SB2025052639 - SUSE update for the Linux Kernel
Published: May 26, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 170 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2023-53034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the switchtec_ntb_mw_set_trans() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can perform a denial of service (DoS) attack.
2) Resource management error (CVE-ID: CVE-2024-27018)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to resource management error within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the br_nf_local_in() function in net/bridge/br_netfilter_hooks.c, within the br_netif_receive_skb(), br_pass_frame_up(), br_handle_frame_finish() and br_handle_frame() functions in net/bridge/br_input.c. A local user can execute arbitrary code.
3) Improper locking (CVE-ID: CVE-2024-27415)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_conntrack_init_end() function in net/netfilter/nf_conntrack_core.c, within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the IS_ENABLED() and br_nf_pre_routing() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2024-28956)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to an error in the hardware support for prediction-domain isolation dubbed "Indirect Target Selection". A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests.
5) Resource management error (CVE-ID: CVE-2024-35840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the subflow_finish_connect() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
6) NULL pointer dereference (CVE-ID: CVE-2024-46763)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
7) Use of uninitialized resource (CVE-ID: CVE-2024-46865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gue_gro_receive() function in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
8) Resource management error (CVE-ID: CVE-2024-50038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.
9) Resource management error (CVE-ID: CVE-2024-50083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.
10) NULL pointer dereference (CVE-ID: CVE-2024-50162)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_map_hash_get_next_key(), dev_map_bpf_prog_run() and bq_xmit_all() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.
11) Input validation error (CVE-ID: CVE-2024-50163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
12) Race condition within a thread (CVE-ID: CVE-2024-53124)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_v6_do_rcv() function in net/ipv6/tcp_ipv6.c, within the dccp_v6_do_rcv() function in net/dccp/ipv6.c. A local user can corrupt data.
13) Use-after-free (CVE-ID: CVE-2024-53139)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_v6_available() function in net/sctp/ipv6.c. A local user can escalate privileges on the system.
14) Resource management error (CVE-ID: CVE-2024-56641)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smc_sk_init(), smc_connect_rdma(), smc_connect_ism() and smc_listen_work() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2024-56702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SEC() function in tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c, within the reg_btf_record(), check_ptr_to_btf_access(), check_mem_access(), check_func_arg(), btf_check_func_arg_match(), check_kfunc_args(), sanitize_check_bounds(), adjust_ptr_min_max_vals() and convert_ctx_accesses() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
16) Reachable assertion (CVE-ID: CVE-2024-57924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
17) Reachable assertion (CVE-ID: CVE-2024-57998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the _find_opp_table(), _opp_table_find_key(), _find_key(), _find_key_exact(), _opp_table_find_key_ceil(), _find_key_ceil(), dev_pm_opp_find_freq_exact_indexed(), dev_pm_opp_find_freq_ceil_indexed(), dev_pm_opp_find_freq_floor_indexed(), dev_pm_opp_remove(), _opp_add_v1(), _opp_set_availability() and dev_pm_opp_adjust_voltage() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
18) Resource management error (CVE-ID: CVE-2024-58001)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.
19) Improper locking (CVE-ID: CVE-2024-58018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the r535_gsp_cmdq_push() function in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c. A local user can perform a denial of service (DoS) attack.
20) NULL pointer dereference (CVE-ID: CVE-2024-58068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the assert_clk_index(), dev_pm_opp_find_bw_ceil() and dev_pm_opp_find_bw_floor() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2024-58070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_local_storage_map_alloc() function in kernel/bpf/bpf_local_storage.c. A local user can perform a denial of service (DoS) attack.
22) Improper locking (CVE-ID: CVE-2024-58071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the team_port_add() function in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.
23) NULL pointer dereference (CVE-ID: CVE-2024-58088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cgroup_storage_map_alloc() function in kernel/bpf/bpf_cgrp_storage.c. A local user can perform a denial of service (DoS) attack.
24) Use-after-free (CVE-ID: CVE-2024-58093)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.
25) Input validation error (CVE-ID: CVE-2024-58094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jfs_truncate_nolock() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.
