SB2026021250 - Ubuntu update for linux-nvidia-tegra
Published: February 12, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 115 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2025-71162)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tegra_adma_stop() and tegra_adma_probe() functions in drivers/dma/tegra210-adma.c. A local user can escalate privileges on the system.
2) Use of uninitialized resource (CVE-ID: CVE-2025-68249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hdm_probe() function in drivers/most/most_usb.c. A local user can perform a denial of service (DoS) attack.
3) Improper locking (CVE-ID: CVE-2025-40351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_iget() function in fs/hfsplus/super.c. A local user can perform a denial of service (DoS) attack.
4) Out-of-bounds read (CVE-ID: CVE-2025-40349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/hfsplus/hfsplus_fs.h. A local user can perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2025-40346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the topology_parse_cpu_capacity() function in drivers/base/arch_topology.c. A local user can perform a denial of service (DoS) attack.
6) Improper Initialization (CVE-ID: CVE-2025-40245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the find_limits() and setup_arch() functions in arch/nios2/kernel/setup.c. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2025-40244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfs_find_init() and hfs_brec_find() functions in fs/hfsplus/bfind.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2025-40243)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfs_mdb_get() function in fs/hfs/mdb.c. A local user can escalate privileges on the system.
9) NULL pointer dereference (CVE-ID: CVE-2025-40240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_inq_pop() function in net/sctp/inqueue.c. A local user can perform a denial of service (DoS) attack.
10) Incorrect calculation (CVE-ID: CVE-2025-40233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __ocfs2_move_extents_range() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2025-40231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_assign_transport() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2025-40223)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the release_mdev() and hdm_disconnect() functions in drivers/most/most_usb.c. A local user can escalate privileges on the system.
13) Improper locking (CVE-ID: CVE-2025-40220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fuse_file_release() function in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2025-40219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sriov_add_vfs() and sriov_del_vfs() functions in drivers/pci/iov.c. A local user can perform a denial of service (DoS) attack.
15) Improper locking (CVE-ID: CVE-2025-40215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __xfrm_state_destroy(), __xfrm_state_delete(), xfrm_state_flush(), xfrm_flush_gc() and xfrm_state_fini() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
16) Out-of-bounds read (CVE-ID: CVE-2025-40205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_encode_fh() function in fs/btrfs/export.c. A local user can perform a denial of service (DoS) attack.
17) Resource management error (CVE-ID: CVE-2025-40204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
18) Resource management error (CVE-ID: CVE-2025-40200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
19) Resource management error (CVE-ID: CVE-2025-40194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the update_qos_request() function in drivers/cpufreq/intel_pstate.c. A local user can perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2025-40188)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the berlin_pwm_suspend() and berlin_pwm_resume() functions in drivers/pwm/pwm-berlin.c. A local user can perform a denial of service (DoS) attack.
21) NULL pointer dereference (CVE-ID: CVE-2025-40187)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_sf_do_5_1D_ce() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
22) Memory leak (CVE-ID: CVE-2025-40183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __bpf_redirect_neigh_v6() and __bpf_redirect_neigh_v4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
23) Resource management error (CVE-ID: CVE-2025-40179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ext4_init_orphan_info() function in fs/ext4/orphan.c. A local user can perform a denial of service (DoS) attack.
24) NULL pointer dereference (CVE-ID: CVE-2025-40178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pid_nr_ns() function in kernel/pid.c. A local user can perform a denial of service (DoS) attack.
25) Input validation error (CVE-ID: CVE-2025-40173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ip6_tnl_xmit() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.
26) Memory leak (CVE-ID: CVE-2025-40171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req(), __nvmet_fc_send_ls_req(), nvmet_fc_disconnect_assoc_done() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
27) Input validation error (CVE-ID: CVE-2025-40167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __ext4_iget() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
28) Out-of-bounds read (CVE-ID: CVE-2025-40154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the log_quirks() function in sound/soc/intel/boards/bytcr_rt5640.c. A local user can perform a denial of service (DoS) attack.
29) Improper locking (CVE-ID: CVE-2025-40153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hugetlb_change_protection() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
30) Improper locking (CVE-ID: CVE-2025-40140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtl8150_set_multicast() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
31) NULL pointer dereference (CVE-ID: CVE-2025-40134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __dm_suspend() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
32) Use of uninitialized resource (CVE-ID: CVE-2025-40127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ks_sa_rng_probe() function in drivers/char/hw_random/ks-sa-rng.c. A local user can perform a denial of service (DoS) attack.
