SB2025102388 - Ubuntu update for linux
Published: October 23, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 173 secuirty vulnerabilities.
1) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36350)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information leak. A local user can obtain sensitive data from previous stores.
2) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36357)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information leak. A local user can obtain sensitive data from the L1D cache.
3) Memory leak (CVE-ID: CVE-2025-39682)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the decrypt_skb() and tls_sw_recvmsg() functions in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
4) NULL pointer dereference (CVE-ID: CVE-2025-38541)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7925_thermal_init() function in drivers/net/wireless/mediatek/mt76/mt7925/init.c. A local user can perform a denial of service (DoS) attack.
5) Improper error handling (CVE-ID: CVE-2025-38523)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the allocate_caches_and_workqueue() function in fs/smb/client/smbdirect.c. A local user can perform a denial of service (DoS) attack.
6) Input validation error (CVE-ID: CVE-2025-38436)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drm_sched_entity_kill_jobs_work() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2025-38435)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/riscv/include/asm/vector.h. A local user can perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2025-38434)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2025-38431)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in fs/smb/client/reparse.c. A local user can perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2025-38430)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_spo_must_allow() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
11) Use of uninitialized resource (CVE-ID: CVE-2025-38429)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mhi_ep_ring_add_element() function in drivers/bus/mhi/ep/ring.c. A local user can perform a denial of service (DoS) attack.
12) Buffer overflow (CVE-ID: CVE-2025-38428)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ims_pcu_flash_firmware() function in drivers/input/misc/ims-pcu.c. A local user can escalate privileges on the system.
13) Resource management error (CVE-ID: CVE-2025-38427)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_RES_MEM() and screen_info_apply_fixups() functions in drivers/video/screen_info_pci.c. A local user can perform a denial of service (DoS) attack.
14) Input validation error (CVE-ID: CVE-2025-38426)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the amdgpu_ras_eeprom_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c. A local user can perform a denial of service (DoS) attack.
15) Input validation error (CVE-ID: CVE-2025-38425)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_i2c_xfer() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.
16) Buffer overflow (CVE-ID: CVE-2025-38424)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the do_exit() function in kernel/exit.c, within the perf_sample_ustack_size() and perf_callchain() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
17) Double free (CVE-ID: CVE-2025-38423)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the wcd937x_probe() and wcd937x_remove() functions in sound/soc/codecs/wcd937x.c. A local user can perform a denial of service (DoS) attack.
18) Out-of-bounds read (CVE-ID: CVE-2025-38422)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the lan743x_hs_otp_read(), lan743x_hs_otp_write(), lan743x_hs_eeprom_read(), lan743x_hs_eeprom_write() and lan743x_ethtool_get_eeprom_len() functions in drivers/net/ethernet/microchip/lan743x_ethtool.c. A local user can perform a denial of service (DoS) attack.
19) Double free (CVE-ID: CVE-2025-38421)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the amd_pmf_get_pb_data(), amd_pmf_init_smart_pc() and amd_pmf_deinit_smart_pc() functions in drivers/platform/x86/amd/pmf/tee-if.c, within the amd_pmf_set_dram_addr() and amd_pmf_remove() functions in drivers/platform/x86/amd/pmf/core.c. A local user can perform a denial of service (DoS) attack.
20) NULL pointer dereference (CVE-ID: CVE-2025-38420)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the carl9170_usb_rx_complete() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
21) Memory leak (CVE-ID: CVE-2025-38419)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_attach() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
22) Memory leak (CVE-ID: CVE-2025-38418)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_resource_cleanup() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
23) Memory leak (CVE-ID: CVE-2025-38417)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ice_eswitch_attach_vf() function in drivers/net/ethernet/intel/ice/ice_eswitch.c. A local user can perform a denial of service (DoS) attack.
24) Input validation error (CVE-ID: CVE-2025-38416)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_uart_set_driver() function in net/nfc/nci/uart.c. A local user can perform a denial of service (DoS) attack.
