SB2026022049 - SUSE update for the Linux Kernel
Published: February 20, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 171 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2023-53714)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ltdc_crtc_disable_vblank() function in drivers/gpu/drm/stm/ltdc.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2023-54013)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the LIST_HEAD(), icc_set_bw(), icc_node_add() and icc_sync_state() functions in drivers/interconnect/core.c. A local user can escalate privileges on the system.
3) Improper locking (CVE-ID: CVE-2024-27005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the path_init() and icc_put() functions in drivers/interconnect/core.c. A local user can perform a denial of service (DoS) attack.
4) Improper error handling (CVE-ID: CVE-2024-42103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the btrfs_reclaim_bgs_work() function in fs/btrfs/block-group.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2024-53070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dwc3_suspend_common() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
6) Off-by-one (CVE-ID: CVE-2024-53149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the pmic_glink_ucsi_connector_status() function in drivers/usb/typec/ucsi/ucsi_glink.c. A local user can perform a denial of service (DoS) attack.
7) Incorrect calculation (CVE-ID: CVE-2024-56721)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the init_amd_bd() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2025-22047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __apply_microcode_amd() function in arch/x86/kernel/cpu/microcode/amd.c. A local user can perform a denial of service (DoS) attack.
9) Memory leak (CVE-ID: CVE-2025-37744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_pci_remove() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2025-37751)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_amd_bd() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
11) Input validation error (CVE-ID: CVE-2025-37813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xhci_queue_ctrl_tx() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2025-38209)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_setup_ctrl() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
13) NULL pointer dereference (CVE-ID: CVE-2025-38243)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the replay_one_extent(), drop_one_dir_item() and unlink_inode_for_log_replay() functions in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2025-38322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_pmu_read_event() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
15) Improper locking (CVE-ID: CVE-2025-38379)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the free_xid() and smb2_reconnect_server() functions in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2025-38539)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __register_event() and __trace_add_event_dirs() functions in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2025-39689)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_regex_open() and ftrace_regex_release() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
18) Resource management error (CVE-ID: CVE-2025-39813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ftrace_dump() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
19) Resource management error (CVE-ID: CVE-2025-39829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the register_ftrace_graph() function in kernel/trace/fgraph.c. A local user can perform a denial of service (DoS) attack.
20) Buffer overflow (CVE-ID: CVE-2025-39836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mm_communicate(), setup_mm_hdr(), get_max_payload(), get_property_int(), tee_get_variable(), tee_get_next_variable(), tee_set_variable() and tee_query_variable_info() functions in drivers/firmware/efi/stmm/tee_stmm_efi.c. A local user can perform a denial of service (DoS) attack.
21) Input validation error (CVE-ID: CVE-2025-39880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the con_fault_finish() and clear_standby() functions in net/ceph/messenger.c. A local user can perform a denial of service (DoS) attack.
22) Resource management error (CVE-ID: CVE-2025-39913)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_bpf_send_verdict() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
23) NULL pointer dereference (CVE-ID: CVE-2025-40097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hda_component_manager_init() function in sound/hda/codecs/side-codecs/hda_component.c. A local user can perform a denial of service (DoS) attack.
24) Improper error handling (CVE-ID: CVE-2025-40106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the comedi_buf_munge() function in drivers/comedi/comedi_buf.c. A local user can perform a denial of service (DoS) attack.
25) Input validation error (CVE-ID: CVE-2025-40132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the create_sdw_dailink() function in sound/soc/intel/boards/sof_sdw.c. A local user can perform a denial of service (DoS) attack.
26) Resource management error (CVE-ID: CVE-2025-40136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hisi_qm_reset_done(), qm_unregister_abnormal_irq(), qm_register_abnormal_irq() and hisi_qm_pci_init() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.
27) Improper locking (CVE-ID: CVE-2025-40142)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_pcm_group_init() function in sound/core/pcm_native.c. A local user can perform a denial of service (DoS) attack.
