SB2025092452 - Ubuntu update for linux
Published: September 24, 2025 Updated: February 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 183 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2025-38499)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
2) Improper privilege management (CVE-ID: CVE-2025-38498)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.
3) Out-of-bounds read (CVE-ID: CVE-2025-38415)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the squashfs_fill_super() function in fs/squashfs/super.c. A local user can perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2025-38414)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_pci_enable_ltssm() function in drivers/net/wireless/ath/ath12k/pci.c. A local user can perform a denial of service (DoS) attack.
5) Race condition (CVE-ID: CVE-2025-38352)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android devices.
6) NULL pointer dereference (CVE-ID: CVE-2025-38319)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
7) Improper error handling (CVE-ID: CVE-2025-38318)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arm_ni_probe() function in drivers/perf/arm-ni.c. A local user can perform a denial of service (DoS) attack.
8) Buffer overflow (CVE-ID: CVE-2025-38317)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ath12k_write_htt_stats_type() function in drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c. A local user can escalate privileges on the system.
9) NULL pointer dereference (CVE-ID: CVE-2025-38316)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7996_phy_set_rxfilter() function in drivers/net/wireless/mediatek/mt76/mt7996/main.c. A local user can perform a denial of service (DoS) attack.
10) Buffer overflow (CVE-ID: CVE-2025-38315)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the btintel_uefi_get_dsbr() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2025-38314)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vp_modern_avq_done() function in drivers/virtio/virtio_pci_modern.c. A local user can perform a denial of service (DoS) attack.
12) Double free (CVE-ID: CVE-2025-38313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fsl_mc_device_add() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
13) Input validation error (CVE-ID: CVE-2025-38312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fb_find_mode_cvt() function in drivers/video/fbdev/core/fbcvt.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2025-38311)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iavf_configure(), iavf_clear_adv_rss_conf(), iavf_finish_config(), iavf_watchdog_step(), iavf_watchdog_task(), iavf_disable_vf(), iavf_reset_task(), wake_up(), iavf_adminq_task(), iavf_configure_clsflower(), iavf_open(), iavf_free_all_rx_resources(), iavf_close(), iavf_shaper_set(), iavf_shaper_del(), iavf_probe(), iavf_suspend() and iavf_remove() functions in drivers/net/ethernet/intel/iavf/iavf_main.c, within the iavf_add_fdir_ethtool() and iavf_set_adv_rss_hash_opt() functions in drivers/net/ethernet/intel/iavf/iavf_ethtool.c. A local user can perform a denial of service (DoS) attack.
15) Input validation error (CVE-ID: CVE-2025-38310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2025-38307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_control_write() function in sound/soc/intel/avs/debugfs.c. A local user can perform a denial of service (DoS) attack.
17) Improper locking (CVE-ID: CVE-2025-38306)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drop_collected_mounts(), has_locked_children(), clone_private_mount(), __do_loopback() and do_set_group() functions in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2025-38305)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/ptp/ptp_private.h. A local user can perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2025-38304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eir_create_scan_rsp() function in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2025-38303)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_set_ext_adv_data_sync() and hci_set_adv_data_sync() functions in net/bluetooth/hci_sync.c, within the eir_create_per_adv_data() and eir_create_adv_data() functions in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-38302)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the spin_unlock_irqrestore() function in block/blk-zoned.c. A local user can perform a denial of service (DoS) attack.
22) NULL pointer dereference (CVE-ID: CVE-2025-38301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zynqmp_nvmem_probe() function in drivers/nvmem/zynqmp_nvmem.c. A local user can perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2025-38300)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c. A local user can escalate privileges on the system.
24) NULL pointer dereference (CVE-ID: CVE-2025-38299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SND_SOC_DAILINK_DEFS() function in sound/soc/mediatek/mt8195/mt8195-mt6359.c. A local user can perform a denial of service (DoS) attack.
25) Out-of-bounds read (CVE-ID: CVE-2025-38298)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL_GPL() function in drivers/edac/skx_common.c. A local user can perform a denial of service (DoS) attack.
26) Input validation error (CVE-ID: CVE-2025-38297)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the em_compute_costs() function in kernel/power/energy_model.c. A local user can perform a denial of service (DoS) attack.
27) Use of uninitialized resource (CVE-ID: CVE-2025-38296)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the platform_profile_init() function in drivers/acpi/platform_profile.c. A local user can perform a denial of service (DoS) attack.