25) Buffer overflow (CVE-ID: CVE-2025-38413)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the check_sq_full_and_disable(), xsk_append_merge_buffer() and virtnet_receive_xsk_buf() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
26) Input validation error (CVE-ID: CVE-2025-38412)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_bios_attributes() function in drivers/platform/x86/dell/dell-wmi-sysman/sysman.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c, within the is_enabled_show() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c. A local user can perform a denial of service (DoS) attack.
27) Infinite loop (CVE-ID: CVE-2025-38411)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the netfs_collect_in_app() function in fs/netfs/misc.c. A local user can perform a denial of service (DoS) attack.
28) Memory leak (CVE-ID: CVE-2025-38410)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __msm_gem_submit_destroy() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
29) Memory leak (CVE-ID: CVE-2025-38409)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the msm_ioctl_gem_submit() and mutex_unlock() functions in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
30) Resource management error (CVE-ID: CVE-2025-38408)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the irq_domain_create_sim_full() function in kernel/irq/irq_sim.c. A local user can perform a denial of service (DoS) attack.
31) Resource management error (CVE-ID: CVE-2025-38407)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_PER_CPU() and sbi_cpu_start() functions in arch/riscv/kernel/cpu_ops_sbi.c. A local user can perform a denial of service (DoS) attack.
32) Input validation error (CVE-ID: CVE-2025-38406)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath6kl_bmi_get_target_info() function in drivers/net/wireless/ath/ath6kl/bmi.c. A local user can perform a denial of service (DoS) attack.
33) Memory leak (CVE-ID: CVE-2025-38405)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/nvme/target/nvmet.h. A local user can perform a denial of service (DoS) attack.
34) Use of uninitialized resource (CVE-ID: CVE-2025-38403)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the vmci_transport_packet_init() function in net/vmw_vsock/vmci_transport.c. A local user can perform a denial of service (DoS) attack.
35) Resource management error (CVE-ID: CVE-2025-38402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idpf_get_rxfh_key_size() and idpf_get_rxfh_indir_size() functions in drivers/net/ethernet/intel/idpf/idpf_ethtool.c. A local user can perform a denial of service (DoS) attack.
36) Buffer overflow (CVE-ID: CVE-2025-38401)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the msdc_prepare_data() and msdc_ops_request() functions in drivers/mmc/host/mtk-sd.c. A local user can escalate privileges on the system.
37) Memory leak (CVE-ID: CVE-2025-38400)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
38) NULL pointer dereference (CVE-ID: CVE-2025-38399)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kmem_cache_free() function in drivers/target/target_core_pr.c. A local user can perform a denial of service (DoS) attack.
39) Buffer overflow (CVE-ID: CVE-2025-38396)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the secretmem_file_create() function in mm/secretmem.c, within the anon_inode_make_secure_inode() and __anon_inode_getfile() functions in fs/anon_inodes.c. A local user can perform a denial of service (DoS) attack.
40) Out-of-bounds read (CVE-ID: CVE-2025-38395)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gpio_regulator_probe() function in drivers/regulator/gpio-regulator.c. A local user can perform a denial of service (DoS) attack.
41) Improper locking (CVE-ID: CVE-2025-38393)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_layoutget_begin() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
42) Use-after-free (CVE-ID: CVE-2025-38392)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the idpf_alloc_dma_mem() and idpf_free_dma_mem() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c, within the idpf_ctlq_init_rxq_bufs(), idpf_ctlq_shutdown(), idpf_ctlq_add(), idpf_ctlq_send(), idpf_ctlq_clean_sq(), idpf_ctlq_post_rx_buffs(), wr32() and idpf_ctlq_recv() functions in drivers/net/ethernet/intel/idpf/idpf_controlq.c. A local user can escalate privileges on the system.