26) Input validation error (CVE-ID: CVE-2024-58095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the extAlloc() and extRecord() functions in fs/jfs/jfs_extent.c. A local user can perform a denial of service (DoS) attack.
27) Resource management error (CVE-ID: CVE-2024-58096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath11k_dp_rx_mon_dest_process(), ath11k_dp_full_mon_process_rx() and ath11k_hal_srng_access_end() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
28) Infinite loop (CVE-ID: CVE-2024-58097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ath11k_dp_rx_mon_mpdu_pop() and ath11k_dp_rx_full_mon_mpdu_pop() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
29) Memory leak (CVE-ID: CVE-2025-21683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the BPF_CALL_4() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
30) Resource management error (CVE-ID: CVE-2025-21696)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the move_ptes(), move_normal_pmd() and move_normal_pud() functions in mm/mremap.c, within the move_huge_pte() function in mm/hugetlb.c, within the move_soft_dirty_pmd() and move_huge_pmd() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
31) Use of uninitialized resource (CVE-ID: CVE-2025-21707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_parse_option() and mptcp_get_options() functions in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2025-21729)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtw89_ops_cancel_hw_scan() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can escalate privileges on the system.
33) NULL pointer dereference (CVE-ID: CVE-2025-21755)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __vsock_release() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
34) Buffer overflow (CVE-ID: CVE-2025-21758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
35) Memory leak (CVE-ID: CVE-2025-21768)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_output_core() function in net/ipv6/seg6_iptunnel.c, within the rpl_output() function in net/ipv6/rpl_iptunnel.c. A local user can perform a denial of service (DoS) attack.
36) Memory leak (CVE-ID: CVE-2025-21792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_setsockopt() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
37) Improper error handling (CVE-ID: CVE-2025-21806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.
38) Input validation error (CVE-ID: CVE-2025-21808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dev_xdp_attach() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
39) Use-after-free (CVE-ID: CVE-2025-21812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.
40) NULL pointer dereference (CVE-ID: CVE-2025-21833)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the domain_remove_dev_pasid() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
41) Buffer overflow (CVE-ID: CVE-2025-21836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_destroy_buffers() and io_register_pbuf_ring() functions in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.
42) NULL pointer dereference (CVE-ID: CVE-2025-21852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
43) Use-after-free (CVE-ID: CVE-2025-21853)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_map_mmap() function in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
44) NULL pointer dereference (CVE-ID: CVE-2025-21854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_sk_state_allowed() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
45) Input validation error (CVE-ID: CVE-2025-21863)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_init_req() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
46) Use-after-free (CVE-ID: CVE-2025-21867)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_test_init() function in net/bpf/test_run.c. A local user can escalate privileges on the system.
47) Input validation error (CVE-ID: CVE-2025-21873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ufshcd_rpm_put_sync() function in drivers/ufs/core/ufs_bsg.c. A local user can perform a denial of service (DoS) attack.
48) Improper locking (CVE-ID: CVE-2025-21875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_nl_remove_subflow_and_signal_addr() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
49) Input validation error (CVE-ID: CVE-2025-21881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
50) Resource management error (CVE-ID: CVE-2025-21884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c, within the smc_create_clcsk() function in net/smc/af_smc.c, within the rds_tcp_tune() function in net/rds/tcp.c, within the netlink_release() function in net/netlink/af_netlink.c, within the mptcp_subflow_create_socket() function in net/mptcp/subflow.c, within the sk_alloc(), EXPORT_SYMBOL(), __sk_destruct() and sk_clone_lock() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
51) Use-after-free (CVE-ID: CVE-2025-21887)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovl_link_up() function in fs/overlayfs/copy_up.c. A local user can escalate privileges on the system.
52) Improper locking (CVE-ID: CVE-2025-21889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the perf_event_exec() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
53) Resource management error (CVE-ID: CVE-2025-21894)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the enetc_set_coalesce() and enetc_get_ts_info() functions in drivers/net/ethernet/freescale/enetc/enetc_ethtool.c, within the enetc_hwtstamp_set() function in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.
54) Resource management error (CVE-ID: CVE-2025-21895)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the find_get_pmu_context() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
55) NULL pointer dereference (CVE-ID: CVE-2025-21904)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/caif/caif_virtio.c. A local user can perform a denial of service (DoS) attack.
