SB2025061835 - SUSE update for the Linux Kernel
Published: June 18, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 89 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2020-36790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_subsys_attr_model_store() function in drivers/nvme/target/configfs.c. A local user can perform a denial of service (DoS) attack.
2) Out-of-bounds read (CVE-ID: CVE-2020-36791)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tcindex_set_parms() function in net/sched/cls_tcindex.c. A local user can perform a denial of service (DoS) attack.
3) Race condition (CVE-ID: CVE-2021-32399)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition for removal of the HCI controller within net/bluetooth/hci_request.c in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
4) Out-of-bounds read (CVE-ID: CVE-2021-3743)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the Qualcomm IPC router protocol in the Linux kernel. A local user can gain access to out-of-bounds memory to leak internal kernel information or perform a denial of service attack.
5) Use-after-free (CVE-ID: CVE-2021-47100)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bmc_device() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
6) NULL pointer dereference (CVE-ID: CVE-2021-47220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_remove() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
7) Resource management error (CVE-ID: CVE-2021-47229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the advk_pcie_wait_pio(), advk_pcie_rd_conf() and advk_pcie_wr_conf() functions in drivers/pci/host/pci-aardvark.c. A local user can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2021-47231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.
9) Memory leak (CVE-ID: CVE-2021-47236)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_tx_fixup() function in drivers/net/usb/cdc_eem.c. A local user can perform a denial of service (DoS) attack.
10) Memory leak (CVE-ID: CVE-2021-47239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() and smsc75xx_unbind() functions in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2021-47240)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qrtr_endpoint_post() function in net/qrtr/qrtr.c. A local user can perform a denial of service (DoS) attack.
12) Information disclosure (CVE-ID: CVE-2021-47246)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the mlx5_hairpin_unpair_peer_sq(), mlx5_hairpin_unpair_queues() and mlx5_core_hairpin_destroy() functions in drivers/net/ethernet/mellanox/mlx5/core/transobj.c, within the mlx5e_tc_hairpin_update_dead_peer() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can gain access to sensitive information.
13) Resource management error (CVE-ID: CVE-2021-47252)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the batadv_iv_ogm_emit() function in net/batman-adv/bat_iv_ogm.c. A local user can perform a denial of service (DoS) attack.
14) Information disclosure (CVE-ID: CVE-2021-47255)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the kvm_lapic_reg_read() function in arch/x86/kvm/lapic.c. A local user can gain access to sensitive information.
15) NULL pointer dereference (CVE-ID: CVE-2021-47260)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfs_get_client() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.
16) Out-of-bounds read (CVE-ID: CVE-2021-47288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ngene_command_config_free_buf() function in drivers/media/pci/ngene/ngene-core.c. A local user can perform a denial of service (DoS) attack.
17) Memory leak (CVE-ID: CVE-2021-47296)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_arch_vcpu_ioctl() function in arch/powerpc/kvm/powerpc.c. A local user can perform a denial of service (DoS) attack.
18) Information disclosure (CVE-ID: CVE-2021-47314)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_remove() and fsl_ifc_ctrl_probe() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.
19) Information disclosure (CVE-ID: CVE-2021-47315)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_probe() and free_irq() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.
20) Buffer overflow (CVE-ID: CVE-2021-47485)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qib_user_sdma_num_pages(), qib_user_sdma_free_pkt_frag(), qib_user_sdma_pin_pkt() and qib_user_sdma_queue_pkts() functions in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can escalate privileges on the system.
21) Use-after-free (CVE-ID: CVE-2021-47500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mma8452_trigger_setup() function in drivers/iio/accel/mma8452.c. A local user can escalate privileges on the system.
22) Buffer overflow (CVE-ID: CVE-2021-47511)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the snd_pcm_hw_param_value_min() and snd_pcm_oss_period_size() functions in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
23) Use-after-free (CVE-ID: CVE-2022-3564)
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.
24) Improper locking (CVE-ID: CVE-2022-48704)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the radeon_suspend_kms() function in drivers/gpu/drm/radeon/radeon_device.c. A local user can perform a denial of service (DoS) attack.
25) Buffer overflow (CVE-ID: CVE-2022-49110)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the EXPORT_SYMBOL_GPL(), DEFINE_MUTEX(), gc_worker_can_early_drop() and gc_worker() functions in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
26) NULL pointer dereference (CVE-ID: CVE-2022-49139)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hci_sync_conn_complete_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
27) Improper locking (CVE-ID: CVE-2022-49767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the p9_fd_open() function in net/9p/trans_fd.c. A local user can perform a denial of service (DoS) attack.
