99) Buffer overflow (CVE-ID: CVE-2025-40334)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mes_userq_mqd_create() function in drivers/gpu/drm/amd/amdgpu/mes_userqueue.c. A local user can perform a denial of service (DoS) attack.
100) Improper error handling (CVE-ID: CVE-2025-40333)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __insert_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
101) Improper locking (CVE-ID: CVE-2025-40332)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the svm_range_restore_pages() function in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
102) Out-of-bounds read (CVE-ID: CVE-2025-40331)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the inet_diag_msg_sctpladdrs_fill() function in net/sctp/diag.c. A local user can perform a denial of service (DoS) attack.
103) Resource management error (CVE-ID: CVE-2025-40330)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_shutdown() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
104) Improper locking (CVE-ID: CVE-2025-40329)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_sched_entity_error() and drm_sched_entity_kill_jobs_cb() functions in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
105) Use-after-free (CVE-ID: CVE-2025-40328)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the open_cached_dir(), open_cached_dir_by_dentry(), drop_cached_dir_by_name(), cached_dir_offload_close() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.
106) Improper locking (CVE-ID: CVE-2025-40327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the perf_swevent_hrtimer(), perf_swevent_cancel_hrtimer(), cpu_clock_event_update() and task_clock_event_update() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
107) Buffer overflow (CVE-ID: CVE-2025-40326)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the function in fs/nfsd/nfs4xdr.c. A local user can perform a denial of service (DoS) attack.
108) Race condition (CVE-ID: CVE-2025-40324)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the nfsd4_read() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
109) Use-after-free (CVE-ID: CVE-2025-40323)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/linux/fbcon.h. A local user can escalate privileges on the system.
110) Out-of-bounds read (CVE-ID: CVE-2025-40322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bit_putcs_aligned() and bit_putcs_unaligned() functions in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.
111) NULL pointer dereference (CVE-ID: CVE-2025-40321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h. A local user can perform a denial of service (DoS) attack.
112) Use-after-free (CVE-ID: CVE-2025-40320)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_query_info_compound() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
113) Use-after-free (CVE-ID: CVE-2025-40319)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ringbuf_map_alloc() function in kernel/bpf/ringbuf.c. A local user can escalate privileges on the system.
114) Use-after-free (CVE-ID: CVE-2025-40318)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_cmd_sync_dequeue_once() function in net/bluetooth/hci_sync.c. A local user can escalate privileges on the system.
115) Improper error handling (CVE-ID: CVE-2025-40317)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __regmap_init_slimbus() and __devm_regmap_init_slimbus() functions in drivers/base/regmap/regmap-slimbus.c. A local user can perform a denial of service (DoS) attack.
116) Memory leak (CVE-ID: CVE-2025-40316)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mtk_drm_bind() function in drivers/gpu/drm/mediatek/mtk_drm_drv.c. A local user can perform a denial of service (DoS) attack.
117) NULL pointer dereference (CVE-ID: CVE-2025-40315)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ffs_func_eps_enable() function in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
118) Use-after-free (CVE-ID: CVE-2025-40314)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions in drivers/usb/cdns3/cdnsp-gadget.c. A local user can escalate privileges on the system.
119) Input validation error (CVE-ID: CVE-2025-40313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_read_mft() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
120) Input validation error (CVE-ID: CVE-2025-40312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_iget() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
121) Input validation error (CVE-ID: CVE-2025-40311)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gaudi2_mmap() function in drivers/accel/habanalabs/gaudi2/gaudi2.c. A local user can perform a denial of service (DoS) attack.
122) NULL pointer dereference (CVE-ID: CVE-2025-40310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kgd2kfd_interrupt() function in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
123) Use-after-free (CVE-ID: CVE-2025-40309)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sco_sock_kill() function in net/bluetooth/sco.c. A local user can escalate privileges on the system.
124) NULL pointer dereference (CVE-ID: CVE-2025-40308)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bcsp_recv() function in drivers/bluetooth/hci_bcsp.c. A local user can perform a denial of service (DoS) attack.
125) Buffer overflow (CVE-ID: CVE-2025-40307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the exfat_allocate_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.
126) Memory leak (CVE-ID: CVE-2025-40306)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the convert_to_internal_xattr_flags() and orangefs_inode_getxattr() functions in fs/orangefs/xattr.c. A local user can perform a denial of service (DoS) attack.
127) Resource management error (CVE-ID: CVE-2025-40305)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the p9_poll_mux() and p9_fd_request() functions in net/9p/trans_fd.c. A local user can perform a denial of service (DoS) attack.
128) Out-of-bounds read (CVE-ID: CVE-2025-40304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bit_putcs() function in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.
129) Use-after-free (CVE-ID: CVE-2025-40303)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the write_one_eb() function in fs/btrfs/extent_io.c. A local user can escalate privileges on the system.
130) Buffer overflow (CVE-ID: CVE-2025-40302)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vb2_ioctl_remove_bufs() function in drivers/media/common/videobuf2/videobuf2-v4l2.c. A local user can perform a denial of service (DoS) attack.
131) Input validation error (CVE-ID: CVE-2025-40301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_cmd_complete_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
132) NULL pointer dereference (CVE-ID: CVE-2025-40299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_clock_nic_ts_read() and gve_ptp_do_aux_work() functions in drivers/net/ethernet/google/gve/gve_ptp.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2025-40298)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_ptp_gettimex64() function in drivers/net/ethernet/google/gve/gve_ptp.c. A local user can perform a denial of service (DoS) attack.