56) Buffer overflow (CVE-ID: CVE-2025-21905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_parse_tlv_firmware() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.
57) Input validation error (CVE-ID: CVE-2025-21906)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_rx_session_protect_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/time-event.c. A local user can perform a denial of service (DoS) attack.
58) Improper locking (CVE-ID: CVE-2025-21908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kcompactd() function in mm/compaction.c, within the nfs_release_folio() function in fs/nfs/file.c. A local user can perform a denial of service (DoS) attack.
59) Input validation error (CVE-ID: CVE-2025-21909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_monitor_flags() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
60) Improper locking (CVE-ID: CVE-2025-21910)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_an_alpha2() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
61) Improper locking (CVE-ID: CVE-2025-21912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gpio_rcar_config_interrupt_input_mode(), gpio_rcar_config_general_input_output_mode(), gpio_rcar_get_multiple(), gpio_rcar_set(), gpio_rcar_set_multiple() and gpio_rcar_probe() functions in drivers/gpio/gpio-rcar.c. A local user can perform a denial of service (DoS) attack.
62) Resource management error (CVE-ID: CVE-2025-21913)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the early_is_amd_nb() and amd_get_mmconfig_range() functions in arch/x86/kernel/amd_nb.c. A local user can perform a denial of service (DoS) attack.
63) Use-after-free (CVE-ID: CVE-2025-21914)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the slim_do_transfer() function in drivers/slimbus/messaging.c. A local user can escalate privileges on the system.
64) Use-after-free (CVE-ID: CVE-2025-21915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the driver_override_show() function in drivers/cdx/cdx.c. A local user can escalate privileges on the system.
65) Resource management error (CVE-ID: CVE-2025-21916)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
66) NULL pointer dereference (CVE-ID: CVE-2025-21917)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usbhs_remove() function in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2025-21918)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_init() and ucsi_unregister() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
68) Use of uninitialized resource (CVE-ID: CVE-2025-21922)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_send_frame() and ppp_receive_nonmp_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
69) Use-after-free (CVE-ID: CVE-2025-21923)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the steam_remove() function in drivers/hid/hid-steam.c. A local user can escalate privileges on the system.
70) Resource management error (CVE-ID: CVE-2025-21924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hclge_ptp_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
71) Improper error handling (CVE-ID: CVE-2025-21925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the llc_sap_action_unitdata_ind(), llc_sap_action_send_ui() and llc_sap_action_send_test_c() functions in net/llc/llc_s_ac.c. A local user can perform a denial of service (DoS) attack.
72) Improper error handling (CVE-ID: CVE-2025-21926)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
73) Buffer overflow (CVE-ID: CVE-2025-21927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvme_tcp_queue_id() and nvme_tcp_recv_pdu() functions in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
74) Use-after-free (CVE-ID: CVE-2025-21928)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ishtp_hid_remove() function in drivers/hid/intel-ish-hid/ishtp-hid.c. A local user can escalate privileges on the system.
75) Resource management error (CVE-ID: CVE-2025-21930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_dbgfs_fw_dbg_clear_write() function in drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-21931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_migrate_range() function in mm/memory_hotplug.c. A local user can perform a denial of service (DoS) attack.
77) Use-after-free (CVE-ID: CVE-2025-21934)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rio_mport_add_riodev() function in drivers/rapidio/devices/rio_mport_cdev.c. A local user can escalate privileges on the system.
78) Use-after-free (CVE-ID: CVE-2025-21935)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rio_scan_alloc_net() function in drivers/rapidio/rio-scan.c. A local user can escalate privileges on the system.
79) NULL pointer dereference (CVE-ID: CVE-2025-21936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_device_connected() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
80) NULL pointer dereference (CVE-ID: CVE-2025-21937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_remote_name() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
81) NULL pointer dereference (CVE-ID: CVE-2025-21941)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resource_build_scaling_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
82) Improper locking (CVE-ID: CVE-2025-21943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the new_device_store(), kfree() and delete_device_store() functions in drivers/gpio/gpio-aggregator.c. A local user can perform a denial of service (DoS) attack.