28) Out-of-bounds read (CVE-ID: CVE-2022-49769)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gfs2_check_sb() function in fs/gfs2/ops_fstype.c. A local user can perform a denial of service (DoS) attack.
29) Use-after-free (CVE-ID: CVE-2022-49770)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ceph_update_snap_trace() function in fs/ceph/snap.c. A local user can escalate privileges on the system.
30) Buffer overflow (CVE-ID: CVE-2022-49771)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the list_version_get_needed() and list_versions() functions in drivers/md/dm-ioctl.c. A local user can escalate privileges on the system.
31) Buffer overflow (CVE-ID: CVE-2022-49772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the snd_usbmidi_output_open() function in sound/usb/midi.c. A local user can perform a denial of service (DoS) attack.
32) Buffer overflow (CVE-ID: CVE-2022-49775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tcp_cdg_init() and tcp_cdg_release() functions in net/ipv4/tcp_cdg.c. A local user can perform a denial of service (DoS) attack.
33) Memory leak (CVE-ID: CVE-2022-49777)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the i8042_probe() and i8042_remove() functions in drivers/input/serio/i8042.c. A local user can perform a denial of service (DoS) attack.
34) Memory leak (CVE-ID: CVE-2022-49787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amd_probe() function in drivers/mmc/host/sdhci-pci-core.c. A local user can perform a denial of service (DoS) attack.
35) Memory leak (CVE-ID: CVE-2022-49788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qp_notify_peer_local() and qp_notify_peer() functions in drivers/misc/vmw_vmci/vmci_queue_pair.c. A local user can perform a denial of service (DoS) attack.
36) Use-after-free (CVE-ID: CVE-2022-49789)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zfcp_fsf_req_send() function in drivers/s390/scsi/zfcp_fsf.c. A local user can escalate privileges on the system.
37) Buffer overflow (CVE-ID: CVE-2022-49790)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iforce_init_device() function in drivers/input/joystick/iforce/iforce-main.c. A local user can perform a denial of service (DoS) attack.
38) Memory leak (CVE-ID: CVE-2022-49793)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_sysfs_trigger_remove() function in drivers/iio/trigger/iio-trig-sysfs.c. A local user can perform a denial of service (DoS) attack.
39) Memory leak (CVE-ID: CVE-2022-49794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at91_adc_allocate_trigger() function in drivers/iio/adc/at91_adc.c. A local user can perform a denial of service (DoS) attack.
40) Resource management error (CVE-ID: CVE-2022-49799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the register_synth_event() function in kernel/trace/trace_events_synth.c. A local user can perform a denial of service (DoS) attack.
41) Improper Initialization (CVE-ID: CVE-2022-49802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the ftrace_add_mod() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
42) Memory leak (CVE-ID: CVE-2022-49809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the x25_lapb_receive_frame() function in net/x25/x25_dev.c. A local user can perform a denial of service (DoS) attack.
43) Resource management error (CVE-ID: CVE-2022-49818)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mISDN_register_device() function in drivers/isdn/mISDN/core.c. A local user can perform a denial of service (DoS) attack.
44) Memory leak (CVE-ID: CVE-2022-49821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mISDN_dsp_element_register() and device_unregister() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
45) NULL pointer dereference (CVE-ID: CVE-2022-49823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_tdev_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.
46) NULL pointer dereference (CVE-ID: CVE-2022-49824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_tlink_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2022-49825)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_tport_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.
48) NULL pointer dereference (CVE-ID: CVE-2022-49826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_tport_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.
49) NULL pointer dereference (CVE-ID: CVE-2022-49827)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/gpu/drm/drm_internal.h. A local user can perform a denial of service (DoS) attack.
50) Memory leak (CVE-ID: CVE-2022-49830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drm_dev_init() function in drivers/gpu/drm/drm_drv.c. A local user can perform a denial of service (DoS) attack.
51) NULL pointer dereference (CVE-ID: CVE-2022-49832)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can perform a denial of service (DoS) attack.
52) Memory leak (CVE-ID: CVE-2022-49835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the add_widget_node() function in sound/hda/hdac_sysfs.c. A local user can perform a denial of service (DoS) attack.
53) Memory leak (CVE-ID: CVE-2022-49836)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the siox_device_add() function in drivers/siox/siox-core.c. A local user can perform a denial of service (DoS) attack.
54) NULL pointer dereference (CVE-ID: CVE-2022-49839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sas_phy_add() function in drivers/scsi/scsi_transport_sas.c. A local user can perform a denial of service (DoS) attack.
55) Resource management error (CVE-ID: CVE-2022-49841)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.