28) Improper locking (CVE-ID: CVE-2025-40166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __guc_exec_queue_process_msg_cleanup() function in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
29) Use of uninitialized resource (CVE-ID: CVE-2025-40177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the qaic_bootlog_mhi_probe() function in drivers/accel/qaic/qaic_debugfs.c. A local user can perform a denial of service (DoS) attack.
30) Resource management error (CVE-ID: CVE-2025-40181)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_sev_hc_page_enc_status() and kvm_init_platform() functions in arch/x86/kernel/kvm.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2025-40202)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the deliver_response(), ipmi_set_gets_events(), i_ipmi_request(), handle_ipmb_get_msg_cmd(), handle_ipmb_direct_rcv_cmd(), handle_lan_get_msg_cmd(), handle_oem_get_msg_cmd(), handle_read_event_rsp(), smi_work() and free_recv_msg() functions in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
32) NULL pointer dereference (CVE-ID: CVE-2025-40238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_devcom_cleanup_mpv() and mlx5e_nic_disable() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
33) NULL pointer dereference (CVE-ID: CVE-2025-40254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the net/openvswitch/flow_netlink.h. A local user can perform a denial of service (DoS) attack.
34) Use-after-free (CVE-ID: CVE-2025-40257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_remove_anno_list_by_saddr(), mptcp_pm_del_add_timer() and mptcp_pm_free_anno_list() functions in net/mptcp/pm.c. A local user can escalate privileges on the system.
35) Input validation error (CVE-ID: CVE-2025-40259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sg_remove_sfp_usercontext() function in drivers/scsi/sg.c. A local user can perform a denial of service (DoS) attack.
36) Improper locking (CVE-ID: CVE-2025-40261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_fc_delete_ctrl() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
37) NULL pointer dereference (CVE-ID: CVE-2025-40264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_xmit_flush(), be_send_pkt_to_bmc() and be_xmit() functions in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
38) Use-after-free (CVE-ID: CVE-2025-40328)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the open_cached_dir(), open_cached_dir_by_dentry(), drop_cached_dir_by_name(), cached_dir_offload_close() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.
39) Resource management error (CVE-ID: CVE-2025-40350)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlx5e_skb_from_cqe_mpwrq_nonlinear() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
40) Input validation error (CVE-ID: CVE-2025-40355)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the compat_only_sysfs_link_entry_to_kobj(), sysfs_group_attrs_change_owner() and sysfs_group_change_owner() functions in fs/sysfs/group.c. A local user can perform a denial of service (DoS) attack.
41) Resource management error (CVE-ID: CVE-2025-40363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ah6_output_done() and ah6_output() functions in net/ipv6/ah6.c. A local user can perform a denial of service (DoS) attack.
42) Resource management error (CVE-ID: CVE-2025-68171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fpu__clear_user_states() function in arch/x86/kernel/fpu/core.c. A local user can perform a denial of service (DoS) attack.
43) Incorrect calculation (CVE-ID: CVE-2025-68174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the kfd_process_destroy_pdds() and kfd_create_process_device_data() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.
44) Improper locking (CVE-ID: CVE-2025-68178)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blkg_conf_prep() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
45) Use-after-free (CVE-ID: CVE-2025-68188)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_fastopen_active_disable_ofo_check() function in net/ipv4/tcp_fastopen.c. A local user can escalate privileges on the system.
46) Resource management error (CVE-ID: CVE-2025-68200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cls_bpf_classify() function in net/sched/cls_bpf.c. A local user can perform a denial of service (DoS) attack.
47) Use of uninitialized resource (CVE-ID: CVE-2025-68215)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ice_ptp_init() function in drivers/net/ethernet/intel/ice/ice_ptp.c. A local user can perform a denial of service (DoS) attack.