83) NULL pointer dereference (CVE-ID: CVE-2025-21948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the appleir_raw_event() function in drivers/hid/hid-appleir.c. A local user can perform a denial of service (DoS) attack.
84) Memory leak (CVE-ID: CVE-2025-21950)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pmcmd_ioctl() function in drivers/virt/acrn/hsm.c. A local user can perform a denial of service (DoS) attack.
85) Improper locking (CVE-ID: CVE-2025-21951)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mhi_pci_recovery_work() function in drivers/bus/mhi/host/pci_generic.c. A local user can perform a denial of service (DoS) attack.
86) NULL pointer dereference (CVE-ID: CVE-2025-21953)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mana_cleanup_port_context(), mana_destroy_eq(), mana_destroy_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c, within the debugfs_remove_recursive(), mana_gd_remove(), mana_gd_shutdown(), mana_driver_init() and mana_driver_exit() functions in drivers/net/ethernet/microsoft/mana/gdma_main.c. A local user can perform a denial of service (DoS) attack.
87) Resource management error (CVE-ID: CVE-2025-21956)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_norm_pix_clk() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
88) NULL pointer dereference (CVE-ID: CVE-2025-21957)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla1280_64bit_start_scsi() function in drivers/scsi/qla1280.c. A local user can perform a denial of service (DoS) attack.
89) Reachable assertion (CVE-ID: CVE-2025-21960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the bnxt_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
90) Resource management error (CVE-ID: CVE-2025-21961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_xdp_build_skb() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
91) Integer overflow (CVE-ID: CVE-2025-21962)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
92) Integer overflow (CVE-ID: CVE-2025-21963)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
93) Integer overflow (CVE-ID: CVE-2025-21964)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the smb3_fs_context_parse_param() function in fs/smb/client/fs_context.c. A local user can execute arbitrary code.
94) Buffer overflow (CVE-ID: CVE-2025-21966)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the clone_bio() function in drivers/md/dm-flakey.c. A local user can escalate privileges on the system.
95) Use-after-free (CVE-ID: CVE-2025-21968)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_destroy() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
96) Use-after-free (CVE-ID: CVE-2025-21969)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_get_ident(), l2cap_send_cmd(), l2cap_conn_del(), l2cap_conn_free(), l2cap_recv_reset() and l2cap_recv_acldata() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
97) Input validation error (CVE-ID: CVE-2025-21970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_esw_bridge_lag_rep_get(), mlx5_esw_bridge_is_local() and mlx5_esw_bridge_switchdev_event() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bridge.c. A local user can perform a denial of service (DoS) attack.
98) Incorrect calculation (CVE-ID: CVE-2025-21971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the tc_ctl_tclass() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
99) Memory leak (CVE-ID: CVE-2025-21972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mctp_test_route_input_sk_fail_frag() and KUNIT_CASE() functions in net/mctp/test/route-test.c, within the mctp_frag_queue() function in net/mctp/route.c. A local user can perform a denial of service (DoS) attack.
100) NULL pointer dereference (CVE-ID: CVE-2025-21975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_chains_create_table() function in drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c. A local user can perform a denial of service (DoS) attack.
101) Memory leak (CVE-ID: CVE-2025-21978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hyperv_vmbus_probe() and hyperv_vmbus_remove() functions in drivers/gpu/drm/hyperv/hyperv_drm_drv.c. A local user can perform a denial of service (DoS) attack.
102) Use-after-free (CVE-ID: CVE-2025-21979)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cfg80211_dev_free() function in net/wireless/core.c. A local user can escalate privileges on the system.
103) NULL pointer dereference (CVE-ID: CVE-2025-21980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gred_destroy() function in net/sched/sch_gred.c. A local user can perform a denial of service (DoS) attack.
104) Memory leak (CVE-ID: CVE-2025-21981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ice_init_arfs() function in drivers/net/ethernet/intel/ice/ice_arfs.c. A local user can perform a denial of service (DoS) attack.