134) Use-after-free (CVE-ID: CVE-2025-40297)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/bridge/br_private.h. A local user can escalate privileges on the system.
135) Double free (CVE-ID: CVE-2025-40296)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the include/linux/platform_data/x86/int3472.h. A local user can perform a denial of service (DoS) attack.
136) Out-of-bounds read (CVE-ID: CVE-2025-40295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bh_get_inode_and_lblk_num() function in fs/crypto/inline_crypt.c. A local user can perform a denial of service (DoS) attack.
137) Out-of-bounds read (CVE-ID: CVE-2025-40294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_adv_monitor_pattern() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
138) Division by zero (CVE-ID: CVE-2025-40293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.
139) NULL pointer dereference (CVE-ID: CVE-2025-40292)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the page_to_skb() and receive_big() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
140) Buffer overflow (CVE-ID: CVE-2025-40291)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_estimate_bvec_size() and io_import_reg_vec() functions in io_uring/rsrc.c. A local user can perform a denial of service (DoS) attack.
141) Input validation error (CVE-ID: CVE-2025-40289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the amdgpu_vram_attrs_is_visible() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c. A local user can perform a denial of service (DoS) attack.
142) NULL pointer dereference (CVE-ID: CVE-2025-40288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_virt_write_vf2pf_data() function in drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c. A local user can perform a denial of service (DoS) attack.
143) Input validation error (CVE-ID: CVE-2025-40287)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.
144) Memory leak (CVE-ID: CVE-2025-40286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
145) Memory leak (CVE-ID: CVE-2025-40285)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb2_sess_setup() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
146) Use-after-free (CVE-ID: CVE-2025-40284)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_index_removed() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.
147) Use-after-free (CVE-ID: CVE-2025-40283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btusb_disconnect() function in drivers/bluetooth/btusb.c. A local user can escalate privileges on the system.
148) Improper error handling (CVE-ID: CVE-2025-40282)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the recv_pkt() function in net/bluetooth/6lowpan.c. A local user can perform a denial of service (DoS) attack.
149) Out-of-bounds read (CVE-ID: CVE-2025-40281)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sctp_transport_update_rto() function in net/sctp/transport.c. A local user can perform a denial of service (DoS) attack.
150) Use-after-free (CVE-ID: CVE-2025-40280)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_net_finalize_work() function in net/tipc/net.c. A local user can escalate privileges on the system.
151) Memory leak (CVE-ID: CVE-2025-40279)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_connmark_dump() function in net/sched/act_connmark.c. A local user can perform a denial of service (DoS) attack.
152) Memory leak (CVE-ID: CVE-2025-40278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_ife_dump() function in net/sched/act_ife.c. A local user can perform a denial of service (DoS) attack.
153) Out-of-bounds read (CVE-ID: CVE-2025-40277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_cmd_check() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
154) Memory leak (CVE-ID: CVE-2025-40276)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the panthor_gem_create_with_handle() function in drivers/gpu/drm/panthor/panthor_gem.c. A local user can perform a denial of service (DoS) attack.
155) NULL pointer dereference (CVE-ID: CVE-2025-40275)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_usb_mixer_controls_badd() function in sound/usb/mixer.c. A local user can perform a denial of service (DoS) attack.
156) Use-after-free (CVE-ID: CVE-2025-40274)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_gmem_bind() function in virt/kvm/guest_memfd.c. A local user can escalate privileges on the system.
157) Improper locking (CVE-ID: CVE-2025-40273)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs4_free_ol_stateid() function in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
158) Use-after-free (CVE-ID: CVE-2025-40272)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the secretmem_fault() function in mm/secretmem.c. A local user can escalate privileges on the system.
159) Use-after-free (CVE-ID: CVE-2025-40271)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pde_put(), remove_proc_entry() and remove_proc_subtree() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
160) Use-after-free (CVE-ID: CVE-2025-40270)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the swap_vma_readahead() function in mm/swap_state.c. A local user can escalate privileges on the system.
161) Input validation error (CVE-ID: CVE-2025-40269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_usb_endpoint_set_params() function in sound/usb/endpoint.c. A local user can perform a denial of service (DoS) attack.
162) Memory leak (CVE-ID: CVE-2025-40268)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
163) Memory leak (CVE-ID: CVE-2025-40267)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the io_read_mshot_prep() function in io_uring/rw.c. A local user can perform a denial of service (DoS) attack.
164) Memory leak (CVE-ID: CVE-2025-40256)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xfrm_state_free(), xfrm_state_gc_destroy() and __xfrm_state_destroy() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
165) Improper Initialization (CVE-ID: CVE-2025-40245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the find_limits() and setup_arch() functions in arch/nios2/kernel/setup.c. A local user can perform a denial of service (DoS) attack.
166) Improper locking (CVE-ID: CVE-2025-40244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfs_find_init() and hfs_brec_find() functions in fs/hfsplus/bfind.c. A local user can perform a denial of service (DoS) attack.
167) Use-after-free (CVE-ID: CVE-2025-40243)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfs_mdb_get() function in fs/hfs/mdb.c. A local user can escalate privileges on the system.
168) Improper locking (CVE-ID: CVE-2025-40242)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gdlm_put_lock() function in fs/gfs2/lock_dlm.c. A local user can perform a denial of service (DoS) attack.
169) Out-of-bounds read (CVE-ID: CVE-2025-40241)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the z_erofs_map_blocks_ext() and z_erofs_map_sanity_check() functions in fs/erofs/zmap.c. A local user can perform a denial of service (DoS) attack.