33) Input validation error (CVE-ID: CVE-2025-40126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ENTRY() function in arch/sparc/lib/U1memcpy.S. A local user can perform a denial of service (DoS) attack.
34) Improper locking (CVE-ID: CVE-2025-40125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blk_mq_unregister_hctx() function in block/blk-mq-sysfs.c. A local user can perform a denial of service (DoS) attack.
35) Infinite loop (CVE-ID: CVE-2025-40124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the function in arch/sparc/lib/U3memcpy.S. A local user can perform a denial of service (DoS) attack.
36) Out-of-bounds read (CVE-ID: CVE-2025-40121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.
37) Improper locking (CVE-ID: CVE-2025-40120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ax88772_suspend(), ax88772_bind() and ax88772_unbind() functions in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.
38) Out-of-bounds read (CVE-ID: CVE-2025-40118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pm8001_dev_gone_notify() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.
39) NULL pointer dereference (CVE-ID: CVE-2025-40116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3421_probe() function in drivers/usb/host/max3421-hcd.c. A local user can perform a denial of service (DoS) attack.
40) Double free (CVE-ID: CVE-2025-40115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mpt3sas_transport_port_remove() function in drivers/scsi/mpt3sas/mpt3sas_transport.c. A local user can perform a denial of service (DoS) attack.
41) Buffer overflow (CVE-ID: CVE-2025-40112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ENTRY() function in arch/sparc/lib/NGmemcpy.S. A local user can perform a denial of service (DoS) attack.
42) Use-after-free (CVE-ID: CVE-2025-40111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_validation_add_resource() function in drivers/gpu/drm/vmwgfx/vmwgfx_validation.c. A local user can escalate privileges on the system.
43) Input validation error (CVE-ID: CVE-2025-40109)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the crypto_del_default_rng() and crypto_register_rng() functions in crypto/rng.c. A local user can perform a denial of service (DoS) attack.
44) Improper error handling (CVE-ID: CVE-2025-40106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the comedi_buf_munge() function in drivers/comedi/comedi_buf.c. A local user can perform a denial of service (DoS) attack.
45) Memory leak (CVE-ID: CVE-2025-40105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the d_alloc() function in fs/dcache.c. A local user can perform a denial of service (DoS) attack.
46) NULL pointer dereference (CVE-ID: CVE-2025-40094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acm_bind() function in drivers/usb/gadget/function/f_acm.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2025-40092)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ncm_bind() function in drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.
48) Out-of-bounds read (CVE-ID: CVE-2025-40088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_strcasecmp() and hfsplus_strcmp() functions in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
49) Resource management error (CVE-ID: CVE-2025-40087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nfsd4_ff_proc_getdeviceinfo() function in fs/nfsd/flexfilelayout.c. A local user can perform a denial of service (DoS) attack.
50) NULL pointer dereference (CVE-ID: CVE-2025-40085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_alias_quirk() function in sound/usb/card.c. A local user can perform a denial of service (DoS) attack.
51) Buffer overflow (CVE-ID: CVE-2025-40081)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/perf/arm_spe_pmu.c. A local user can escalate privileges on the system.
52) Resource management error (CVE-ID: CVE-2025-40078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_addr_is_valid_access() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
53) Use-after-free (CVE-ID: CVE-2025-40070)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pps_register_cdev() function in drivers/pps/pps.c. A local user can escalate privileges on the system.
54) Input validation error (CVE-ID: CVE-2025-40068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the run_unpack() and run_get_highest_vcn() functions in fs/ntfs3/run.c. A local user can perform a denial of service (DoS) attack.
55) NULL pointer dereference (CVE-ID: CVE-2025-40060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_trbe_alloc_buffer() function in drivers/hwtracing/coresight/coresight-trbe.c. A local user can perform a denial of service (DoS) attack.
56) Double free (CVE-ID: CVE-2025-40055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the user_cluster_connect() function in fs/ocfs2/stack_user.c. A local user can perform a denial of service (DoS) attack.
57) NULL pointer dereference (CVE-ID: CVE-2025-40053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the function in drivers/net/ethernet/dlink/dl2k.c. A local user can perform a denial of service (DoS) attack.
58) Use of uninitialized resource (CVE-ID: CVE-2025-40049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the fs/squashfs/squashfs_fs_i.h. A local user can perform a denial of service (DoS) attack.
59) Memory leak (CVE-ID: CVE-2025-40048)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_channel_cb(), hv_uio_new_channel() and hv_uio_open() functions in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
60) Use-after-free (CVE-ID: CVE-2025-40044)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.