48) Resource management error (CVE-ID: CVE-2025-68227)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_wnd_end() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
49) Memory leak (CVE-ID: CVE-2025-68241)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fnhe_remove_oldest() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
50) Memory leak (CVE-ID: CVE-2025-68245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __netpoll_cleanup() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
51) Out-of-bounds read (CVE-ID: CVE-2025-68254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the OnBeacon() function in drivers/staging/rtl8723bs/core/rtw_mlme_ext.c. A local user can perform a denial of service (DoS) attack.
52) Out-of-bounds read (CVE-ID: CVE-2025-68256)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_get_ie() function in drivers/staging/rtl8723bs/core/rtw_ieee80211.c. A local user can perform a denial of service (DoS) attack.
53) Reachable assertion (CVE-ID: CVE-2025-68261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ext4_destroy_inline_data_nolock() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
54) Out-of-bounds read (CVE-ID: CVE-2025-68284)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_auth_session_key() function in net/ceph/auth_x.c. A local user can perform a denial of service (DoS) attack.
55) Use-after-free (CVE-ID: CVE-2025-68285)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the monmap_show() and osdmap_show() functions in net/ceph/debugfs.c. A local user can escalate privileges on the system.
56) Out-of-bounds read (CVE-ID: CVE-2025-68296)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fbcon_fb_unregistered() and do_fb_registered() functions in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
57) Improper locking (CVE-ID: CVE-2025-68297)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the decrypt_control_remainder() and process_v2_sparse_read() functions in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
58) Out-of-bounds read (CVE-ID: CVE-2025-68301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aq_ring_rx_clean() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c. A local user can perform a denial of service (DoS) attack.
59) Improper locking (CVE-ID: CVE-2025-68320)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lan966x_es0_read_esdx_counter() and lan966x_es0_write_esdx_counter() functions in drivers/net/ethernet/microchip/lan966x/lan966x_vcap_impl.c. A local user can perform a denial of service (DoS) attack.
60) NULL pointer dereference (CVE-ID: CVE-2025-68325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cake_drop(), cake_reconfigure() and cake_enqueue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
61) Resource management error (CVE-ID: CVE-2025-68327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
62) Reachable assertion (CVE-ID: CVE-2025-68337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the jbd2_journal_get_create_access() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
63) Buffer overflow (CVE-ID: CVE-2025-68349)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pnfs_mark_layout_stateid_invalid() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
64) Resource management error (CVE-ID: CVE-2025-68363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_5() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
65) Use of uninitialized resource (CVE-ID: CVE-2025-68365)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ntfs_create_inode(), ntfs_link_inode() and ntfs_unlink_inode() functions in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
66) Use-after-free (CVE-ID: CVE-2025-68366)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_genl_connect() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
67) Improper locking (CVE-ID: CVE-2025-68367)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mac_hid_toggle_emumouse() function in drivers/macintosh/mac_hid.c. A local user can perform a denial of service (DoS) attack.
68) Use-after-free (CVE-ID: CVE-2025-68372)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the recv_work() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
69) NULL pointer dereference (CVE-ID: CVE-2025-68379)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rxe_srq_from_attr() function in drivers/infiniband/sw/rxe/rxe_srq.c. A local user can perform a denial of service (DoS) attack.
70) Infinite loop (CVE-ID: CVE-2025-68725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
71) Buffer overflow (CVE-ID: CVE-2025-68727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_link_inode() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
72) Buffer overflow (CVE-ID: CVE-2025-68728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ntfs_get_bh() function in fs/ntfs3/fsntfs.c. A local user can perform a denial of service (DoS) attack.
73) Resource management error (CVE-ID: CVE-2025-68733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_setattr() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.
74) Improper locking (CVE-ID: CVE-2025-68764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_get_tree_common() function in fs/nfs/super.c. A local user can perform a denial of service (DoS) attack.
75) Improper locking (CVE-ID: CVE-2025-68768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip_expire() function in net/ipv4/ip_fragment.c. A local user can perform a denial of service (DoS) attack.