28) Input validation error (CVE-ID: CVE-2025-38295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the meson_ddr_pmu_create() function in drivers/perf/amlogic/meson_ddr_pmu_core.c. A local user can perform a denial of service (DoS) attack.
29) Input validation error (CVE-ID: CVE-2025-38294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_mac_op_assign_vif_chanctx() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.
30) Improper locking (CVE-ID: CVE-2025-38293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath11k_core_halt() function in drivers/net/wireless/ath/ath11k/core.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2025-38292)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath12k_dp_rx_msdu_coalesce() function in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can escalate privileges on the system.
32) Improper locking (CVE-ID: CVE-2025-38291)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath12k_mhi_op_status_cb() function in drivers/net/wireless/ath/ath12k/mhi.c. A local user can perform a denial of service (DoS) attack.
33) Improper locking (CVE-ID: CVE-2025-38290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath12k_rfkill_work() and ath12k_core_halt() functions in drivers/net/wireless/ath/ath12k/core.c. A local user can perform a denial of service (DoS) attack.
34) Use-after-free (CVE-ID: CVE-2025-38289)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.
35) Input validation error (CVE-ID: CVE-2025-38288)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pqi_is_parity_write_stream() and pqi_scsi_queue_command() functions in drivers/scsi/smartpqi/smartpqi_init.c. A local user can perform a denial of service (DoS) attack.
36) Improper locking (CVE-ID: CVE-2025-38287)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cm_process_send_error() function in drivers/infiniband/core/cm.c. A local user can perform a denial of service (DoS) attack.
37) Out-of-bounds read (CVE-ID: CVE-2025-38286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the at91_gpio_probe() function in drivers/pinctrl/pinctrl-at91.c. A local user can perform a denial of service (DoS) attack.
38) Resource management error (CVE-ID: CVE-2025-38285)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_bpf_raw_tp_regs() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
39) Resource management error (CVE-ID: CVE-2025-38284)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rtw89_pci_is_dac_compatible_bridge(), rtw89_pci_setup_mapping() and rtw89_pci_l2_hci_ldo() functions in drivers/net/wireless/realtek/rtw89/pci.c. A local user can perform a denial of service (DoS) attack.
40) Input validation error (CVE-ID: CVE-2025-38283)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_check_match(), vf_qm_load_data() and hisi_acc_vfio_pci_migrn_init_dev() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
41) Improper locking (CVE-ID: CVE-2025-38282)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernfs_should_drain_open_files() function in fs/kernfs/file.c, within the kernfs_break_active_protection() function in fs/kernfs/dir.c. A local user can perform a denial of service (DoS) attack.
42) NULL pointer dereference (CVE-ID: CVE-2025-38281)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7996_thermal_init() function in drivers/net/wireless/mediatek/mt76/mt7996/init.c. A local user can perform a denial of service (DoS) attack.
43) Resource management error (CVE-ID: CVE-2025-38280)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
44) Resource management error (CVE-ID: CVE-2025-38279)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the backtrack_insn() and check_cond_jmp_op() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
45) Resource management error (CVE-ID: CVE-2025-38278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the otx2_qos_leaf_del_last() function in drivers/net/ethernet/marvell/octeontx2/nic/qos.c. A local user can perform a denial of service (DoS) attack.
46) Input validation error (CVE-ID: CVE-2025-38277)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mxic_ecc_finish_io_req_external() function in drivers/mtd/nand/ecc-mxic.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2025-38275)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usb_iomap() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.
48) NULL pointer dereference (CVE-ID: CVE-2025-38274)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_mgr_test_img_load_sgt() function in drivers/fpga/tests/fpga-mgr-test.c. A local user can perform a denial of service (DoS) attack.
49) Resource management error (CVE-ID: CVE-2025-38272)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the b53_eee_init() and b53_support_eee() functions in drivers/net/dsa/b53/b53_common.c. A local user can perform a denial of service (DoS) attack.
50) Resource management error (CVE-ID: CVE-2025-38270)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nsim_poll() function in drivers/net/netdevsim/netdev.c. A local user can perform a denial of service (DoS) attack.
51) NULL pointer dereference (CVE-ID: CVE-2025-38269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/btrfs/extent-io-tree.c. A local user can perform a denial of service (DoS) attack.