170) NULL pointer dereference (CVE-ID: CVE-2025-40240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_inq_pop() function in net/sctp/inqueue.c. A local user can perform a denial of service (DoS) attack.
171) NULL pointer dereference (CVE-ID: CVE-2025-40239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __lan8814_ptp_probe_once() function in drivers/net/phy/micrel.c. A local user can perform a denial of service (DoS) attack.
172) NULL pointer dereference (CVE-ID: CVE-2025-40238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_devcom_cleanup_mpv() and mlx5e_nic_disable() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
173) NULL pointer dereference (CVE-ID: CVE-2025-40237)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
174) Memory leak (CVE-ID: CVE-2025-40236)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.
175) NULL pointer dereference (CVE-ID: CVE-2025-40235)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_get_tree_subvol() function in fs/btrfs/super.c. A local user can perform a denial of service (DoS) attack.
176) NULL pointer dereference (CVE-ID: CVE-2025-40234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wmax_wmi_probe() function in drivers/platform/x86/dell/alienware-wmi-wmax.c. A local user can perform a denial of service (DoS) attack.
177) Incorrect calculation (CVE-ID: CVE-2025-40233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __ocfs2_move_extents_range() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
178) Improper locking (CVE-ID: CVE-2025-40231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_assign_transport() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
179) Improper error handling (CVE-ID: CVE-2025-40230)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the try_to_map_unused_to_zeropage() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
180) Memory leak (CVE-ID: CVE-2025-40229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the damon_destroy_scheme() function in mm/damon/core.c. A local user can perform a denial of service (DoS) attack.
181) Memory leak (CVE-ID: CVE-2025-40228)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the damon_sysfs_commit_input() function in mm/damon/sysfs.c. A local user can perform a denial of service (DoS) attack.
182) Memory leak (CVE-ID: CVE-2025-40227)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the damon_sysfs_commit_input() function in mm/damon/sysfs.c. A local user can perform a denial of service (DoS) attack.
183) Incorrect calculation (CVE-ID: CVE-2025-40226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the scmi_xfer_command_acquire(), scmi_handle_notification(), scmi_handle_response(), scmi_wait_for_reply() and do_xfer() functions in drivers/firmware/arm_scmi/driver.c. A local user can perform a denial of service (DoS) attack.
184) NULL pointer dereference (CVE-ID: CVE-2025-40225)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the panthor_vm_op_ctx_prealloc_vmas() function in drivers/gpu/drm/panthor/panthor_mmu.c. A local user can perform a denial of service (DoS) attack.
185) NULL pointer dereference (CVE-ID: CVE-2025-40224)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cgbc_hwmon_probe_sensors() function in drivers/hwmon/cgbc-hwmon.c. A local user can perform a denial of service (DoS) attack.
186) Use-after-free (CVE-ID: CVE-2025-40223)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the release_mdev() and hdm_disconnect() functions in drivers/most/most_usb.c. A local user can escalate privileges on the system.
187) Improper error handling (CVE-ID: CVE-2025-40222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sci_handle_fifo_overrun() function in drivers/tty/serial/sh-sci.c. A local user can perform a denial of service (DoS) attack.
188) Memory leak (CVE-ID: CVE-2025-40221)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the trigger_handler() function in drivers/media/pci/mgb4/mgb4_trigger.c. A local user can perform a denial of service (DoS) attack.
189) Improper locking (CVE-ID: CVE-2025-40220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fuse_file_release() function in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.
190) Improper locking (CVE-ID: CVE-2025-40219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sriov_add_vfs() and sriov_del_vfs() functions in drivers/pci/iov.c. A local user can perform a denial of service (DoS) attack.
191) Improper locking (CVE-ID: CVE-2025-40218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the damon_mkold_pmd_entry() and damon_young_pmd_entry() functions in mm/damon/vaddr.c. A local user can perform a denial of service (DoS) attack.
192) Input validation error (CVE-ID: CVE-2025-40217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/linux/fs.h. A local user can perform a denial of service (DoS) attack.
193) Out-of-bounds read (CVE-ID: CVE-2025-40213)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the set_mesh_complete() and set_mesh_sync() functions in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
194) Memory leak (CVE-ID: CVE-2025-40212)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfsd_set_fh_dentry() function in fs/nfsd/nfsfh.c. A local user can perform a denial of service (DoS) attack.
195) Use-after-free (CVE-ID: CVE-2025-40211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_video_bus_remove_notify_handler() function in drivers/acpi/acpi_video.c. A local user can escalate privileges on the system.
196) Incorrect calculation (CVE-ID: CVE-2025-40210)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the fs/nfsd/xdr4.h. A local user can perform a denial of service (DoS) attack.
197) Memory leak (CVE-ID: CVE-2025-40209)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_add_qgroup_relation() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
198) Integer underflow (CVE-ID: CVE-2025-40208)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the iris_core_deinit() function in drivers/media/platform/qcom/iris/iris_core.c. A local user can execute arbitrary code.
199) Input validation error (CVE-ID: CVE-2025-40207)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/media/v4l2-subdev.h. A local user can perform a denial of service (DoS) attack.
200) Input validation error (CVE-ID: CVE-2025-40206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_objref_eval() and nft_objref_map_destroy() functions in net/netfilter/nft_objref.c. A local user can perform a denial of service (DoS) attack.
201) Out-of-bounds read (CVE-ID: CVE-2025-40205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_encode_fh() function in fs/btrfs/export.c. A local user can perform a denial of service (DoS) attack.