56) Use-after-free (CVE-ID: CVE-2022-49842)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in sound/soc/soc-core.c. A local user can escalate privileges on the system.
57) Out-of-bounds read (CVE-ID: CVE-2022-49846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the udf_find_entry() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.
58) Memory leak (CVE-ID: CVE-2022-49861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mv_xor_v2_remove() function in drivers/dma/mv_xor_v2.c. A local user can perform a denial of service attack.
59) Out-of-bounds read (CVE-ID: CVE-2022-49870)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/uapi/linux/capability.h. A local user can perform a denial of service (DoS) attack.
60) Improper error handling (CVE-ID: CVE-2022-49879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the make_indexed_dir() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
61) Infinite loop (CVE-ID: CVE-2022-49880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ext4_ext_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.
62) Memory leak (CVE-ID: CVE-2022-49881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the regdb_fw_cb() and query_regdb_file() functions in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
63) Memory leak (CVE-ID: CVE-2022-49887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vdec_probe() function in drivers/staging/media/meson/vdec/vdec.c. A local user can perform a denial of service attack.
64) NULL pointer dereference (CVE-ID: CVE-2022-49889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ring_buffer_wake_waiters() function in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
65) Use-after-free (CVE-ID: CVE-2022-49892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_shutdown() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
66) Memory leak (CVE-ID: CVE-2022-49906)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __ibmvnic_reset() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
67) Use-after-free (CVE-ID: CVE-2022-49910)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_rx_state_recv(), l2cap_rx() and l2cap_stream_rx() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
68) Memory leak (CVE-ID: CVE-2022-49915)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mISDN_register_device() function in drivers/isdn/mISDN/core.c. A local user can perform a denial of service (DoS) attack.
69) Memory leak (CVE-ID: CVE-2022-49922)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfcmrvl_i2c_nci_send() function in drivers/nfc/nfcmrvl/i2c.c. A local user can perform a denial of service (DoS) attack.
70) Memory leak (CVE-ID: CVE-2022-49927)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs40_init_client() function in fs/nfs/nfs4client.c. A local user can perform a denial of service (DoS) attack.
71) Improper locking (CVE-ID: CVE-2023-0160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
72) Use-after-free (CVE-ID: CVE-2023-1990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the ndlc_remove() function in drivers/nfc/st-nci/ndlc.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
73) Use-after-free (CVE-ID: CVE-2023-47233)
The vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.
74) NULL pointer dereference (CVE-ID: CVE-2023-52508)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvme_fc_io_getuuid() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
75) Improper locking (CVE-ID: CVE-2023-52591)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
76) Resource management error (CVE-ID: CVE-2023-52654)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the scm_fp_copy() function in net/core/scm.c, within the io_finish_async() and io_sqe_files_register() functions in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.
77) Double free (CVE-ID: CVE-2023-53039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the void recv_ipc() and ish_dev_init() functions in drivers/hid/intel-ish-hid/ipc/ipc.c. A local user can perform a denial of service (DoS) attack.
78) Improper locking (CVE-ID: CVE-2023-53052)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tconInfoAlloc() and tconInfoFree() functions in fs/cifs/misc.c, within the DECLARE_RWSEM(), dfs_cache_destroy(), dfs_cache_add_refsrv_session() and dfs_cache_remount_fs() functions in fs/cifs/dfs_cache.c, within the get_session(), get_dfs_conn(), __dfs_mount_share() and dfs_mount_share() functions in fs/cifs/dfs.c, within the cifs_mount() and cifs_umount() functions in fs/cifs/connect.c. A local user can perform a denial of service (DoS) attack.
79) Use-after-free (CVE-ID: CVE-2023-53106)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() function in drivers/nfc/st-nci/ndlc.c. A local user can escalate privileges on the system.
80) Race condition (CVE-ID: CVE-2023-6531)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition when the unix garbage collector's deletion of a SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. A local user can exploit the race and escalate privileges on the system.
81) Use-after-free (CVE-ID: CVE-2024-35811)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.
82) Improper locking (CVE-ID: CVE-2024-35895)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
83) Improper locking (CVE-ID: CVE-2024-35914)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lock_rename() and unlock_rename() functions in fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
84) Input validation error (CVE-ID: CVE-2024-46814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.
85) Use-after-free (CVE-ID: CVE-2024-53168)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.
86) Use-after-free (CVE-ID: CVE-2024-56558)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the e_show() function in fs/nfsd/export.c. A local user can escalate privileges on the system.
87) Use-after-free (CVE-ID: CVE-2025-21812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.
88) Use-after-free (CVE-ID: CVE-2025-21999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
89) Input validation error (CVE-ID: CVE-2025-37789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.