52) Improper locking (CVE-ID: CVE-2025-38268)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcpm_queue_vdm(), tcpm_altmode_enter(), tcpm_altmode_exit(), tcpm_altmode_vdm(), tcpm_cable_altmode_enter(), tcpm_cable_altmode_exit() and tcpm_cable_altmode_vdm() functions in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.
53) Memory leak (CVE-ID: CVE-2025-38267)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the local_add() function in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
54) NULL pointer dereference (CVE-ID: CVE-2025-38265)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jsm_uart_port_init() function in drivers/tty/serial/jsm/jsm_tty.c. A local user can perform a denial of service (DoS) attack.
55) Resource management error (CVE-ID: CVE-2025-38176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the binderfs_evict_inode() function in drivers/android/binderfs.c, within the HLIST_HEAD(), binder_add_device(), init_binder_device() and binder_init() functions in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.
56) Buffer overflow (CVE-ID: CVE-2025-38175)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the binder_free_proc() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.
57) Race condition (CVE-ID: CVE-2025-38174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tb_cfg_request_dequeue() function in drivers/thunderbolt/ctl.c. A local user can perform a denial of service (DoS) attack.
58) Input validation error (CVE-ID: CVE-2025-38173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv_cesa_skcipher_queue_req() function in drivers/crypto/marvell/cipher.c. A local user can perform a denial of service (DoS) attack.
59) Use-after-free (CVE-ID: CVE-2025-38172)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the erofs_init_device() function in fs/erofs/super.c. A local user can escalate privileges on the system.
60) Resource management error (CVE-ID: CVE-2025-38170)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_sme_acc() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
61) Input validation error (CVE-ID: CVE-2025-38169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fpsimd_thread_switch() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
62) Improper error handling (CVE-ID: CVE-2025-38168)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arm_ni_init_cd() and arm_ni_probe() functions in drivers/perf/arm-ni.c. A local user can perform a denial of service (DoS) attack.
63) NULL pointer dereference (CVE-ID: CVE-2025-38167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the indx_get_entry_to_replace() function in fs/ntfs3/index.c. A local user can perform a denial of service (DoS) attack.
64) Improper locking (CVE-ID: CVE-2025-38166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
65) Improper locking (CVE-ID: CVE-2025-38165)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_skb_ingress_enqueue(), sk_psock_skb_ingress(), sk_psock_skb_ingress_self() and sk_psock_verdict_apply() functions in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
66) Buffer overflow (CVE-ID: CVE-2025-38164)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_gc_range() function in fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.
67) Input validation error (CVE-ID: CVE-2025-38163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
68) Buffer overflow (CVE-ID: CVE-2025-38162)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lt_calculate_size(), pipapo_resize(), pipapo_lt_bits_adjust() and pipapo_clone() functions in net/netfilter/nft_set_pipapo.c. A local user can escalate privileges on the system.
69) Use-after-free (CVE-ID: CVE-2025-38161)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_get_rsc(), create_resource_common() and mlx5_core_destroy_rq_tracked() functions in drivers/infiniband/hw/mlx5/qpc.c. A local user can escalate privileges on the system.
70) Improper error handling (CVE-ID: CVE-2025-38160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the raspberrypi_clk_register() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
71) Out-of-bounds read (CVE-ID: CVE-2025-38159)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_coex_tdma_timer_base() function in drivers/net/wireless/realtek/rtw88/coex.c. A local user can perform a denial of service (DoS) attack.
72) Input validation error (CVE-ID: CVE-2025-38158)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_func_stop(), vf_qm_check_match(), vf_qm_get_match_data() and vf_qm_read_data() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
73) Out-of-bounds read (CVE-ID: CVE-2025-38157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_swba() function in drivers/net/wireless/ath/ath9k/htc_drv_beacon.c. A local user can perform a denial of service (DoS) attack.
74) NULL pointer dereference (CVE-ID: CVE-2025-38156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7996_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7996/mmio.c. A local user can perform a denial of service (DoS) attack.
75) NULL pointer dereference (CVE-ID: CVE-2025-38155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7915_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7915/mmio.c. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-38154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_backlog() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
77) Improper error handling (CVE-ID: CVE-2025-38153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the aqc111_read_cmd_nopm() and aqc111_read_cmd() functions in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
78) Improper locking (CVE-ID: CVE-2025-38151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cma_netevent_callback() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
79) NULL pointer dereference (CVE-ID: CVE-2025-38149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
80) Memory leak (CVE-ID: CVE-2025-38148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vsc85xx_txtstamp() function in drivers/net/phy/mscc/mscc_ptp.c. A local user can perform a denial of service (DoS) attack.