202) Resource management error (CVE-ID: CVE-2025-40204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
203) Input validation error (CVE-ID: CVE-2025-40203)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SYSCALL_DEFINE4() and do_listmount() functions in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
204) Improper locking (CVE-ID: CVE-2025-40201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SYSCALL_DEFINE4() function in kernel/sys.c. A local user can perform a denial of service (DoS) attack.
205) Resource management error (CVE-ID: CVE-2025-40200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
206) Input validation error (CVE-ID: CVE-2025-40199)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the page_pool_dma_sync_for_device(), page_pool_dma_map(), page_pool_clear_pp_info() and __page_pool_release_page_dma() functions in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
207) Out-of-bounds read (CVE-ID: CVE-2025-40198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_apply_sb_mount_options() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
208) Resource management error (CVE-ID: CVE-2025-40196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dqput() and dquot_init() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
209) NULL pointer dereference (CVE-ID: CVE-2025-40195)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mnt_ns_release() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
210) Resource management error (CVE-ID: CVE-2025-40194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the update_qos_request() function in drivers/cpufreq/intel_pstate.c. A local user can perform a denial of service (DoS) attack.
211) Input validation error (CVE-ID: CVE-2025-40193)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_read_simdisk() function in arch/xtensa/platforms/iss/simdisk.c. A local user can perform a denial of service (DoS) attack.
212) Infinite loop (CVE-ID: CVE-2025-40192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the init_kcs_data_with_state(), start_kcs_transaction() and kcs_event() functions in drivers/char/ipmi/ipmi_kcs_sm.c. A local user can perform a denial of service (DoS) attack.
213) Memory leak (CVE-ID: CVE-2025-40191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the update_invalid_user_pages() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c. A local user can perform a denial of service (DoS) attack.
214) Improper error handling (CVE-ID: CVE-2025-40189)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the lan78xx_read_raw_eeprom() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.
215) Input validation error (CVE-ID: CVE-2025-40188)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the berlin_pwm_suspend() and berlin_pwm_resume() functions in drivers/pwm/pwm-berlin.c. A local user can perform a denial of service (DoS) attack.
216) NULL pointer dereference (CVE-ID: CVE-2025-40187)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_sf_do_5_1D_ce() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
217) Use-after-free (CVE-ID: CVE-2025-40186)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_conn_request() function in net/ipv4/tcp_input.c. A local user can escalate privileges on the system.
218) NULL pointer dereference (CVE-ID: CVE-2025-40185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_adapter_get() function in drivers/net/ethernet/intel/ice/ice_adapter.c. A local user can perform a denial of service (DoS) attack.
219) Reachable assertion (CVE-ID: CVE-2025-40184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __check_host_shared_guest(), __pkvm_host_relax_perms_guest() and __pkvm_host_mkyoung_guest() functions in arch/arm64/kvm/hyp/nvhe/mem_protect.c. A local user can perform a denial of service (DoS) attack.
220) Memory leak (CVE-ID: CVE-2025-40183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __bpf_redirect_neigh_v6() and __bpf_redirect_neigh_v4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
221) Improper Initialization (CVE-ID: CVE-2025-40182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the crypto_skcipher_init_tfm() function in crypto/skcipher.c. A local user can perform a denial of service (DoS) attack.
222) Out-of-bounds read (CVE-ID: CVE-2025-40180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zynqmp_ipi_free_mboxes() function in drivers/mailbox/zynqmp-ipi-mailbox.c. A local user can perform a denial of service (DoS) attack.
223) Resource management error (CVE-ID: CVE-2025-40179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ext4_init_orphan_info() function in fs/ext4/orphan.c. A local user can perform a denial of service (DoS) attack.
224) NULL pointer dereference (CVE-ID: CVE-2025-40178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pid_nr_ns() function in kernel/pid.c. A local user can perform a denial of service (DoS) attack.
225) Use of uninitialized resource (CVE-ID: CVE-2025-40177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the qaic_bootlog_mhi_probe() function in drivers/accel/qaic/qaic_debugfs.c. A local user can perform a denial of service (DoS) attack.
226) Use-after-free (CVE-ID: CVE-2025-40176)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_decrypt_sg() function in net/tls/tls_sw.c. A local user can escalate privileges on the system.
227) Incorrect calculation (CVE-ID: CVE-2025-40175)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the idpf_ptp_get_tstamp_value() function in drivers/net/ethernet/intel/idpf/idpf_virtchnl_ptp.c. A local user can perform a denial of service (DoS) attack.
228) Resource management error (CVE-ID: CVE-2025-40174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the switch_mm_irqs_off() function in arch/x86/mm/tlb.c. A local user can perform a denial of service (DoS) attack.
229) Input validation error (CVE-ID: CVE-2025-40173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip6_tnl_xmit() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.
230) Buffer overflow (CVE-ID: CVE-2025-40172)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the find_and_map_user_pages() function in drivers/accel/qaic/qaic_control.c. A local user can perform a denial of service (DoS) attack.
231) Memory leak (CVE-ID: CVE-2025-40171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req(), __nvmet_fc_send_ls_req(), nvmet_fc_disconnect_assoc_done() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
232) Input validation error (CVE-ID: CVE-2025-40170)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sk_clone_lock(), sk_dst_gso_max_size() and sk_setup_caps() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
233) Input validation error (CVE-ID: CVE-2025-40169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the check_alu_op() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
234) Use-after-free (CVE-ID: CVE-2025-40168)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_clc_prfx_match6_rcu() function in net/smc/smc_clc.c. A local user can escalate privileges on the system.