105) Out-of-bounds read (CVE-ID: CVE-2025-21985)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the populate_dml_output_cfg_from_stream_state() and map_dc_state_into_dml_display_cfg() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c, within the dml21_map_dc_state_into_dml_display_cfg() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c. A local user can perform a denial of service (DoS) attack.
106) Out-of-bounds read (CVE-ID: CVE-2025-21991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the load_microcode_amd() function in arch/x86/kernel/cpu/microcode/amd.c. A local user can perform a denial of service (DoS) attack.
107) Input validation error (CVE-ID: CVE-2025-21992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
108) Out-of-bounds read (CVE-ID: CVE-2025-21993)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ibft_attr_show_nic() function in drivers/firmware/iscsi_ibft.c. A local user can perform a denial of service (DoS) attack.
109) Memory leak (CVE-ID: CVE-2025-21995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drm_sched_entity_kill() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
110) Use of uninitialized resource (CVE-ID: CVE-2025-21996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the radeon_vce_cs_parse() function in drivers/gpu/drm/radeon/radeon_vce.c. A local user can perform a denial of service (DoS) attack.
111) Use-after-free (CVE-ID: CVE-2025-21999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
112) Integer overflow (CVE-ID: CVE-2025-22001)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the invalid_sem() and qaic_validate_req() functions in drivers/accel/qaic/qaic_data.c. A local user can execute arbitrary code.
113) Out-of-bounds read (CVE-ID: CVE-2025-22003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ucan_ctrl_command_out() and ucan_probe() functions in drivers/net/can/usb/ucan.c. A local user can perform a denial of service (DoS) attack.
114) Use-after-free (CVE-ID: CVE-2025-22004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lec_send() function in net/atm/lec.c. A local user can escalate privileges on the system.
115) NULL pointer dereference (CVE-ID: CVE-2025-22007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the chan_alloc_skb_cb() function in net/bluetooth/6lowpan.c. A local user can perform a denial of service (DoS) attack.
116) Input validation error (CVE-ID: CVE-2025-22008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the regulator_resolve_supply() and _regulator_get_common() functions in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
117) NULL pointer dereference (CVE-ID: CVE-2025-22009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/regulator/dummy.c. A local user can perform a denial of service (DoS) attack.
118) Improper locking (CVE-ID: CVE-2025-22010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hem_list_alloc_root_bt(), hns_roce_hem_list_request() and hns_roce_hem_list_find_mtt() functions in drivers/infiniband/hw/hns/hns_roce_hem.c. A local user can perform a denial of service (DoS) attack.
119) Resource management error (CVE-ID: CVE-2025-22013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_arch_vcpu_load_fp() function in arch/arm64/kvm/fpsimd.c, within the fpsimd_signal_preserve_current_state() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
120) Improper locking (CVE-ID: CVE-2025-22014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pdr_locator_new_server() function in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.
121) NULL pointer dereference (CVE-ID: CVE-2025-22015)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the folio_migrate_mapping() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
122) Improper error handling (CVE-ID: CVE-2025-22016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dpll_pin_alloc() function in drivers/dpll/dpll_core.c. A local user can perform a denial of service (DoS) attack.
123) NULL pointer dereference (CVE-ID: CVE-2025-22017)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devlink_rel_alloc() function in net/devlink/core.c. A local user can perform a denial of service (DoS) attack.
124) NULL pointer dereference (CVE-ID: CVE-2025-22018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the MPOA_cache_impos_rcvd() function in net/atm/mpc.c. A local user can perform a denial of service (DoS) attack.
125) Use-after-free (CVE-ID: CVE-2025-22020)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtsx_usb_ms_drv_remove() function in drivers/memstick/host/rtsx_usb_ms.c. A local user can escalate privileges on the system.
126) Memory leak (CVE-ID: CVE-2025-22025)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_alloc_open_stateid() and nfsd_break_one_deleg() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
127) NULL pointer dereference (CVE-ID: CVE-2025-22027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the streamzap_disconnect() function in drivers/media/rc/streamzap.c. A local user can perform a denial of service (DoS) attack.
128) Improper locking (CVE-ID: CVE-2025-22029)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the begin_new_exec(), free_bprm(), check_unsafe_exec(), bprm_execve() and sched_mm_cid_after_execve() functions in fs/exec.c. A local user can perform a denial of service (DoS) attack.