61) Input validation error (CVE-ID: CVE-2025-40043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_core_reset_ntf_packet(), nci_core_conn_credits_ntf_packet(), nci_core_generic_error_ntf_packet(), nci_core_conn_intf_error_ntf_packet(), nci_clear_target_list(), nci_rf_discover_ntf_packet(), nci_store_general_bytes_nfc_dep(), nci_rf_intf_activated_ntf_packet(), nci_rf_deactivate_ntf_packet(), nci_nfcee_discover_ntf_packet() and nci_ntf_packet() functions in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
62) NULL pointer dereference (CVE-ID: CVE-2025-40042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uprobe_dispatcher() and uretprobe_dispatcher() functions in kernel/trace/trace_uprobe.c. A local user can perform a denial of service (DoS) attack.
63) Memory leak (CVE-ID: CVE-2025-40035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uinput_ff_upload_to_user() function in drivers/input/misc/uinput.c. A local user can perform a denial of service (DoS) attack.
64) NULL pointer dereference (CVE-ID: CVE-2025-40030)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pinmux_func_name_to_selector() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
65) NULL pointer dereference (CVE-ID: CVE-2025-40029)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fsl_mc_bus_probe() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
66) Improper locking (CVE-ID: CVE-2025-40027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the p9_fd_cancelled() function in net/9p/trans_fd.c. A local user can perform a denial of service (DoS) attack.
67) Resource management error (CVE-ID: CVE-2025-40026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the emulator_is_smm() and x86_emulate_instruction() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
68) Improper locking (CVE-ID: CVE-2025-40021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dyn_event_open() function in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.
69) Out-of-bounds read (CVE-ID: CVE-2025-40020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the peak_usb_update_ts_now() function in drivers/net/can/usb/peak_usb/pcan_usb_core.c. A local user can perform a denial of service (DoS) attack.
70) NULL pointer dereference (CVE-ID: CVE-2025-40011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the oaktrail_hdmi_teardown() function in drivers/gpu/drm/gma500/oaktrail_hdmi.c. A local user can perform a denial of service (DoS) attack.
71) Improper locking (CVE-ID: CVE-2025-40006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the remove_inode_single_folio() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
72) Use-after-free (CVE-ID: CVE-2025-40001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvs_free() function in drivers/scsi/mvsas/mv_init.c. A local user can escalate privileges on the system.
73) Buffer overflow (CVE-ID: CVE-2025-39998)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the target_lu_gp_members_show() function in drivers/target/target_core_configfs.c. A local user can escalate privileges on the system.
74) Use-after-free (CVE-ID: CVE-2025-39996)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the flexcop_pci_remove() function in drivers/media/pci/b2c2/flexcop-pci.c. A local user can escalate privileges on the system.
75) Use-after-free (CVE-ID: CVE-2025-39995)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can escalate privileges on the system.
76) Use-after-free (CVE-ID: CVE-2025-39994)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xc5000_release() function in drivers/media/tuners/xc5000.c. A local user can escalate privileges on the system.
77) Buffer overflow (CVE-ID: CVE-2025-39988)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/usb/etas_es58x/es58x_core.c. A local user can escalate privileges on the system.
78) Buffer overflow (CVE-ID: CVE-2025-39987)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.
79) Buffer overflow (CVE-ID: CVE-2025-39986)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/sun4i_can.c. A local user can escalate privileges on the system.
80) Buffer overflow (CVE-ID: CVE-2025-39985)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/usb/mcba_usb.c. A local user can escalate privileges on the system.
81) NULL pointer dereference (CVE-ID: CVE-2025-39980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the replace_nexthop_single() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
82) Input validation error (CVE-ID: CVE-2025-39973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_config_vsi_tx_queue() and i40e_config_vsi_rx_queue() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
83) Input validation error (CVE-ID: CVE-2025-39972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_validate_queue_map() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
84) Input validation error (CVE-ID: CVE-2025-39971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_vc_config_queues_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
85) Out-of-bounds read (CVE-ID: CVE-2025-39970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the i40e_validate_cloud_filter() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
86) Input validation error (CVE-ID: CVE-2025-39969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h. A local user can perform a denial of service (DoS) attack.
87) Buffer overflow (CVE-ID: CVE-2025-39968)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the i40e_vc_del_cloud_filter() and i40e_vc_add_cloud_filter() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can escalate privileges on the system.
88) Integer overflow (CVE-ID: CVE-2025-39967)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fbcon_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can execute arbitrary code.
89) Resource management error (CVE-ID: CVE-2025-39955)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_disconnect() function in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
90) Use-after-free (CVE-ID: CVE-2025-39953)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_PERCPU_RWSEM(), css_release_work_fn(), css_release(), css_create(), css_killed_ref_fn() and cgroup_wq_init() functions in kernel/cgroup/cgroup.c. A local user can escalate privileges on the system.