81) Memory leak (CVE-ID: CVE-2025-38147)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_conn_setattr() function in net/netlabel/netlabel_kapi.c. A local user can perform a denial of service (DoS) attack.
82) Out-of-bounds read (CVE-ID: CVE-2025-38146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.
83) NULL pointer dereference (CVE-ID: CVE-2025-38145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() function in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
84) NULL pointer dereference (CVE-ID: CVE-2025-38143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wled_configure() function in drivers/video/backlight/qcom-wled.c. A local user can perform a denial of service (DoS) attack.
85) Input validation error (CVE-ID: CVE-2025-38142)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the asus_ec_hwmon_read_string() function in drivers/hwmon/asus-ec-sensors.c. A local user can perform a denial of service (DoS) attack.
86) Use-after-free (CVE-ID: CVE-2025-38141)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dm_blk_report_zones() and dm_revalidate_zones() functions in drivers/md/dm-zone.c. A local user can escalate privileges on the system.
87) Resource management error (CVE-ID: CVE-2025-38140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bind() function in drivers/md/dm.c, within the dm_revalidate_zones() and dm_set_zones_restrictions() functions in drivers/md/dm-zone.c, within the dm_table_has_no_data_devices(), dm_table_supports_atomic_writes() and dm_table_set_restrictions() functions in drivers/md/dm-table.c. A local user can perform a denial of service (DoS) attack.
88) Out-of-bounds read (CVE-ID: CVE-2025-38139)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the netfs_retry_write_stream() function in fs/netfs/write_retry.c. A local user can perform a denial of service (DoS) attack.
89) NULL pointer dereference (CVE-ID: CVE-2025-38138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udma_probe() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
90) Use-after-free (CVE-ID: CVE-2025-38137)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in drivers/pci/pwrctrl/core.c. A local user can escalate privileges on the system.
91) Use of uninitialized resource (CVE-ID: CVE-2025-38136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the usbhs_probe() and usbhs_fifo_remove() functions in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
92) NULL pointer dereference (CVE-ID: CVE-2025-38135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlb_usio_probe() function in drivers/tty/serial/milbeaut_usio.c. A local user can perform a denial of service (DoS) attack.
93) NULL pointer dereference (CVE-ID: CVE-2025-38134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_acpi_add_usb4_devlink() function in drivers/usb/core/usb-acpi.c. A local user can perform a denial of service (DoS) attack.
94) Improper locking (CVE-ID: CVE-2025-38132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cscfg_remove_owned_csdev_configs() function in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can perform a denial of service (DoS) attack.
95) Use-after-free (CVE-ID: CVE-2025-38131)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), _cscfg_activate_config(), _cscfg_deactivate_config(), cscfg_csdev_enable_active_config() and cscfg_csdev_disable_active_config() functions in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can escalate privileges on the system.
96) NULL pointer dereference (CVE-ID: CVE-2025-38130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drm_connector_hdmi_audio_hook_plugged_cb() function in drivers/gpu/drm/display/drm_hdmi_audio_helper.c. A local user can perform a denial of service (DoS) attack.
97) Use-after-free (CVE-ID: CVE-2025-38129)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the page_pool_ethtool_stats_get(), page_pool_return_page() and page_pool_scrub() functions in net/core/page_pool.c. A local user can escalate privileges on the system.
98) Buffer overflow (CVE-ID: CVE-2025-38128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mgmt_hci_cmd_sync() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
99) Improper locking (CVE-ID: CVE-2025-38127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_map_xdp_rings(), ice_prepare_xdp_rings(), mutex_unlock(), ice_destroy_xdp_rings() and ice_xdp_setup_prog() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
100) Improper error handling (CVE-ID: CVE-2025-38126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the stmmac_ptp_register() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c, within the stmmac_init_tstamp_counter() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
101) Input validation error (CVE-ID: CVE-2025-38125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.