129) NULL pointer dereference (CVE-ID: CVE-2025-22033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_compat_alignment_fixup() function in arch/arm64/kernel/compat_alignment.c. A local user can perform a denial of service (DoS) attack.
130) Use-after-free (CVE-ID: CVE-2025-22036)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the exfat_get_block() function in fs/exfat/inode.c. A local user can escalate privileges on the system.
131) Resource management error (CVE-ID: CVE-2025-22044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.
132) Input validation error (CVE-ID: CVE-2025-22045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/x86/include/asm/tlbflush.h. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2025-22050)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
134) Improper locking (CVE-ID: CVE-2025-22053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the veth_pool_store() function in drivers/net/ethernet/ibm/ibmveth.c. A local user can perform a denial of service (DoS) attack.
135) Out-of-bounds read (CVE-ID: CVE-2025-22055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nft_tunnel_obj_erspan_init() function in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
136) Memory leak (CVE-ID: CVE-2025-22058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the udp_skb_has_head_state(), udp_rmem_release(), EXPORT_SYMBOL_GPL() and first_packet_length() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
137) Use-after-free (CVE-ID: CVE-2025-22060)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvpp2_prs_hw_write(), mvpp2_prs_init_from_hw(), mvpp2_prs_flow_find(), mvpp2_prs_mac_drop_all_set(), mvpp2_prs_mac_promisc_set(), mvpp2_prs_dsa_tag_set(), mvpp2_prs_dsa_tag_ethertype_set(), mvpp2_prs_vlan_find(), mvpp2_prs_vlan_add(), mvpp2_prs_double_vlan_find(), mvpp2_prs_double_vlan_add(), mvpp2_prs_mac_init(), mvpp2_prs_vlan_init(), mvpp2_prs_vid_range_find(), mvpp2_prs_vid_entry_add(), mvpp2_prs_vid_entry_remove(), mvpp2_prs_vid_remove_all(), mvpp2_prs_vid_disable_filtering(), mvpp2_prs_vid_enable_filtering(), mvpp2_prs_default_init(), mvpp2_prs_mac_da_range_find(), mvpp2_prs_mac_da_accept(), mvpp2_prs_mac_del_all(), mvpp2_prs_tag_mode_set(), mvpp2_prs_add_flow(), mvpp2_prs_def_flow() and mvpp2_prs_hits() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c, within the mvpp2_probe() function in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can escalate privileges on the system.
138) NULL pointer dereference (CVE-ID: CVE-2025-22062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() and proc_sctp_do_udp_port() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
139) Incorrect calculation (CVE-ID: CVE-2025-22064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_updchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
140) NULL pointer dereference (CVE-ID: CVE-2025-22065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_shutdown() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
141) Improper locking (CVE-ID: CVE-2025-22075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtnl_vfinfo_size() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
142) Integer overflow (CVE-ID: CVE-2025-22080)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fs/ntfs3/ntfs.h. A local user can execute arbitrary code.
143) NULL pointer dereference (CVE-ID: CVE-2025-22086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntohl() function in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.
144) Use-after-free (CVE-ID: CVE-2025-22088)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the erdma_cancel_mpatimer() function in drivers/infiniband/hw/erdma/erdma_cm.c. A local user can escalate privileges on the system.
145) Resource management error (CVE-ID: CVE-2025-22090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the copy_page_range() function in mm/memory.c, within the vm_area_dup() function in kernel/fork.c, within the get_pat_info() and untrack_pfn() functions in arch/x86/mm/pat/memtype.c. A local user can perform a denial of service (DoS) attack.
146) NULL pointer dereference (CVE-ID: CVE-2025-22093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dmub_hw_lock_mgr_inbox0_cmd() function in drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c. A local user can perform a denial of service (DoS) attack.
147) Use-after-free (CVE-ID: CVE-2025-22097)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vkms_init() and vkms_destroy() functions in drivers/gpu/drm/vkms/vkms_drv.c. A local user can escalate privileges on the system.