76) Resource management error (CVE-ID: CVE-2025-68770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_rx_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
77) Improper error handling (CVE-ID: CVE-2025-68771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_claim_suballoc_bits() function in fs/ocfs2/suballoc.c. A local user can perform a denial of service (DoS) attack.
78) Buffer overflow (CVE-ID: CVE-2025-68773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the fsl_spi_prepare_message() function in drivers/spi/spi-fsl-spi.c. A local user can perform a denial of service (DoS) attack.
79) Memory leak (CVE-ID: CVE-2025-68775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the handshake_req_cancel() function in net/handshake/request.c. A local user can perform a denial of service (DoS) attack.
80) NULL pointer dereference (CVE-ID: CVE-2025-68776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prp_get_untagged_frame() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
81) Out-of-bounds read (CVE-ID: CVE-2025-68777)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the titsc_config_wires() function in drivers/input/touchscreen/ti_am335x_tsc.c. A local user can perform a denial of service (DoS) attack.
82) Input validation error (CVE-ID: CVE-2025-68783)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the get_meter_levels_from_urb() function in sound/usb/mixer_us16x08.c. A local user can perform a denial of service (DoS) attack.
83) Input validation error (CVE-ID: CVE-2025-68788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __fsnotify_parent() function in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.
84) Use-after-free (CVE-ID: CVE-2025-68789)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmpex_high_low_store() and ibmpex_bmc_delete() functions in drivers/hwmon/ibmpex.c. A local user can escalate privileges on the system.
85) Buffer overflow (CVE-ID: CVE-2025-68795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ethtool_get_strings(), ethtool_get_stats(), ethtool_get_phy_stats_phydev(), ethtool_get_phy_stats_ethtool() and ethtool_get_phy_stats() functions in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.
86) NULL pointer dereference (CVE-ID: CVE-2025-68797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ac_ioctl() function in drivers/char/applicom.c. A local user can perform a denial of service (DoS) attack.
87) NULL pointer dereference (CVE-ID: CVE-2025-68798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_pmu_enable_all() function in arch/x86/events/amd/core.c. A local user can perform a denial of service (DoS) attack.
88) Use-after-free (CVE-ID: CVE-2025-68800)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_mr_route_add() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c. A local user can escalate privileges on the system.
89) Use-after-free (CVE-ID: CVE-2025-68801)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_neigh_entry_alloc(), mlxsw_sp_nexthop_dead_neigh_replace(), mlxsw_sp_nexthop_neigh_init() and mlxsw_sp_nexthop_neigh_fini() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c. A local user can escalate privileges on the system.
90) Resource management error (CVE-ID: CVE-2025-68802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/uapi/drm/xe_drm.h. A local user can perform a denial of service (DoS) attack.
91) Input validation error (CVE-ID: CVE-2025-68803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/nfsd/vfs.h. A local user can perform a denial of service (DoS) attack.
92) Use-after-free (CVE-ID: CVE-2025-68804)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cros_ec_ishtp_remove() function in drivers/platform/chrome/cros_ec_ishtp.c. A local user can escalate privileges on the system.
93) Use-after-free (CVE-ID: CVE-2025-68808)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vidtv_channel_si_init() function in drivers/media/test-drivers/vidtv/vidtv_channel.c. A local user can escalate privileges on the system.
94) NULL pointer dereference (CVE-ID: CVE-2025-68813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __ip_vs_get_out_rt() function in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
95) Memory leak (CVE-ID: CVE-2025-68814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __io_openat_prep() function in io_uring/openclose.c. A local user can perform a denial of service (DoS) attack.
96) Resource management error (CVE-ID: CVE-2025-68815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
97) Input validation error (CVE-ID: CVE-2025-68816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.h. A local user can perform a denial of service (DoS) attack.
98) Out-of-bounds read (CVE-ID: CVE-2025-68819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtv5100_i2c_msg() function in drivers/media/usb/dvb-usb/dtv5100.c. A local user can perform a denial of service (DoS) attack.