102) Improper locking (CVE-ID: CVE-2025-38124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
103) NULL pointer dereference (CVE-ID: CVE-2025-38123)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the t7xx_ccmni_wwan_newlink(), t7xx_ccmni_wwan_dellink(), t7xx_ccmni_recv_skb(), t7xx_ccmni_queue_tx_irq_notify() and t7xx_ccmni_queue_state_notify() functions in drivers/net/wwan/t7xx/t7xx_netdev.c. A local user can perform a denial of service (DoS) attack.
104) NULL pointer dereference (CVE-ID: CVE-2025-38122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_tx_add_skb_dqo() function in drivers/net/ethernet/google/gve/gve_tx_dqo.c. A local user can perform a denial of service (DoS) attack.
105) Memory leak (CVE-ID: CVE-2025-38120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_pipapo_avx2_estimate() and nft_pipapo_avx2_lookup() functions in net/netfilter/nft_set_pipapo_avx2.c. A local user can perform a denial of service (DoS) attack.
106) Improper locking (CVE-ID: CVE-2025-38119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_err_handler() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
107) Use-after-free (CVE-ID: CVE-2025-38118)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_adv_monitor_added(), __add_adv_patterns_monitor(), mgmt_remove_adv_monitor_complete() and remove_adv_monitor() functions in net/bluetooth/mgmt.c, within the hci_free_adv_monitor() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
108) Improper locking (CVE-ID: CVE-2025-38117)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mgmt_cmd_complete(), mgmt_pending_new(), mgmt_pending_add() and mgmt_pending_free() functions in net/bluetooth/mgmt_util.c, within the settings_rsp(), cmd_complete_rsp(), mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_le_complete(), set_mesh_complete(), mgmt_class_complete(), pairing_complete(), mgmt_add_adv_patterns_monitor_complete(), mgmt_remove_adv_monitor_complete(), start_discovery_complete(), stop_discovery_complete(), set_advertising_complete(), set_bredr_complete(), set_secure_conn_complete(), get_conn_info_complete(), get_clock_info_complete(), add_advertising_complete(), add_ext_adv_params_complete(), add_ext_adv_data_complete(), remove_advertising_complete(), mgmt_index_removed(), mgmt_power_on(), __mgmt_power_off(), unpair_device_rsp(), mgmt_disconnect_failed(), mgmt_auth_enable_complete() and mgmt_set_class_of_dev_complete() functions in net/bluetooth/mgmt.c, within the hci_alloc_dev_priv() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
109) Use-after-free (CVE-ID: CVE-2025-38116)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath12k_core_init() function in drivers/net/wireless/ath/ath12k/core.c. A local user can escalate privileges on the system.
110) Input validation error (CVE-ID: CVE-2025-38115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
111) Improper locking (CVE-ID: CVE-2025-38114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the e1000_down_and_stop() and e1000_remove() functions in drivers/net/ethernet/intel/e1000/e1000_main.c. A local user can perform a denial of service (DoS) attack.
112) NULL pointer dereference (CVE-ID: CVE-2025-38113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_allow_fast_switch() function in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
113) NULL pointer dereference (CVE-ID: CVE-2025-38112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.
114) Out-of-bounds read (CVE-ID: CVE-2025-38111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __mdiobus_read() and __mdiobus_write() functions in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
115) Out-of-bounds write (CVE-ID: CVE-2025-38110)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the __mdiobus_c45_read() and __mdiobus_c45_write() functions in drivers/net/phy/mdio_bus.c. A local user can execute arbitrary code.
116) Use-after-free (CVE-ID: CVE-2025-38109)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_eswitch_enable_pf_vf_vports() and mlx5_eswitch_disable_pf_vf_vports() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can escalate privileges on the system.
117) Improper locking (CVE-ID: CVE-2025-38108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __red_change() function in net/sched/sch_red.c. A local user can perform a denial of service (DoS) attack.
118) Integer underflow (CVE-ID: CVE-2025-38107)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can execute arbitrary code.
119) Use-after-free (CVE-ID: CVE-2025-38106)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_sq_thread() and io_sq_offload_create() functions in io_uring/sqpoll.c, within the __io_uring_show_fdinfo() function in io_uring/fdinfo.c. A local user can escalate privileges on the system.
120) Input validation error (CVE-ID: CVE-2025-38105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_usbmidi_free() and snd_usbmidi_disconnect() functions in sound/usb/midi.c. A local user can perform a denial of service (DoS) attack.
