Ubuntu update for linux



Risk Low
Patch available YES
Number of vulnerabilities 40
CVE-ID CVE-2025-21685
CVE-2025-21684
CVE-2025-21756
CVE-2025-21670
CVE-2024-57949
CVE-2025-21677
CVE-2025-21680
CVE-2025-21703
CVE-2024-57952
CVE-2025-21674
CVE-2025-21701
CVE-2025-21691
CVE-2025-21689
CVE-2025-21668
CVE-2025-21665
CVE-2025-21683
CVE-2025-21675
CVE-2025-21672
CVE-2024-57948
CVE-2025-21669
CVE-2025-21673
CVE-2025-21692
CVE-2025-21699
CVE-2025-21702
CVE-2025-21682
CVE-2025-21690
CVE-2025-21681
CVE-2025-21695
CVE-2025-21696
CVE-2025-21700
CVE-2025-21678
CVE-2025-21676
CVE-2024-57950
CVE-2025-21666
CVE-2025-21694
CVE-2025-21693
CVE-2025-21993
CVE-2024-57951
CVE-2025-21697
CVE-2025-21667
CWE-ID CWE-476
CWE-667
CWE-416
CWE-125
CWE-119
CWE-399
CWE-835
CWE-401
CWE-388
CWE-415
CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-virtual-hwe-24.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-24.04b (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-hwe-24.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-24.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-64k-hwe-24.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1020-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-realtime (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-24-generic-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-24-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1014-oracle-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1014-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1013-gcp-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1013-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1012-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1012-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1011-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.11.0-1008-realtime (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 40 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU103745

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21685

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the yt2_1380_fc_serdev_probe() function in drivers/platform/x86/lenovo-yoga-tab2-pro-1380-fastcharger.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper locking

EUVDB-ID: #VU103749

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21684

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DECLARE_BITMAP(), xgpio_set(), xgpio_set_multiple(), xgpio_dir_in(), xgpio_dir_out(), xgpio_irq_mask(), xgpio_irq_unmask(), xgpio_irqhandler() and xgpio_probe() functions in drivers/gpio/gpio-xilinx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU104945

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21756

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and __vsock_release() functions in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU103584

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21670

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vsock_bpf_recvmsg() function in net/vmw_vsock/vsock_bpf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU103747

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57949

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the its_irq_set_vcpu_affinity() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper locking

EUVDB-ID: #VU103589

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21677

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pfcp_newlink(), pfcp_dellink() and pfcp_net_init() functions in drivers/net/pfcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU103582

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21680

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_imix_entries() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU104073

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21703

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU103924

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the simple_offset_destroy(), offset_dir_open(), offset_dir_llseek(), offset_dir_emit() and offset_iterate_dir() functions in fs/libfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU103588

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21674

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_xfrm_add_state() and mlx5e_xfrm_del_state() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper locking

EUVDB-ID: #VU103960

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21701

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ethnl_ops_begin() function in net/ethtool/netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU103752

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21691

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the SYSCALL_DEFINE4() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU103742

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21689

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qt2_process_read_urb() function in drivers/usb/serial/quatech2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU103512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21668

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the imx8mp_blk_ctrl_remove() function in drivers/pmdomain/imx/imx8mp-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Infinite loop

EUVDB-ID: #VU103594

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21665

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the folio_seek_hole_data() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU103510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21683

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_4() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU103585

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21675

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_lag_port_sel_create() and mlx5_destroy_ttc_table() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU103514

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the afs_proc_addr_prefs_write() function in fs/afs/addr_prefs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper error handling

EUVDB-ID: #VU103592

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57948

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ieee802154_if_remove() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU103583

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21669

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the virtio_transport_recv_pkt() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Double free

EUVDB-ID: #VU103515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21673

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the clean_demultiplex_info() and cifs_put_tcp_session() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU103743

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21692

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU103923

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21699

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU104074

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21702

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU103587

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21682

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bnxt_xdp_set() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_set_ring_params(), bnxt_set_rx_skb_mode() and bnxt_init_one() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Resource management error

EUVDB-ID: #VU103751

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21690

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dev_warn() and storvsc_on_io_completion() functions in drivers/scsi/storvsc_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper locking

EUVDB-ID: #VU103591

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21681

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_output() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU103919

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21695

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dell_uart_bl_serdev_probe() function in drivers/platform/x86/dell/dell-uart-backlight.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Resource management error

EUVDB-ID: #VU103922

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21696

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the move_ptes(), move_normal_pmd() and move_normal_pud() functions in mm/mremap.c, within the move_huge_pte() function in mm/hugetlb.c, within the move_soft_dirty_pmd() and move_huge_pmd() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU103959

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21700

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper locking

EUVDB-ID: #VU103590

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21678

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gtp_newlink() and gtp_net_exit_batch_rtnl() functions in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU103581

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21676

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fec_enet_tx() and fec_enet_rx_queue() functions in drivers/net/ethernet/freescale/fec_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU103754

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57950

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CalculateBytePerPixelAndBlockSizes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU103513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21666

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and vsock_connectible_has_data() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU103918

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21694

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __read_vmcore() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU103741

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21693

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zswap_pool_create(), zswap_cpu_comp_prepare(), zswap_cpu_comp_dead(), zswap_compress() and zswap_decompress() functions in mm/zswap.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU106651

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21993

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ibft_attr_show_nic() function in drivers/firmware/iscsi_ibft.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU103921

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57951

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hrtimers_prepare_cpu() and hrtimers_cpu_dying() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) NULL pointer dereference

EUVDB-ID: #VU103920

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21697

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Infinite loop

EUVDB-ID: #VU103595

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21667

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the iomap_write_delalloc_scan() function in fs/iomap/buffered-io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 24.04 - 24.10

linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1020.20

linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-generic-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1020-oem (Ubuntu package): before 6.11.0-1020.20

linux-image-virtual (Ubuntu package): before 6.11.0-24.24+1

linux-image-realtime (Ubuntu package): before Ubuntu Pro

linux-image-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13

linux-image-lowlatency (Ubuntu package): before 6.11.0-1012.13

linux-image-generic-64k (Ubuntu package): before 6.11.0-24.24+1

linux-image-generic (Ubuntu package): before 6.11.0-24.24+1

linux-image-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-24-generic-64k (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-24-generic (Ubuntu package): before 6.11.0-24.24~24.04.1

linux-image-6.11.0-1014-oracle-64k (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1014-oracle (Ubuntu package): before 6.11.0-1014.15

linux-image-6.11.0-1013-gcp-64k (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1013-gcp (Ubuntu package): before 6.11.0-1013.13

linux-image-6.11.0-1012-lowlatency-64k (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-lowlatency (Ubuntu package): before 6.11.0-1012.13~24.04.1

linux-image-6.11.0-1012-aws (Ubuntu package): before 6.11.0-1012.13

linux-image-6.11.0-1011-raspi (Ubuntu package): before 6.11.0-1011.11

linux-image-6.11.0-1008-realtime (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7445-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###