148) Improper locking (CVE-ID: CVE-2025-22102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nxp_download_firmware() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
149) Out-of-bounds read (CVE-ID: CVE-2025-22104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vnic_add_client_data(), send_login(), handle_query_ip_offload_rsp() and handle_login_rsp() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
150) Resource management error (CVE-ID: CVE-2025-22105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bond_set_xfrm_features() function in drivers/net/bonding/bond_options.c, within the bond_sk_check(), bond_xdp_set_features() and bond_xdp_set() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
151) Resource management error (CVE-ID: CVE-2025-22106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmxnet3_rq_cleanup() and vmxnet3_rq_destroy() functions in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
152) Out-of-bounds read (CVE-ID: CVE-2025-22107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sja1105_table_delete_entry() function in drivers/net/dsa/sja1105/sja1105_static_config.c. A local user can perform a denial of service (DoS) attack.
153) Input validation error (CVE-ID: CVE-2025-22108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnxt_xmit_bd() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_start_xmit() and dma_unmap_addr_set() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
154) Memory leak (CVE-ID: CVE-2025-22109)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_get_route() function in net/ax25/ax25_route.c, within the ax25_connect() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
155) Use-after-free (CVE-ID: CVE-2025-22115)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_create_pending_block_groups() function in fs/btrfs/block-group.c. A local user can escalate privileges on the system.
156) Improper error handling (CVE-ID: CVE-2025-22116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idpf_stop() and idpf_init_task() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
157) Use-after-free (CVE-ID: CVE-2025-22121)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_xattr_check_block(), __xattr_check_inode(), ext4_xattr_ibody_get(), ext4_xattr_ibody_list(), ext4_get_inode_usage(), ext4_xattr_ibody_find() and sizeof() functions in fs/ext4/xattr.c, within the ext4_iget_extra_inode() function in fs/ext4/inode.c. A local user can escalate privileges on the system.
158) Resource management error (CVE-ID: CVE-2025-22128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath12k_pci_probe() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
159) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2025-2312)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exist due to cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments when trying to obtain Kerberos credentials. A local user can gain access to sensitive information.
160) Resource management error (CVE-ID: CVE-2025-23129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __free_irq() function in drivers/net/wireless/ath/ath11k/pci.c. A local user can perform a denial of service (DoS) attack.
161) NULL pointer dereference (CVE-ID: CVE-2025-23131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the new_lockspace() function in fs/dlm/lockspace.c. A local user can perform a denial of service (DoS) attack.
162) Out-of-bounds read (CVE-ID: CVE-2025-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath11k_reg_notifier(), ath11k_regd_update() and ath11k_regd_update_work() functions in drivers/net/wireless/ath/ath11k/reg.c. A local user can perform a denial of service (DoS) attack.
163) NULL pointer dereference (CVE-ID: CVE-2025-23136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the int3402_thermal_probe() function in drivers/thermal/intel/int340x_thermal/int3402_thermal.c. A local user can perform a denial of service (DoS) attack.
164) Integer underflow (CVE-ID: CVE-2025-23138)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the watch_queue_set_size() function in kernel/watch_queue.c. A local user can execute arbitrary code.
165) NULL pointer dereference (CVE-ID: CVE-2025-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subflow_hmac_valid() and subflow_syn_recv_sock() functions in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
166) Use-after-free (CVE-ID: CVE-2025-37785)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ext4_check_dir_entry() function in fs/ext4/dir.c. A local user can escalate privileges on the system.
167) Input validation error (CVE-ID: CVE-2025-37798)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_bstats_update() function in net/sched/sch_fq_codel.c, within the codel_qdisc_dequeue() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
168) Memory leak (CVE-ID: CVE-2025-37799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
169) NULL pointer dereference (CVE-ID: CVE-2025-37860)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ef100_process_design_param() and ef100_check_design_params() functions in drivers/net/ethernet/sfc/ef100_nic.c, within the ef100_probe_netdev() function in drivers/net/ethernet/sfc/ef100_netdev.c. A local user can perform a denial of service (DoS) attack.
170) Resource management error (CVE-ID: CVE-2025-39728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the samsung_clk_init() function in drivers/clk/samsung/clk.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.