121) Out-of-bounds read (CVE-ID: CVE-2025-38103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
122) Double free (CVE-ID: CVE-2025-38102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drv_cp_harray_to_user() and vmci_host_setup_notify() functions in drivers/misc/vmw_vmci/vmci_host.c. A local user can perform a denial of service (DoS) attack.
123) Improper locking (CVE-ID: CVE-2025-38101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_subbuf_order_set() and atomic_dec() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
124) Memory leak (CVE-ID: CVE-2025-38100)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the copy_thread() and native_tss_update_io_bitmap() functions in arch/x86/kernel/process.c, within the io_bitmap_share(), io_bitmap_exit() and SYSCALL_DEFINE1() functions in arch/x86/kernel/ioport.c. A local user can perform a denial of service (DoS) attack.
125) Improper locking (CVE-ID: CVE-2025-38099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_cc_read_buffer_size() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
126) Input validation error (CVE-ID: CVE-2025-38098)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pre_validate_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c, within the create_validate_stream_for_sink(), amdgpu_dm_connector_mode_valid() and dm_update_crtc_state() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
127) Memory leak (CVE-ID: CVE-2025-38097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __xfrm_state_delete() function in net/xfrm/xfrm_state.c, within the esp_ssg_unref(), esp6_find_tcp_sk(), esp_output_tcp_finish() and esp6_output_tcp_encap() functions in net/ipv6/esp6.c, within the esp_ssg_unref(), esp_find_tcp_sk(), esp_output_tcp_finish() and esp_output_tcp_encap() functions in net/ipv4/esp4.c. A local user can perform a denial of service (DoS) attack.
128) Resource management error (CVE-ID: CVE-2025-38096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the IWL_EXPORT_SYMBOL() function in drivers/net/wireless/intel/iwlwifi/iwl-trans.c. A local user can perform a denial of service (DoS) attack.
129) NULL pointer dereference (CVE-ID: CVE-2025-38092)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opinfo_get_list() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
130) Resource management error (CVE-ID: CVE-2025-38091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the populate_dml21_plane_config_from_plane_state(), dml21_wrapper_get_plane_id(), map_stream_to_dml21_display_cfg() and dml21_map_dc_state_into_dml_display_cfg() functions in drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c. A local user can perform a denial of service (DoS) attack.
131) Out-of-bounds read (CVE-ID: CVE-2025-38088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the memtrace_read() function in arch/powerpc/platforms/powernv/memtrace.c. A local user can perform a denial of service (DoS) attack.
132) Out-of-bounds read (CVE-ID: CVE-2025-38082)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gpio_virtuser_direction_do_write() and gpio_virtuser_consumer_write() functions in drivers/gpio/gpio-virtuser.c. A local user can perform a denial of service (DoS) attack.
133) Out-of-bounds read (CVE-ID: CVE-2025-38081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rockchip_spi_config() function in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.
134) Buffer overflow (CVE-ID: CVE-2025-38080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/amd/display/dc/inc/core_types.h. A local user can perform a denial of service (DoS) attack.
135) Use-after-free (CVE-ID: CVE-2025-38079)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.
136) Use-after-free (CVE-ID: CVE-2025-38078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_pcm_buffer_access_unlock() function in sound/core/pcm_native.c, within the snd_pcm_oss_change_params_locked() function in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
137) Buffer overflow (CVE-ID: CVE-2025-38077)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the current_password_store() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c. A local user can escalate privileges on the system.
138) Use-after-free (CVE-ID: CVE-2025-38076)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the codetag_module_init() and codetag_unload_module() functions in lib/codetag.c, within the needs_section_mem(), clean_unused_module_areas_locked(), release_module_tags(), mas_unlock() and alloc_tag_init() functions in lib/alloc_tag.c. A local user can escalate privileges on the system.
139) NULL pointer dereference (CVE-ID: CVE-2025-38075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.
140) Use-after-free (CVE-ID: CVE-2025-38074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
141) Improper locking (CVE-ID: CVE-2025-38073)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the blk_ioctl_discard(), blk_finish_plug(), blk_ioctl_secure_erase() and blk_ioctl_zeroout() functions in block/ioctl.c, within the blkdev_write_iter(), blkdev_read_iter() and blkdev_fallocate() functions in block/fops.c, within the blkdev_zone_mgmt_ioctl() function in block/blk-zoned.c, within the set_blocksize() function in block/bdev.c. A local user can perform a denial of service (DoS) attack.