235) Input validation error (CVE-ID: CVE-2025-40167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __ext4_iget() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
236) Improper locking (CVE-ID: CVE-2025-40166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __guc_exec_queue_process_msg_cleanup() function in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
237) Resource management error (CVE-ID: CVE-2025-40165)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mxc_isi_m2m_vb2_buffer_queue(), mxc_isi_m2m_vb2_stop_streaming() and mxc_isi_m2m_s_fmt_vid() functions in drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c. A local user can perform a denial of service (DoS) attack.
238) Resource management error (CVE-ID: CVE-2025-40164)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbnet_resume_rx() function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
239) Resource management error (CVE-ID: CVE-2025-40163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dl_server_start() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
240) NULL pointer dereference (CVE-ID: CVE-2025-40162)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the create_sdw_dailink() function in sound/soc/amd/acp/acp-sdw-sof-mach.c. A local user can perform a denial of service (DoS) attack.
241) Input validation error (CVE-ID: CVE-2025-40161)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the zynqmp_ipi_free_mboxes() and zynqmp_ipi_probe() functions in drivers/mailbox/zynqmp-ipi-mailbox.c. A local user can perform a denial of service (DoS) attack.
242) Resource management error (CVE-ID: CVE-2025-40160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bind_interdomain_evtchn_to_irq_lateeoi(), find_virq() and bind_virq_to_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
243) Input validation error (CVE-ID: CVE-2025-40159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/xdp/xsk_queue.h. A local user can perform a denial of service (DoS) attack.
244) Use-after-free (CVE-ID: CVE-2025-40158)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_finish_output2() and ip6_finish_output() functions in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
245) NULL pointer dereference (CVE-ID: CVE-2025-40156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_ccifreq_probe() function in drivers/devfreq/mtk-cci-devfreq.c. A local user can perform a denial of service (DoS) attack.
246) Use of uninitialized resource (CVE-ID: CVE-2025-40155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the domain_translation_struct_show() function in drivers/iommu/intel/debugfs.c. A local user can perform a denial of service (DoS) attack.
247) Out-of-bounds read (CVE-ID: CVE-2025-40154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the log_quirks() function in sound/soc/intel/boards/bytcr_rt5640.c. A local user can perform a denial of service (DoS) attack.
248) Improper locking (CVE-ID: CVE-2025-40153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hugetlb_change_protection() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
249) Improper Initialization (CVE-ID: CVE-2025-40152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the function in drivers/gpu/drm/msm/msm_drv.c. A local user can perform a denial of service (DoS) attack.
250) Input validation error (CVE-ID: CVE-2025-40150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_garbage_collect() and f2fs_gc_range() functions in fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.
251) Use-after-free (CVE-ID: CVE-2025-40149)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_device_queue_ctx_destruction() function in net/tls/tls_device.c. A local user can escalate privileges on the system.
252) NULL pointer dereference (CVE-ID: CVE-2025-40148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_set_cursor_attributes() and dc_stream_program_cursor_attributes() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
253) NULL pointer dereference (CVE-ID: CVE-2025-40147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the block/blk-throttle.h. A local user can perform a denial of service (DoS) attack.
254) Use-after-free (CVE-ID: CVE-2025-40146)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the queue_requests_show() and queue_requests_store() functions in block/blk-sysfs.c. A local user can escalate privileges on the system.
255) Input validation error (CVE-ID: CVE-2025-40145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pci_pwrctrl_slot_probe() function in drivers/pci/pwrctrl/slot.c. A local user can perform a denial of service (DoS) attack.
256) Incorrect calculation (CVE-ID: CVE-2025-40143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the maybe_exit_scc() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
257) Improper locking (CVE-ID: CVE-2025-40142)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_pcm_group_init() function in sound/core/pcm_native.c. A local user can perform a denial of service (DoS) attack.
258) Use-after-free (CVE-ID: CVE-2025-40141)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iso_sock_kill() function in net/bluetooth/iso.c. A local user can escalate privileges on the system.
259) Improper locking (CVE-ID: CVE-2025-40140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtl8150_set_multicast() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
260) Use-after-free (CVE-ID: CVE-2025-40139)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_clc_msg_hdr_valid(), smc_clc_prfx_set4_rcu() and smc_clc_prfx_set() functions in net/smc/smc_clc.c. A local user can escalate privileges on the system.
261) NULL pointer dereference (CVE-ID: CVE-2025-40138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the f2fs_check_quota_consistency() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
262) Input validation error (CVE-ID: CVE-2025-40137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_truncate() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
263) Resource management error (CVE-ID: CVE-2025-40136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hisi_qm_reset_done(), qm_unregister_abnormal_irq(), qm_register_abnormal_irq() and hisi_qm_pci_init() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.
264) Use-after-free (CVE-ID: CVE-2025-40135)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_autoflowlabel() and ip6_xmit() functions in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
265) NULL pointer dereference (CVE-ID: CVE-2025-40134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __dm_suspend() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
266) Use-after-free (CVE-ID: CVE-2025-40133)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_active_enable() function in net/mptcp/ctrl.c. A local user can escalate privileges on the system.
267) Input validation error (CVE-ID: CVE-2025-40132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the create_sdw_dailink() function in sound/soc/intel/boards/sof_sdw.c. A local user can perform a denial of service (DoS) attack.
268) Input validation error (CVE-ID: CVE-2025-40131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_dp_mon_update_radiotap(), ath12k_dp_mon_rx_deliver_msdu() and ath12k_dp_mon_rx_deliver() functions in drivers/net/wireless/ath/ath12k/dp_mon.c. A local user can perform a denial of service (DoS) attack.