99) NULL pointer dereference (CVE-ID: CVE-2025-68820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
100) Use of uninitialized resource (CVE-ID: CVE-2025-71064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hclgevf_knic_setup() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c. A local user can perform a denial of service (DoS) attack.
101) Use-after-free (CVE-ID: CVE-2025-71066)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can escalate privileges on the system.
102) Resource management error (CVE-ID: CVE-2025-71076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xe_oa_set_no_preempt() function in drivers/gpu/drm/xe/xe_oa.c. A local user can perform a denial of service (DoS) attack.
103) Out-of-bounds read (CVE-ID: CVE-2025-71077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/tpm.h. A local user can perform a denial of service (DoS) attack.
104) Resource management error (CVE-ID: CVE-2025-71078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the preload_age() function in arch/powerpc/mm/book3s64/slb.c. A local user can perform a denial of service (DoS) attack.
105) Improper locking (CVE-ID: CVE-2025-71079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() and nfc_unregister_device() functions in net/nfc/core.c. A local user can perform a denial of service (DoS) attack.
106) Improper error handling (CVE-ID: CVE-2025-71080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rt6_make_pcpu_route() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
107) Memory leak (CVE-ID: CVE-2025-71081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_sai_sub_parse_of(), stm32_sai_sub_probe() and stm32_sai_sub_remove() functions in sound/soc/stm/stm32_sai_sub.c. A local user can perform a denial of service (DoS) attack.
108) Use-after-free (CVE-ID: CVE-2025-71082)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btusb_probe() and btusb_disconnect() functions in drivers/bluetooth/btusb.c. A local user can escalate privileges on the system.
109) NULL pointer dereference (CVE-ID: CVE-2025-71083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ttm_bo_vm_access() function in drivers/gpu/drm/ttm/ttm_bo_vm.c. A local user can perform a denial of service (DoS) attack.
110) Improper resource shutdown or release (CVE-ID: CVE-2025-71084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the destroy_mc() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
111) Resource management error (CVE-ID: CVE-2025-71085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the calipso_skbuff_setattr() function in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
112) Memory leak (CVE-ID: CVE-2025-71086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rose_kill_by_device() function in net/rose/af_rose.c. A local user can perform a denial of service (DoS) attack.
113) Off-by-one (CVE-ID: CVE-2025-71087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the iavf_config_rss_reg() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
114) Improper locking (CVE-ID: CVE-2025-71088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the subflow_state_change() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
115) Double free (CVE-ID: CVE-2025-71089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the iommu_sva_bind_device() function in drivers/iommu/iommu-sva.c. A local user can perform a denial of service (DoS) attack.
116) Improper error handling (CVE-ID: CVE-2025-71091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __team_queue_override_enabled_check() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
117) Buffer overflow (CVE-ID: CVE-2025-71093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the e1000_tbi_should_accept() function in drivers/net/ethernet/intel/e1000/e1000_main.c. A local user can escalate privileges on the system.
118) Resource management error (CVE-ID: CVE-2025-71094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the asix_read_phy_addr() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
119) Race condition (CVE-ID: CVE-2025-71095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the MODULE_PARM_DESC(), stmmac_xdp_get_tx_queue(), stmmac_xdp_xmit_back() and stmmac_rx_zc() functions in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
120) NULL pointer dereference (CVE-ID: CVE-2025-71096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ib_nl_handle_ip_res_resp() function in drivers/infiniband/core/addr.c. A local user can perform a denial of service (DoS) attack.
121) Memory leak (CVE-ID: CVE-2025-71097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fib_table_flush() function in net/ipv4/fib_trie.c. A local user can perform a denial of service (DoS) attack.
122) Improper error handling (CVE-ID: CVE-2025-71098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ip6gre_header() function in net/ipv6/ip6_gre.c. A local user can perform a denial of service (DoS) attack.
123) Use-after-free (CVE-ID: CVE-2025-71099)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xe_oa_add_config_ioctl() function in drivers/gpu/drm/xe/xe_oa.c. A local user can escalate privileges on the system.