142) Division by zero (CVE-ID: CVE-2025-38072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the nd_label_data_init() function in drivers/nvdimm/label.c. A local user can perform a denial of service (DoS) attack.
143) Use-after-free (CVE-ID: CVE-2025-38071)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
144) NULL pointer dereference (CVE-ID: CVE-2025-38070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sma1307_setting_loaded() function in sound/soc/codecs/sma1307.c. A local user can perform a denial of service (DoS) attack.
145) Use-after-free (CVE-ID: CVE-2025-38069)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_epf_test_set_bar() and pci_epf_test_free_space() functions in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can escalate privileges on the system.
146) Buffer overflow (CVE-ID: CVE-2025-38068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lzo1x_1_do_compress() and lzogeneric1x_1_compress() functions in lib/lzo/lzo1x_compress.c, within the obj-$() function in lib/lzo/Makefile, within the __lzo_compress() function in crypto/lzo.c, within the __lzorle_compress() function in crypto/lzo-rle.c. A local user can perform a denial of service (DoS) attack.
147) Input validation error (CVE-ID: CVE-2025-38067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rseq_get_rseq_cs_ptr_val(), rseq_get_rseq_cs(), rseq_need_restart(), clear_rseq_cs(), rseq_ip_fixup() and SYSCALL_DEFINE4() functions in kernel/rseq.c. A local user can perform a denial of service (DoS) attack.
148) Improper locking (CVE-ID: CVE-2025-38066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
149) Input validation error (CVE-ID: CVE-2025-38065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the orangefs_writepage_locked() and orangefs_writepages_work() functions in fs/orangefs/inode.c. A local user can perform a denial of service (DoS) attack.
150) Resource management error (CVE-ID: CVE-2025-38064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virtio_irq_get_affinity() and __register_virtio_driver() functions in drivers/virtio/virtio.c. A local user can perform a denial of service (DoS) attack.
151) Improper locking (CVE-ID: CVE-2025-38063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
152) Use-after-free (CVE-ID: CVE-2025-38062)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iommu_dma_prepare_msi() function in drivers/iommu/dma-iommu.c. A local user can escalate privileges on the system.
153) Out-of-bounds read (CVE-ID: CVE-2025-38061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pktgen_thread_write() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
154) Infinite loop (CVE-ID: CVE-2025-38060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the copy_verifier_state() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
155) NULL pointer dereference (CVE-ID: CVE-2025-38059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scrub_find_fill_first_stripe() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.
156) Incorrect calculation (CVE-ID: CVE-2025-38058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __legitimize_mnt() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
157) Memory leak (CVE-ID: CVE-2025-38057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the espintcp_queue_out() function in net/xfrm/espintcp.c, within the esp_output_tcp_finish() function in net/ipv6/esp6.c, within the esp_output_tcp_finish() function in net/ipv4/esp4.c. A local user can perform a denial of service (DoS) attack.
158) NULL pointer dereference (CVE-ID: CVE-2025-38055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_pmu_drain_pebs_core(), intel_pmu_pebs_event_update_no_drain(), intel_pmu_drain_pebs_nhm() and intel_pmu_drain_pebs_icl() functions in arch/x86/events/intel/ds.c. A local user can perform a denial of service (DoS) attack.
159) Out-of-bounds read (CVE-ID: CVE-2025-38054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the OCP_REQ_TIMESTAMP BIT(), ptp_ocp_fb_board_init(), ptp_ocp_art_board_init(), ptp_ocp_adva_board_init(), _signal_summary_show(), _frequency_summary_show() and ptp_ocp_summary_show() functions in drivers/ptp/ptp_ocp.c. A local user can perform a denial of service (DoS) attack.
160) NULL pointer dereference (CVE-ID: CVE-2025-38053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_cfg_netdev() and idpf_features_check() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
161) Use-after-free (CVE-ID: CVE-2025-38052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_aead_encrypt() and tipc_aead_encrypt_done() functions in net/tipc/crypto.c. A local user can escalate privileges on the system.
162) Use-after-free (CVE-ID: CVE-2025-38051)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the find_cifs_entry() function in fs/cifs/readdir.c. A local user can escalate privileges on the system.