43) Out-of-bounds read (CVE-ID: CVE-2025-38391)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pin_assignment_show() function in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
44) Memory leak (CVE-ID: CVE-2025-38390)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the update_notifier_cb() function in drivers/firmware/arm_ffa/driver.c. A local user can perform a denial of service (DoS) attack.
45) Resource management error (CVE-ID: CVE-2025-38389)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ring_context_alloc() function in drivers/gpu/drm/i915/gt/intel_ring_submission.c. A local user can perform a denial of service (DoS) attack.
46) Improper locking (CVE-ID: CVE-2025-38388)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DECLARE_HASHTABLE(), ffa_notify_relinquish(), ffa_notify_request(), handle_notif_callbacks() and ffa_notifications_setup() functions in drivers/firmware/arm_ffa/driver.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2025-38387)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subscribe_event_xa_alloc() function in drivers/infiniband/hw/mlx5/devx.c. A local user can perform a denial of service (DoS) attack.
48) Use-after-free (CVE-ID: CVE-2025-38386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.
49) Improper locking (CVE-ID: CVE-2025-38385)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.
50) Memory leak (CVE-ID: CVE-2025-38384)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spinand_cleanup() function in drivers/mtd/nand/spi/core.c. A local user can perform a denial of service (DoS) attack.
51) Race condition within a thread (CVE-ID: CVE-2025-38383)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the clear_vm_uninitialized_flag(), vmalloc_dump_obj() and vmalloc_info_show() functions in mm/vmalloc.c. A local user can corrupt data.
52) Infinite loop (CVE-ID: CVE-2025-38382)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
53) NULL pointer dereference (CVE-ID: CVE-2025-38381)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cs40l50_upload_owt() function in drivers/input/misc/cs40l50-vibra.c. A local user can perform a denial of service (DoS) attack.
54) Use-after-free (CVE-ID: CVE-2025-38377)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_rt_device_down() function in net/rose/rose_route.c. A local user can escalate privileges on the system.
55) Resource management error (CVE-ID: CVE-2025-38376)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the udc_suspend() and udc_resume() functions in drivers/usb/chipidea/udc.c. A local user can perform a denial of service (DoS) attack.
56) Out-of-bounds read (CVE-ID: CVE-2025-38375)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mergeable_ctx_to_truesize(), virtnet_get_headroom(), xdp_linearize_page(), receive_small_xdp() and mergeable_xdp_get_buf() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
57) Improper locking (CVE-ID: CVE-2025-38374)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the optee_ffa_exchange_caps(), optee_ffa_remove() and optee_ffa_async_notif_init() functions in drivers/tee/optee/ffa_abi.c. A local user can perform a denial of service (DoS) attack.
58) Improper locking (CVE-ID: CVE-2025-38373)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_ib_revoke_data_direct_mrs(), mlx5_revoke_mr() and __mlx5_ib_dereg_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
59) Improper locking (CVE-ID: CVE-2025-38372)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the destroy_unused_implicit_child_mr() and implicit_get_child_mr() functions in drivers/infiniband/hw/mlx5/odp.c. A local user can perform a denial of service (DoS) attack.
60) NULL pointer dereference (CVE-ID: CVE-2025-38371)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_hub_irq(), v3d_irq_init() and v3d_irq_disable() functions in drivers/gpu/drm/v3d/v3d_irq.c, within the v3d_reset() function in drivers/gpu/drm/v3d/v3d_gem.c. A local user can perform a denial of service (DoS) attack.
61) Resource management error (CVE-ID: CVE-2025-38370)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the clear_free_space_tree(), btrfs_rebuild_free_space_tree() and __add_block_group_free_space() functions in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
62) Resource management error (CVE-ID: CVE-2025-38369)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idxd_cdev_evl_drain_pasid() function in drivers/dma/idxd/cdev.c. A local user can perform a denial of service (DoS) attack.