91) Use-after-free (CVE-ID: CVE-2025-39951)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_uml_probe() function in arch/um/drivers/virtio_uml.c. A local user can escalate privileges on the system.
92) Improper error handling (CVE-ID: CVE-2025-39949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qed_protection_override_dump() function in drivers/net/ethernet/qlogic/qed/qed_debug.c. A local user can perform a denial of service (DoS) attack.
93) Use-after-free (CVE-ID: CVE-2025-39945)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cnic_cm_stop_bnx2x_hw() function in drivers/net/ethernet/broadcom/cnic.c. A local user can escalate privileges on the system.
94) Out-of-bounds read (CVE-ID: CVE-2025-39943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the recv_done() function in fs/smb/server/transport_rdma.c. A local user can perform a denial of service (DoS) attack.
95) NULL pointer dereference (CVE-ID: CVE-2025-39937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfkill_gpio_acpi_probe() function in net/rfkill/rfkill-gpio.c. A local user can perform a denial of service (DoS) attack.
96) NULL pointer dereference (CVE-ID: CVE-2025-39934)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the anx7625_i2c_probe() function in drivers/gpu/drm/bridge/analogix/anx7625.c. A local user can perform a denial of service (DoS) attack.
97) Improper error handling (CVE-ID: CVE-2025-39923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bam_dma_probe() function in drivers/dma/qcom/bam_dma.c. A local user can perform a denial of service (DoS) attack.
98) Resource management error (CVE-ID: CVE-2025-39913)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_bpf_send_verdict() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
99) Resource management error (CVE-ID: CVE-2025-39911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_vsi_request_irq_msix() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
100) Out-of-bounds read (CVE-ID: CVE-2025-39907)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stm32_fmc2_nfc_xfer() and stm32_fmc2_nfc_dma_setup() functions in drivers/mtd/nand/raw/stm32_fmc2_nand.c. A local user can perform a denial of service (DoS) attack.
101) Improper locking (CVE-ID: CVE-2025-39885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_extent_map_get_blocks(), ocfs2_fiemap_inline() and ocfs2_fiemap() functions in fs/ocfs2/extent_map.c. A local user can perform a denial of service (DoS) attack.
102) Improper error handling (CVE-ID: CVE-2025-39883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
103) Input validation error (CVE-ID: CVE-2025-39880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the con_fault_finish() and clear_standby() functions in net/ceph/messenger.c. A local user can perform a denial of service (DoS) attack.
104) NULL pointer dereference (CVE-ID: CVE-2025-39876)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fec_enet_phy_reset_after_clk_enable() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
105) Use-after-free (CVE-ID: CVE-2025-39873)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xcan_write_frame() function in drivers/net/can/xilinx_can.c. A local user can escalate privileges on the system.
106) Out-of-bounds read (CVE-ID: CVE-2025-39869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the edma_setup_from_hw() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.
107) Use-after-free (CVE-ID: CVE-2025-38584)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), padata_find_next(), padata_do_serial(), padata_alloc_pd() and padata_free_shell() functions in kernel/padata.c. A local user can escalate privileges on the system.
108) Use-after-free (CVE-ID: CVE-2025-38248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_port_ctx_init() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
109) Use-after-free (CVE-ID: CVE-2025-38236)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() and unix_stream_recv_urg() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.
110) NULL pointer dereference (CVE-ID: CVE-2025-23143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_lock_init() and sk_prot_free() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
111) Memory leak (CVE-ID: CVE-2025-22058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the udp_skb_has_head_state(), udp_rmem_release(), EXPORT_SYMBOL_GPL() and first_packet_length() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
112) Resource management error (CVE-ID: CVE-2025-21861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the migrate_device_finalize() function in mm/migrate_device.c. A local user can perform a denial of service (DoS) attack.
113) NULL pointer dereference (CVE-ID: CVE-2024-58011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the skl_int3472_tps68470_probe() function in drivers/platform/x86/intel/int3472/tps68470.c, within the skl_int3472_discrete_probe() function in drivers/platform/x86/intel/int3472/discrete.c. A local user can perform a denial of service (DoS) attack.
114) Use-after-free (CVE-ID: CVE-2024-56538)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zynqmp_dpsub_drm_cleanup() function in drivers/gpu/drm/xlnx/zynqmp_kms.c. A local user can escalate privileges on the system.
115) Input validation error (CVE-ID: CVE-2024-53114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.