269) Use-after-free (CVE-ID: CVE-2025-40130)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/ufs/ufshcd.h. A local user can escalate privileges on the system.
270) NULL pointer dereference (CVE-ID: CVE-2025-40129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svcauth_gss_verify_header() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
271) Use of uninitialized resource (CVE-ID: CVE-2025-40127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ks_sa_rng_probe() function in drivers/char/hw_random/ks-sa-rng.c. A local user can perform a denial of service (DoS) attack.
272) Input validation error (CVE-ID: CVE-2025-40126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ENTRY() function in arch/sparc/lib/U1memcpy.S. A local user can perform a denial of service (DoS) attack.
273) Improper locking (CVE-ID: CVE-2025-40125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blk_mq_unregister_hctx() function in block/blk-mq-sysfs.c. A local user can perform a denial of service (DoS) attack.
274) Infinite loop (CVE-ID: CVE-2025-40124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the function in arch/sparc/lib/U3memcpy.S. A local user can perform a denial of service (DoS) attack.
275) NULL pointer dereference (CVE-ID: CVE-2025-40123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
276) Resource management error (CVE-ID: CVE-2025-40122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the intel_pmu_acr_late_setup() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
277) Out-of-bounds read (CVE-ID: CVE-2025-40121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.
278) Improper locking (CVE-ID: CVE-2025-40120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ax88772_suspend(), ax88772_bind() and ax88772_unbind() functions in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.
279) Use-after-free (CVE-ID: CVE-2025-40119)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_discard_work() function in fs/ext4/mballoc.c. A local user can escalate privileges on the system.
280) Out-of-bounds read (CVE-ID: CVE-2025-40118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pm8001_dev_gone_notify() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.
281) Integer underflow (CVE-ID: CVE-2025-40117)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the pci_endpoint_test_ioctl() function in drivers/misc/pci_endpoint_test.c. A local user can execute arbitrary code.
282) NULL pointer dereference (CVE-ID: CVE-2025-40116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3421_probe() function in drivers/usb/host/max3421-hcd.c. A local user can perform a denial of service (DoS) attack.
283) Double free (CVE-ID: CVE-2025-40115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mpt3sas_transport_port_remove() function in drivers/scsi/mpt3sas/mpt3sas_transport.c. A local user can perform a denial of service (DoS) attack.
284) Buffer overflow (CVE-ID: CVE-2025-40113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the qcom_pas_load() and qcom_pas_probe() functions in drivers/remoteproc/qcom_q6v5_pas.c. A local user can perform a denial of service (DoS) attack.
285) Buffer overflow (CVE-ID: CVE-2025-40112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ENTRY() function in arch/sparc/lib/NGmemcpy.S. A local user can perform a denial of service (DoS) attack.
286) Use-after-free (CVE-ID: CVE-2025-40111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_validation_add_resource() function in drivers/gpu/drm/vmwgfx/vmwgfx_validation.c. A local user can escalate privileges on the system.
287) Input validation error (CVE-ID: CVE-2025-40110)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vmw_cmd_dma() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
288) Improper error handling (CVE-ID: CVE-2025-40106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the comedi_buf_munge() function in drivers/comedi/comedi_buf.c. A local user can perform a denial of service (DoS) attack.
289) Memory leak (CVE-ID: CVE-2025-40105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the d_alloc() function in fs/dcache.c. A local user can perform a denial of service (DoS) attack.
290) Input validation error (CVE-ID: CVE-2025-40104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/ixgbevf/vf.h. A local user can perform a denial of service (DoS) attack.
291) Memory leak (CVE-ID: CVE-2025-40103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_smb2_acl_by_path() and set_smb2_acl() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
292) Improper error handling (CVE-ID: CVE-2025-40102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_arch_vcpu_ioctl() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.
293) Memory leak (CVE-ID: CVE-2025-40101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_load_block_group_zone_info() function in fs/btrfs/zoned.c. A local user can perform a denial of service (DoS) attack.
294) Reachable assertion (CVE-ID: CVE-2025-40100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
295) Out-of-bounds read (CVE-ID: CVE-2025-40099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_dfs_referrals() function in fs/smb/client/misc.c. A local user can perform a denial of service (DoS) attack.
296) NULL pointer dereference (CVE-ID: CVE-2025-40098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cs35l41_get_acpi_mute_state() function in sound/hda/codecs/side-codecs/cs35l41_hda.c. A local user can perform a denial of service (DoS) attack.
297) NULL pointer dereference (CVE-ID: CVE-2025-40097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hda_component_manager_init() function in sound/hda/codecs/side-codecs/hda_component.c. A local user can perform a denial of service (DoS) attack.
298) Double free (CVE-ID: CVE-2025-40096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drm_sched_job_add_implicit_dependencies() function in drivers/gpu/drm/scheduler/sched_main.c. A local user can perform a denial of service (DoS) attack.
299) NULL pointer dereference (CVE-ID: CVE-2025-40095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rndis_bind() function in drivers/usb/gadget/function/f_rndis.c. A local user can perform a denial of service (DoS) attack.
300) NULL pointer dereference (CVE-ID: CVE-2025-40094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acm_bind() function in drivers/usb/gadget/function/f_acm.c. A local user can perform a denial of service (DoS) attack.
301) NULL pointer dereference (CVE-ID: CVE-2025-40093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ecm_bind() function in drivers/usb/gadget/function/f_ecm.c. A local user can perform a denial of service (DoS) attack.
302) NULL pointer dereference (CVE-ID: CVE-2025-40092)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ncm_bind() function in drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.