163) NULL pointer dereference (CVE-ID: CVE-2025-38050)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the replace_free_hugepage_folios() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
164) Race condition within a thread (CVE-ID: CVE-2025-38048)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the virtqueue_enable_cb_delayed() function in drivers/virtio/virtio_ring.c. A local user can corrupt data.
165) Resource management error (CVE-ID: CVE-2025-38047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __restore_processor_state() function in arch/x86/power/cpu.c. A local user can perform a denial of service (DoS) attack.
166) Input validation error (CVE-ID: CVE-2025-38045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the _iwl_dbg_tlv_time_point() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
167) Input validation error (CVE-ID: CVE-2025-38044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_setup_tc_mqprio() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
168) Resource management error (CVE-ID: CVE-2025-38043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
169) Improper resource shutdown or release (CVE-ID: CVE-2025-38042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the prueth_reset_rx_chan() function in drivers/net/ethernet/ti/icssg/icssg_common.c, within the am65_cpsw_destroy_rxq() and am65_cpsw_nuss_register_ndevs() functions in drivers/net/ethernet/ti/am65-cpsw-nuss.c, within the k3_udma_chan_dev_release(), k3_udma_glue_request_rx_chn_priv(), k3_udma_glue_request_remote_rx_chn_common(), EXPORT_SYMBOL_GPL() and k3_udma_glue_reset_rx_chn() functions in drivers/dma/ti/k3-udma-glue.c. A local user can perform a denial of service (DoS) attack.
170) Input validation error (CVE-ID: CVE-2025-38041)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SUNXI_CCU_M_WITH_MUX_GATE(), BIT() and sun50i_h616_ccu_probe() functions in drivers/clk/sunxi-ng/ccu-sun50i-h616.c. A local user can perform a denial of service (DoS) attack.
171) Improper locking (CVE-ID: CVE-2025-38040)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32_usart_enable_ms() function in drivers/tty/serial/stm32-usart.c, within the sci_shutdown() function in drivers/tty/serial/sh-sci.c, within the mctrl_gpio_enable_ms() and mctrl_gpio_disable_ms() functions in drivers/tty/serial/serial_mctrl_gpio.c, within the imx_uart_shutdown() function in drivers/tty/serial/imx.c, within the atmel_disable_ms() function in drivers/tty/serial/atmel_serial.c, within the serial8250_disable_ms() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
172) Input validation error (CVE-ID: CVE-2025-38039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_setup_tc_mqprio() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
173) Improper locking (CVE-ID: CVE-2025-38038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amd_pstate_set_boost() function in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.
174) Race condition within a thread (CVE-ID: CVE-2025-38037)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the vxlan_fdb_info(), vxlan_find_mac(), vxlan_fdb_update_existing(), vxlan_snoop() and vxlan_cleanup() functions in drivers/net/vxlan.c. A local user can corrupt data.
175) Improper Initialization (CVE-ID: CVE-2025-38036)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the read_gmdid() function in drivers/gpu/drm/xe/xe_pci.c. A local user can perform a denial of service (DoS) attack.
176) NULL pointer dereference (CVE-ID: CVE-2025-38035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_restore_socket_callbacks() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
177) NULL pointer dereference (CVE-ID: CVE-2025-38034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.
178) Improper error handling (CVE-ID: CVE-2025-38033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/x86/Kconfig. A local user can perform a denial of service (DoS) attack.
179) Input validation error (CVE-ID: CVE-2025-38032)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipmr_expire_process(), EXPORT_SYMBOL() and ip6mr_free_table() functions in net/ipv6/ip6mr.c, within the ipmr_expire_process(), EXPORT_SYMBOL() and ipmr_free_table() functions in net/ipv4/ipmr.c. A local user can perform a denial of service (DoS) attack.
180) Memory leak (CVE-ID: CVE-2025-38031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the padata_reorder() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
181) Use-after-free (CVE-ID: CVE-2025-38029)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kasan_populate_early_vm_area_shadow() and kasan_populate_vmalloc() functions in mm/kasan/shadow.c. A local user can escalate privileges on the system.
182) Improper locking (CVE-ID: CVE-2025-38004)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bcm_can_tx(), bcm_tx_timeout_handler() and bcm_tx_setup() functions in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
183) Use-after-free (CVE-ID: CVE-2025-38003)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_proc_show(), bcm_delete_rx_op(), bcm_delete_tx_op() and bcm_rx_setup() functions in net/can/bcm.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.