63) NULL pointer dereference (CVE-ID: CVE-2025-38368)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tps6594_pfsm_probe() function in drivers/misc/tps6594-pfsm.c. A local user can perform a denial of service (DoS) attack.
64) Race condition (CVE-ID: CVE-2025-38365)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the btrfs_rename_exchange() and btrfs_rename() functions in fs/btrfs/inode.c. A local user can escalate privileges on the system.
65) NULL pointer dereference (CVE-ID: CVE-2025-38364)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mas_preallocate() function in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
66) NULL pointer dereference (CVE-ID: CVE-2025-38363)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_crtc_reset() function in drivers/gpu/drm/tegra/dc.c. A local user can perform a denial of service (DoS) attack.
67) NULL pointer dereference (CVE-ID: CVE-2025-38362)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_enable_encryption() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.
68) NULL pointer dereference (CVE-ID: CVE-2025-38361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dce110_blank_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c. A local user can perform a denial of service (DoS) attack.
69) Resource management error (CVE-ID: CVE-2025-38360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn35_calc_blocks_to_gate() and dcn35_calc_blocks_to_ungate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c. A local user can perform a denial of service (DoS) attack.
70) Memory leak (CVE-ID: CVE-2025-38359)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the do_secure_storage_access() function in arch/s390/mm/fault.c. A local user can perform a denial of service (DoS) attack.
71) Improper locking (CVE-ID: CVE-2025-38356)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the receive_g2h() and guc_ct_fini() functions in drivers/gpu/drm/xe/xe_guc_ct.c. A local user can perform a denial of service (DoS) attack.
72) Improper locking (CVE-ID: CVE-2025-38355)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_fini_ggtt() and xe_ggtt_init_early() functions in drivers/gpu/drm/xe/xe_ggtt.c. A local user can perform a denial of service (DoS) attack.
73) Improper locking (CVE-ID: CVE-2025-38354)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the msm_devfreq_init() function in drivers/gpu/drm/msm/msm_gpu_devfreq.c. A local user can perform a denial of service (DoS) attack.
74) Improper locking (CVE-ID: CVE-2025-38353)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xe_guc_submit_init() and xe_guc_submit_wedge() functions in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
75) Input validation error (CVE-ID: CVE-2025-38348)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the p54_rx_eeprom_readback() function in drivers/net/wireless/intersil/p54/txrx.c, within the p54_download_eeprom() function in drivers/net/wireless/intersil/p54/fwio.c. A local user can perform a denial of service (DoS) attack.
76) Improper locking (CVE-ID: CVE-2025-38347)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
77) Use-after-free (CVE-ID: CVE-2025-38346)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_release_mod() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
78) Memory leak (CVE-ID: CVE-2025-38345)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c. A local user can perform a denial of service (DoS) attack.
79) Memory leak (CVE-ID: CVE-2025-38344)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c. A local user can perform a denial of service (DoS) attack.
80) Input validation error (CVE-ID: CVE-2025-38343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt7996_mac_fill_rx() function in drivers/net/wireless/mediatek/mt76/mt7996/mac.c. A local user can perform a denial of service (DoS) attack.
81) Buffer overflow (CVE-ID: CVE-2025-38342)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the software_node_get_reference_args() function in drivers/base/swnode.c. A local user can perform a denial of service (DoS) attack.
82) Double free (CVE-ID: CVE-2025-38341)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fbnic_mbx_map_msg() function in drivers/net/ethernet/meta/fbnic/fbnic_fw.c. A local user can perform a denial of service (DoS) attack.
83) Out-of-bounds read (CVE-ID: CVE-2025-38340)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cs_dsp_mock_bin_add_name_or_info() function in drivers/firmware/cirrus/test/cs_dsp_mock_bin.c. A local user can perform a denial of service (DoS) attack.