303) Use-after-free (CVE-ID: CVE-2025-40091)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ixgbe_remove() function in drivers/net/ethernet/intel/ixgbe/ixgbe_main.c. A local user can escalate privileges on the system.
304) NULL pointer dereference (CVE-ID: CVE-2025-40089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cxl_feature_info() function in drivers/cxl/core/features.c. A local user can perform a denial of service (DoS) attack.
305) Out-of-bounds read (CVE-ID: CVE-2025-40088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_strcasecmp() and hfsplus_strcmp() functions in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
306) Resource management error (CVE-ID: CVE-2025-40087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nfsd4_ff_proc_getdeviceinfo() function in fs/nfsd/flexfilelayout.c. A local user can perform a denial of service (DoS) attack.
307) NULL pointer dereference (CVE-ID: CVE-2025-40086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/gpu/drm/xe/xe_vm_types.h. A local user can perform a denial of service (DoS) attack.
308) NULL pointer dereference (CVE-ID: CVE-2025-40085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_alias_quirk() function in sound/usb/card.c. A local user can perform a denial of service (DoS) attack.
309) Input validation error (CVE-ID: CVE-2025-40084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipc_msg_handle_free() function in fs/smb/server/transport_ipc.c. A local user can perform a denial of service (DoS) attack.
310) Out-of-bounds read (CVE-ID: CVE-2025-40082)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
311) Buffer overflow (CVE-ID: CVE-2025-40081)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/perf/arm_spe_pmu.c. A local user can escalate privileges on the system.
312) Input validation error (CVE-ID: CVE-2025-40080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nbd_get_socket() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
313) Resource management error (CVE-ID: CVE-2025-40079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the emit_atomic_rmw() and __arch_prepare_bpf_trampoline() functions in arch/riscv/net/bpf_jit_comp64.c. A local user can perform a denial of service (DoS) attack.
314) Resource management error (CVE-ID: CVE-2025-40078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_addr_is_valid_access() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
315) Buffer overflow (CVE-ID: CVE-2025-40077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_truncate_partial_cluster() function in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
316) NULL pointer dereference (CVE-ID: CVE-2025-40076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rcar_pcie_msi_irq() function in drivers/pci/controller/pcie-rcar-host.c. A local user can perform a denial of service (DoS) attack.
317) Improper locking (CVE-ID: CVE-2025-40075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcpm_new(), __tcp_get_metrics_req() and tcp_get_metrics() functions in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
318) Use-after-free (CVE-ID: CVE-2025-40074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv4_neigh_lookup() function in net/ipv4/route.c. A local user can escalate privileges on the system.
319) NULL pointer dereference (CVE-ID: CVE-2025-40073)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_plane_is_multirect_capable() and dpu_plane_try_multirect_shared() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.
320) NULL pointer dereference (CVE-ID: CVE-2025-40072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_fanotify_mark() function in fs/notify/fanotify/fanotify_user.c. A local user can perform a denial of service (DoS) attack.
321) Improper locking (CVE-ID: CVE-2025-40071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gsm_send_packet(), gsm_dlci_open() and gsm_modem_upd_via_msc() functions in drivers/tty/n_gsm.c. A local user can perform a denial of service (DoS) attack.
322) Use-after-free (CVE-ID: CVE-2025-40070)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pps_register_cdev() function in drivers/pps/pps.c. A local user can escalate privileges on the system.
323) Memory leak (CVE-ID: CVE-2025-40069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vm_bind_job_lookup_ops() function in drivers/gpu/drm/msm/msm_gem_vma.c. A local user can perform a denial of service (DoS) attack.
324) Input validation error (CVE-ID: CVE-2025-40068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the run_unpack() and run_get_highest_vcn() functions in fs/ntfs3/run.c. A local user can perform a denial of service (DoS) attack.
325) Buffer overflow (CVE-ID: CVE-2025-40067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the indx_add_allocate() function in fs/ntfs3/index.c. A local user can perform a denial of service (DoS) attack.
326) NULL pointer dereference (CVE-ID: CVE-2025-40066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7996_mac_sta_add_links() function in drivers/net/wireless/mediatek/mt76/mt7996/main.c. A local user can perform a denial of service (DoS) attack.
327) Input validation error (CVE-ID: CVE-2025-40065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_riscv_gstage_vmid_detect() function in arch/riscv/kvm/vmid.c. A local user can perform a denial of service (DoS) attack.
328) Use-after-free (CVE-ID: CVE-2025-40064)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_pnet_find_ism_by_pnetid() function in net/smc/smc_pnet.c. A local user can escalate privileges on the system.
329) Buffer overflow (CVE-ID: CVE-2025-40063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the include/crypto/internal/scompress.h. A local user can perform a denial of service (DoS) attack.
330) Double free (CVE-ID: CVE-2025-40062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the qm_diff_regs_init() function in drivers/crypto/hisilicon/debugfs.c. A local user can perform a denial of service (DoS) attack.
331) Use-after-free (CVE-ID: CVE-2025-40061)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_task() function in drivers/infiniband/sw/rxe/rxe_task.c. A local user can escalate privileges on the system.
332) NULL pointer dereference (CVE-ID: CVE-2025-40060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_trbe_alloc_buffer() function in drivers/hwtracing/coresight/coresight-trbe.c. A local user can perform a denial of service (DoS) attack.
333) NULL pointer dereference (CVE-ID: CVE-2025-40059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_trbe_register_coresight_cpu() function in drivers/hwtracing/coresight/coresight-trbe.c. A local user can perform a denial of service (DoS) attack.