124) Out-of-bounds read (CVE-ID: CVE-2025-71100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl92cu_tx_fill_desc() function in drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c. A local user can perform a denial of service (DoS) attack.
125) Out-of-bounds read (CVE-ID: CVE-2025-71101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hp_populate_string_elements_from_package() function in drivers/platform/x86/hp/hp-bioscfg/string-attributes.c. A local user can perform a denial of service (DoS) attack.
126) Input validation error (CVE-ID: CVE-2025-71108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ucsi_init() function in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
127) Race condition (CVE-ID: CVE-2025-71111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/hwmon/w83791d.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
128) Out-of-bounds read (CVE-ID: CVE-2025-71112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hclge_set_vlan_filter() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
129) Buffer overflow (CVE-ID: CVE-2025-71114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the wdt_probe() function in drivers/watchdog/via_wdt.c. A local user can perform a denial of service (DoS) attack.
130) Out-of-bounds read (CVE-ID: CVE-2025-71116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_pool() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
131) NULL pointer dereference (CVE-ID: CVE-2025-71118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ns_walk_namespace() function in drivers/acpi/acpica/nswalk.c. A local user can perform a denial of service (DoS) attack.
132) Resource management error (CVE-ID: CVE-2025-71119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kexec_prepare_cpus_wait() and wake_offline_cpus() functions in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2025-71120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
134) Memory leak (CVE-ID: CVE-2025-71123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_apply_sb_mount_options() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
135) NULL pointer dereference (CVE-ID: CVE-2025-71130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eb_lookup_vmas(), i915_gem_do_execbuffer() and i915_gem_execbuffer2_ioctl() functions in drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c. A local user can perform a denial of service (DoS) attack.
136) Double free (CVE-ID: CVE-2025-71131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the seqiv_aead_encrypt() function in crypto/seqiv.c. A local user can perform a denial of service (DoS) attack.
137) Memory leak (CVE-ID: CVE-2025-71132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smc_rcv() function in drivers/net/ethernet/smsc/smc91x.c. A local user can perform a denial of service (DoS) attack.
138) Out-of-bounds read (CVE-ID: CVE-2025-71133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the irdma_net_event() function in drivers/infiniband/hw/irdma/utils.c. A local user can perform a denial of service (DoS) attack.
139) NULL pointer dereference (CVE-ID: CVE-2025-71135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the raid5_store_group_thread_cnt() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
140) Out-of-bounds read (CVE-ID: CVE-2025-71136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the adv7842_cp_log_status() function in drivers/media/i2c/adv7842.c. A local user can perform a denial of service (DoS) attack.
141) Out-of-bounds read (CVE-ID: CVE-2025-71137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the otx2_set_ringparam() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c. A local user can perform a denial of service (DoS) attack.
142) NULL pointer dereference (CVE-ID: CVE-2025-71138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_encoder_phys_wb_setup_ctl() function in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c. A local user can perform a denial of service (DoS) attack.
143) Improper error handling (CVE-ID: CVE-2025-71141)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the drivers/gpu/drm/tilcdc/tilcdc_drv.h. A local user can perform a denial of service (DoS) attack.
144) Resource management error (CVE-ID: CVE-2025-71142)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the remote_partition_disable() and cpuset_hotplug_update_tasks() functions in kernel/cgroup/cpuset.c. A local user can perform a denial of service (DoS) attack.
145) Out-of-bounds read (CVE-ID: CVE-2025-71143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the exynos_clkout_probe() function in drivers/clk/samsung/clk-exynos-clkout.c. A local user can perform a denial of service (DoS) attack.
146) Memory leak (CVE-ID: CVE-2025-71145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the isp1301_get_client() function in drivers/usb/phy/phy-isp1301.c. A local user can perform a denial of service (DoS) attack.