84) Integer overflow (CVE-ID: CVE-2025-38339)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the bpf_jit_emit_func_call_rel() and bpf_jit_build_body() functions in arch/powerpc/net/bpf_jit_comp64.c, within the bpf_jit_build_body() function in arch/powerpc/net/bpf_jit_comp32.c, within the invoke_bpf_prog(), __arch_prepare_bpf_trampoline() and arch_bpf_trampoline_size() functions in arch/powerpc/net/bpf_jit_comp.c. A local user can execute arbitrary code.
85) Improper locking (CVE-ID: CVE-2025-38338)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_return_empty_folio() function in fs/nfs/read.c. A local user can perform a denial of service (DoS) attack.
86) NULL pointer dereference (CVE-ID: CVE-2025-38337)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jbd2_journal_dirty_metadata() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
87) Resource management error (CVE-ID: CVE-2025-38336)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the via_mode_filter() function in drivers/ata/pata_via.c. A local user can perform a denial of service (DoS) attack.
88) Use-after-free (CVE-ID: CVE-2025-38334)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arch_memory_failure() function in arch/x86/kernel/cpu/sgx/main.c. A local user can escalate privileges on the system.
89) Resource management error (CVE-ID: CVE-2025-38333)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fs/f2fs/segment.c, include/linux/f2fs_fs.h. A local user can perform a denial of service (DoS) attack.
90) Buffer overflow (CVE-ID: CVE-2025-38332)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lpfc_sli4_get_ctl_attr() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can escalate privileges on the system.
91) Input validation error (CVE-ID: CVE-2025-38331)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gmac_map_tx_bufs() function in drivers/net/ethernet/cortina/gemini.c. A local user can perform a denial of service (DoS) attack.
92) Out-of-bounds read (CVE-ID: CVE-2025-38330)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cs_dsp_ctl_cache_init_multiple_offsets() function in drivers/firmware/cirrus/test/cs_dsp_test_control_cache.c. A local user can perform a denial of service (DoS) attack.
93) Out-of-bounds read (CVE-ID: CVE-2025-38329)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cs_dsp_mock_wmfw_add_info() function in drivers/firmware/cirrus/test/cs_dsp_mock_wmfw.c. A local user can perform a denial of service (DoS) attack.
94) NULL pointer dereference (CVE-ID: CVE-2025-38328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jffs2_scan_medium() function in fs/jffs2/scan.c, within the jffs2_mark_erased_block() function in fs/jffs2/erase.c. A local user can perform a denial of service (DoS) attack.
95) Improper locking (CVE-ID: CVE-2025-38326)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aoedev_downdev() function in drivers/block/aoe/aoedev.c. A local user can perform a denial of service (DoS) attack.
96) Input validation error (CVE-ID: CVE-2025-38325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the alloc_transport() function in fs/smb/server/transport_tcp.c, within the KSMBD_TRANS(), smb_direct_free_transport() and free_transport() functions in fs/smb/server/transport_rdma.c, within the ksmbd_conn_free() function in fs/smb/server/connection.c. A local user can perform a denial of service (DoS) attack.
97) Improper locking (CVE-ID: CVE-2025-38324)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpls_route_input_rcu() function in net/mpls/af_mpls.c. A local user can perform a denial of service (DoS) attack.
98) Improper locking (CVE-ID: CVE-2025-38322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_pmu_read_event() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
99) Improper locking (CVE-ID: CVE-2025-38321)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the close_all_cached_dirs() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
100) Incorrect calculation (CVE-ID: CVE-2025-38320)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the regs_get_kernel_stack_nth() function in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
101) Infinite loop (CVE-ID: CVE-2025-38264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the nvme_tcp_fetch_request(), nvme_tcp_init_request(), nvme_tcp_handle_r2t() and nvme_tcp_submit_async_event() functions in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.
102) Use-after-free (CVE-ID: CVE-2025-38263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the CLOSURE_CALLBACK() function in drivers/md/bcache/super.c. A local user can escalate privileges on the system.