334) Incorrect calculation (CVE-ID: CVE-2025-40058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the drivers/iommu/intel/iommu.h. A local user can perform a denial of service (DoS) attack.
335) Resource management error (CVE-ID: CVE-2025-40057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can perform a denial of service (DoS) attack.
336) Input validation error (CVE-ID: CVE-2025-40056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the copy_to_iotlb() function in drivers/vhost/vringh.c. A local user can perform a denial of service (DoS) attack.
337) Double free (CVE-ID: CVE-2025-40055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the user_cluster_connect() function in fs/ocfs2/stack_user.c. A local user can perform a denial of service (DoS) attack.
338) Use-after-free (CVE-ID: CVE-2025-40054)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_merge_page_bio() function in fs/f2fs/data.c. A local user can escalate privileges on the system.
339) NULL pointer dereference (CVE-ID: CVE-2025-40053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the function in drivers/net/ethernet/dlink/dl2k.c. A local user can perform a denial of service (DoS) attack.
340) Use-after-free (CVE-ID: CVE-2025-40052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fill_transform_hdr(), smb2_aead_req_alloc() and crypt_message() functions in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
341) Input validation error (CVE-ID: CVE-2025-40051)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the copy_from_iotlb() function in drivers/vhost/vringh.c. A local user can perform a denial of service (DoS) attack.
342) Resource management error (CVE-ID: CVE-2025-40050)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_alu_op() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
343) Use of uninitialized resource (CVE-ID: CVE-2025-40049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the fs/squashfs/squashfs_fs_i.h. A local user can perform a denial of service (DoS) attack.
344) Memory leak (CVE-ID: CVE-2025-40048)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_channel_cb(), hv_uio_new_channel() and hv_uio_open() functions in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
345) Improper locking (CVE-ID: CVE-2025-40047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_waitid_wait() function in io_uring/waitid.c. A local user can perform a denial of service (DoS) attack.
346) Integer underflow (CVE-ID: CVE-2025-40046)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the io_zcrx_recv_skb() function in io_uring/zcrx.c. A local user can execute arbitrary code.
347) Buffer overflow (CVE-ID: CVE-2025-40045)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in sound/soc/codecs/wcd937x.c. A local user can escalate privileges on the system.
348) Use-after-free (CVE-ID: CVE-2025-40044)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.
349) Input validation error (CVE-ID: CVE-2025-40043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_core_reset_ntf_packet(), nci_core_conn_credits_ntf_packet(), nci_core_generic_error_ntf_packet(), nci_core_conn_intf_error_ntf_packet(), nci_clear_target_list(), nci_rf_discover_ntf_packet(), nci_store_general_bytes_nfc_dep(), nci_rf_intf_activated_ntf_packet(), nci_rf_deactivate_ntf_packet(), nci_nfcee_discover_ntf_packet() and nci_ntf_packet() functions in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
350) NULL pointer dereference (CVE-ID: CVE-2025-40042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uprobe_dispatcher() and uretprobe_dispatcher() functions in kernel/trace/trace_uprobe.c. A local user can perform a denial of service (DoS) attack.
351) Improper error handling (CVE-ID: CVE-2025-40040)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rust/bindings/bindings_helper.h. A local user can perform a denial of service (DoS) attack.
352) Use-after-free (CVE-ID: CVE-2025-40039)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ksmbd_session_rpc_open() and ksmbd_session_rpc_close() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.
353) Improper locking (CVE-ID: CVE-2025-40038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the svm_vcpu_pre_run() function in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
354) Use-after-free (CVE-ID: CVE-2025-40037)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the simplefb_destroy(), simplefb_detach_genpds(), simplefb_attach_genpds() and simplefb_probe() functions in drivers/video/fbdev/simplefb.c. A local user can escalate privileges on the system.
355) Memory leak (CVE-ID: CVE-2025-40036)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fastrpc_put_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
356) Memory leak (CVE-ID: CVE-2025-40035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uinput_ff_upload_to_user() function in drivers/input/misc/uinput.c. A local user can perform a denial of service (DoS) attack.
357) NULL pointer dereference (CVE-ID: CVE-2025-40034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_rootport_aer_stats_incr() function in drivers/pci/pcie/aer.c. A local user can perform a denial of service (DoS) attack.
358) NULL pointer dereference (CVE-ID: CVE-2025-40033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and pru_rproc_set_ctable() functions in drivers/remoteproc/pru_rproc.c. A local user can perform a denial of service (DoS) attack.
359) NULL pointer dereference (CVE-ID: CVE-2025-40032)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_clean_dma_chan() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
360) NULL pointer dereference (CVE-ID: CVE-2025-40031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the register_shm_helper() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
361) NULL pointer dereference (CVE-ID: CVE-2025-40030)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pinmux_func_name_to_selector() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
362) NULL pointer dereference (CVE-ID: CVE-2025-40029)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fsl_mc_bus_probe() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
363) Input validation error (CVE-ID: CVE-2025-40004)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb9pfs_rx_complete() function in net/9p/trans_usbg.c. A local user can perform a denial of service (DoS) attack.
364) Use-after-free (CVE-ID: CVE-2025-40003)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ocelot_stats_init() function in drivers/net/ethernet/mscc/ocelot_stats.c. A local user can escalate privileges on the system.
365) Memory leak (CVE-ID: CVE-2025-40002)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tb_dp_dprx_work() and tb_dp_dprx_stop() functions in drivers/thunderbolt/tunnel.c. A local user can perform a denial of service (DoS) attack.
366) Use-after-free (CVE-ID: CVE-2025-40001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvs_free() function in drivers/scsi/mvsas/mv_init.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.