147) Memory leak (CVE-ID: CVE-2025-71147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_load_cmd() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
148) Resource management error (CVE-ID: CVE-2025-71149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_poll_remove() function in io_uring/poll.c. A local user can perform a denial of service (DoS) attack.
149) Memory leak (CVE-ID: CVE-2025-71154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the async_set_registers() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
150) Resource management error (CVE-ID: CVE-2025-71156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gve_add_napi() function in drivers/net/ethernet/google/gve/gve_utils.c. A local user can perform a denial of service (DoS) attack.
151) Incorrect calculation (CVE-ID: CVE-2025-71157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the ib_del_sub_device_and_put() function in drivers/infiniband/core/device.c. A local user can perform a denial of service (DoS) attack.
152) Use-after-free (CVE-ID: CVE-2025-71162)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tegra_adma_stop() and tegra_adma_probe() functions in drivers/dma/tegra210-adma.c. A local user can escalate privileges on the system.
153) Memory leak (CVE-ID: CVE-2025-71163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the unbind_store() and bind_store() functions in drivers/dma/idxd/compat.c. A local user can perform a denial of service (DoS) attack.
154) NULL pointer dereference (CVE-ID: CVE-2026-22976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qfq_reset_qdisc() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
155) Memory leak (CVE-ID: CVE-2026-22977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sock_enable_timestamp() and sock_recv_errqueue() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
156) Buffer overflow (CVE-ID: CVE-2026-22978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the compat_private_call() function in net/wireless/wext-priv.c. A local user can perform a denial of service (DoS) attack.
157) Out-of-bounds read (CVE-ID: CVE-2026-22984)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the process_auth_done() function in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.
158) NULL pointer dereference (CVE-ID: CVE-2026-22985)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_send_get_stats_msg() and idpf_send_get_set_rss_lut_msg() functions in drivers/net/ethernet/intel/idpf/idpf_virtchnl.c. A local user can perform a denial of service (DoS) attack.
159) Input validation error (CVE-ID: CVE-2026-22988)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arp_create() function in net/ipv4/arp.c. A local user can perform a denial of service (DoS) attack.
160) Input validation error (CVE-ID: CVE-2026-22990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the osdmap_apply_incremental() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
161) Use-after-free (CVE-ID: CVE-2026-22991)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_choose_arg_map() function in net/ceph/osdmap.c. A local user can escalate privileges on the system.
162) NULL pointer dereference (CVE-ID: CVE-2026-22992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mon_handle_auth_done() function in net/ceph/mon_client.c. A local user can perform a denial of service (DoS) attack.
163) NULL pointer dereference (CVE-ID: CVE-2026-22993)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/intel/idpf/idpf_txrx.h. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2026-22996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the _mlx5e_resume(), mlx5e_resume(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
165) Memory leak (CVE-ID: CVE-2026-22997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the j1939_xtp_rx_rts_session_active() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
166) Use-after-free (CVE-ID: CVE-2026-22999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qfq_change_class() function in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
167) NULL pointer dereference (CVE-ID: CVE-2026-23000)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_vport_uplink_rep_load() and mlx5e_vport_uplink_rep_unload() functions in drivers/net/ethernet/mellanox/mlx5/core/en_rep.c. A local user can perform a denial of service (DoS) attack.
168) Use-after-free (CVE-ID: CVE-2026-23001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macvlan_hash_lookup_source(), macvlan_hash_add_source(), macvlan_hash_add(), macvlan_flush_sources(), macvlan_forward_source() and macvlan_fill_info_macaddr() functions in drivers/net/macvlan.c. A local user can escalate privileges on the system.
169) Resource management error (CVE-ID: CVE-2026-23005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_vcpu_ioctl_x86_get_xsave() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
170) NULL pointer dereference (CVE-ID: CVE-2026-23006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the adcx140_pwr_ctrl() function in sound/soc/codecs/tlv320adcx140.c. A local user can perform a denial of service (DoS) attack.
171) Improper error handling (CVE-ID: CVE-2026-23011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ipgre_header() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.