103) Improper Initialization (CVE-ID: CVE-2025-38262)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the pm_runtime_set_active() and ulite_init() functions in drivers/tty/serial/uartlite.c. A local user can perform a denial of service (DoS) attack.
104) Race condition (CVE-ID: CVE-2025-38261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the SYM_FUNC_START() function in arch/riscv/kernel/entry.S, within the asm_offsets() function in arch/riscv/kernel/asm-offsets.c. A local user can perform a denial of service (DoS) attack.
105) NULL pointer dereference (CVE-ID: CVE-2025-38260)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_global_roots_objectid() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
106) Memory leak (CVE-ID: CVE-2025-38259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WCD9335_SLIM_TX_CH() and wcd9335_parse_dt() functions in sound/soc/codecs/wcd9335.c. A local user can perform a denial of service (DoS) attack.
107) Memory leak (CVE-ID: CVE-2025-38258)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the memcg_path_store() function in mm/damon/sysfs-schemes.c. A local user can perform a denial of service (DoS) attack.
108) Buffer overflow (CVE-ID: CVE-2025-38257)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the _copy_apqns_from_user() function in drivers/s390/crypto/pkey_api.c. A local user can escalate privileges on the system.
109) Improper locking (CVE-ID: CVE-2025-38256)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_release_ubuf() function in io_uring/rsrc.c. A local user can perform a denial of service (DoS) attack.
110) NULL pointer dereference (CVE-ID: CVE-2025-38255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the group_cpus_evenly() function in lib/group_cpus.c. A local user can perform a denial of service (DoS) attack.
111) Input validation error (CVE-ID: CVE-2025-38254)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dm_helpers_read_local_edid() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c. A local user can perform a denial of service (DoS) attack.
112) Input validation error (CVE-ID: CVE-2025-38253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the wacom_remove() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.
113) Input validation error (CVE-ID: CVE-2025-38251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clip_push() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
114) Use-after-free (CVE-ID: CVE-2025-38250)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_IDA(), hci_dev_get(), hci_dev_do_reset(), hci_dev_reset(), hci_alloc_dev_priv() and hci_unregister_dev() functions in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
115) Out-of-bounds read (CVE-ID: CVE-2025-38249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_usb_get_audioformat_uac3() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
116) Use-after-free (CVE-ID: CVE-2025-38248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_port_ctx_init() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
117) Improper error handling (CVE-ID: CVE-2025-38246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __bnxt_poll_work() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
118) Incorrect calculation (CVE-ID: CVE-2025-38245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the atm_dev_deregister() function in net/atm/resources.c. A local user can perform a denial of service (DoS) attack.
119) Improper locking (CVE-ID: CVE-2025-38244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_query_server_interfaces() and cifs_signal_cifsd_for_reconnect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
120) Improper locking (CVE-ID: CVE-2025-38242)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the move_swap_pte() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
121) Improper locking (CVE-ID: CVE-2025-38241)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shmem_swapin_folio() function in mm/shmem.c, within the __alloc_swap_folio() function in mm/memory.c. A local user can perform a denial of service (DoS) attack.
122) Out-of-bounds read (CVE-ID: CVE-2025-38239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the megasas_set_high_iops_queue_affinity_and_hint() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
123) Input validation error (CVE-ID: CVE-2025-38238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fdls_send_fabric_abts(), fdls_fabric_timer_callback(), fdls_fdmi_timer_callback() and fdls_process_fdmi_abts_rsp() functions in drivers/scsi/fnic/fdls_disc.c. A local user can perform a denial of service (DoS) attack.
124) Improper locking (CVE-ID: CVE-2025-38237)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fimc_is_hw_change_mode() function in drivers/media/platform/samsung/exynos4-is/fimc-is-regs.c. A local user can perform a denial of service (DoS) attack.
125) Use-after-free (CVE-ID: CVE-2025-38236)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() and unix_stream_recv_urg() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.
126) Improper locking (CVE-ID: CVE-2025-38234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the find_lowest_rq() and find_lock_lowest_rq() functions in kernel/sched/rt.c. A local user can perform a denial of service (DoS) attack.
127) Resource management error (CVE-ID: CVE-2025-38233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the REST_GPR() function in arch/powerpc/kernel/trace/ftrace_entry.S. A local user can perform a denial of service (DoS) attack.
128) NULL pointer dereference (CVE-ID: CVE-2025-38232)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_nfsd(), unregister_cld_notifier() and exit_nfsd() functions in fs/nfsd/nfsctl.c. A local user can perform a denial of service (DoS) attack.
129) NULL pointer dereference (CVE-ID: CVE-2025-38231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd_startup_net() function in fs/nfsd/nfssvc.c. A local user can perform a denial of service (DoS) attack.
130) Use of uninitialized resource (CVE-ID: CVE-2025-38229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cxusb_gpio_tuner() function in drivers/media/usb/dvb-usb/cxusb.c. A local user can perform a denial of service (DoS) attack.
131) Memory leak (CVE-ID: CVE-2025-38228)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the e5010_probe() and v4l2_m2m_release() functions in drivers/media/platform/imagination/e5010-jpeg-enc.c. A local user can perform a denial of service (DoS) attack.
132) Use-after-free (CVE-ID: CVE-2025-38227)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vidtv_psi_sdt_table_destroy() function in drivers/media/test-drivers/vidtv/vidtv_channel.c. A local user can escalate privileges on the system.
133) Out-of-bounds read (CVE-ID: CVE-2025-38226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vivid_vid_cap_s_selection() function in drivers/media/test-drivers/vivid/vivid-vid-cap.c. A local user can perform a denial of service (DoS) attack.
134) NULL pointer dereference (CVE-ID: CVE-2025-38225)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_err() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
135) Use-after-free (CVE-ID: CVE-2025-38224)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvaser_pciefd_setup_can_ctrls() function in drivers/net/can/kvaser_pciefd.c. A local user can escalate privileges on the system.
136) Improper error handling (CVE-ID: CVE-2025-38223)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ceph_netfs_issue_read() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
137) Improper error handling (CVE-ID: CVE-2025-38222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
138) NULL pointer dereference (CVE-ID: CVE-2025-38220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_walk_page_buffers() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
139) Resource management error (CVE-ID: CVE-2025-38219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the f2fs_unlink() function in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
140) Out-of-bounds read (CVE-ID: CVE-2025-38218)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_sanity_check_ckpt() and DIV_ROUND_UP() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
141) Improper locking (CVE-ID: CVE-2025-38217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fts_read() function in drivers/hwmon/ftsteutates.c. A local user can perform a denial of service (DoS) attack.
142) Use-after-free (CVE-ID: CVE-2025-38212)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shm_try_destroy_orphaned() function in ipc/shm.c. A local user can escalate privileges on the system.
143) Use-after-free (CVE-ID: CVE-2025-38211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
144) NULL pointer dereference (CVE-ID: CVE-2025-38210)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the DECLARE_RWSEM(), tsm_report_privlevel_store(), tsm_report_privlevel_floor_show(), CONFIGFS_ATTR_RO(), tsm_report_read(), tsm_report_make_item(), tsm_register() and tsm_unregister() functions in drivers/virt/coco/tsm.c. A local user can perform a denial of service (DoS) attack.
145) NULL pointer dereference (CVE-ID: CVE-2025-38208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the automount_fullpath() function in fs/smb/client/namespace.c. A local user can perform a denial of service (DoS) attack.
146) Double free (CVE-ID: CVE-2025-38206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the exfat_free_upcase_table() function in fs/exfat/nls.c. A local user can perform a denial of service (DoS) attack.
147) Division by zero (CVE-ID: CVE-2025-38205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the populate_dummy_dml_surface_cfg() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c. A local user can perform a denial of service (DoS) attack.
148) Out-of-bounds read (CVE-ID: CVE-2025-38204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtInitRoot() and add_missing_indices() functions in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
149) NULL pointer dereference (CVE-ID: CVE-2025-38203)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jfs_ioc_trim() function in fs/jfs/jfs_discard.c. A local user can perform a denial of service (DoS) attack.
150) Resource management error (CVE-ID: CVE-2025-38202)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_3() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
151) Buffer overflow (CVE-ID: CVE-2025-38201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
152) Integer underflow (CVE-ID: CVE-2025-38200)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the i40e_pf_reset() function in drivers/net/ethernet/intel/i40e/i40e_common.c. A local user can execute arbitrary code.
153) Memory leak (CVE-ID: CVE-2025-38199)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_mac_station_add() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.
154) NULL pointer dereference (CVE-ID: CVE-2025-38198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fbcon_info_from_console() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
155) NULL pointer dereference (CVE-ID: CVE-2025-38197)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the packet_read_list() and packet_empty_list() functions in drivers/platform/x86/dell/dell_rbu.c. A local user can perform a denial of service (DoS) attack.
156) Resource management error (CVE-ID: CVE-2025-38196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_clone_buffers() function in io_uring/rsrc.c. A local user can perform a denial of service (DoS) attack.
157) Input validation error (CVE-ID: CVE-2025-38194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
158) NULL pointer dereference (CVE-ID: CVE-2025-38192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_skb_change_protocol(), bpf_skb_proto_4_to_6(), bpf_skb_proto_6_to_4(), bpf_skb_net_grow() and bpf_skb_net_shrink() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
159) NULL pointer dereference (CVE-ID: CVE-2025-38191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
160) NULL pointer dereference (CVE-ID: CVE-2025-38189)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_job_update_stats() function in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.
161) Memory leak (CVE-ID: CVE-2025-38188)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the a6xx_set_pagetable() function in drivers/gpu/drm/msm/adreno/a6xx_gpu.c. A local user can perform a denial of service (DoS) attack.
162) NULL pointer dereference (CVE-ID: CVE-2025-38186)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bnxt_ulp_stop() and bnxt_ulp_start() functions in drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c. A local user can perform a denial of service (DoS) attack.
163) NULL pointer dereference (CVE-ID: CVE-2025-38184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
164) Out-of-bounds read (CVE-ID: CVE-2025-38183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/microchip/lan743x_ptp.h. A local user can perform a denial of service (DoS) attack.
165) Input validation error (CVE-ID: CVE-2025-38182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
166) Improper error handling (CVE-ID: CVE-2025-38181)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the calipso_req_setattr() and calipso_req_delattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
167) Out-of-bounds read (CVE-ID: CVE-2025-38179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb_extract_folioq_to_rdma() function in fs/smb/client/smbdirect.c. A local user can perform a denial of service (DoS) attack.
168) Buffer overflow (CVE-ID: CVE-2025-38090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riocm_ch_send() function in drivers/rapidio/rio_cm.c. A local user can perform a denial of service (DoS) attack.
169) NULL pointer dereference (CVE-ID: CVE-2025-38089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svc_process_common() function in net/sunrpc/svc.c. A local user can perform a denial of service (DoS) attack.
170) Use-after-free (CVE-ID: CVE-2025-38087)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_dev_notifier() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
171) Use of uninitialized resource (CVE-ID: CVE-2025-38086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ch9200_mdio_read() function in drivers/net/usb/ch9200.c. A local user can perform a denial of service (DoS) attack.
172) Buffer overflow (CVE-ID: CVE-2025-38085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the huge_pmd_unshare() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
173) Improper locking (CVE-ID: CVE-2025-38084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_vma() function in mm/vma.c, within the hugetlb_vma_lock_free(), hugetlb_vm_op_split(), move_hugetlb_state() and hugetlb_unshare_pmds() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.