Vulnerability-Lookup

CVE-2025-38021 (GCVE-0-2025-38021)

Vulnerability from cvelistv5 – Published: 2025-06-18 09:28 – Updated: 2025-06-18 09:28

Title

drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Similar to commit 6a057072ddd1 ("drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe") that addresses a null pointer dereference on dcn20_update_dchubp_dpp. This is the same function hooked for update_dchubp_dpp in dcn401, with the same issue. Fix possible null pointer deference on dcn401_program_pipe too. (cherry picked from commit d8d47f739752227957d8efc0cb894761bfe1d879)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

CVE-2025-38021

Vulnerability from fstec - Published: 18.06.2025

Title

Уязвимость функции mlx5e_fix_uplink_rep_features операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции mlx5e_fix_uplink_rep_features ядра операционной системы Linux связана с ошибкой разыменования указателей. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, Red Hat Inc., Novell Inc.

Software Name

Debian GNU/Linux, Red Hat Enterprise Linux, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise High Performance Computing, OpenSUSE Leap, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise Real Time, SUSE Real Time Module, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Workstation Extension, SUSE Linux Enterprise High Availability Extension, SUSE Linux Enterprise Module for Legacy, Linux

Software Version

12 (Debian GNU/Linux), 9 (Red Hat Enterprise Linux), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15.6 (OpenSUSE Leap), 15 SP6 (SUSE Linux Enterprise Live Patching), 15 SP6 (SUSE Linux Enterprise Module for Public Cloud), 15 SP6 (SUSE Linux Enterprise Real Time), 15 SP6 (SUSE Real Time Module), 15 SP7 (Suse Linux Enterprise Desktop), 15 SP7 (SUSE Linux Enterprise High Performance Computing), 15 SP7 (Suse Linux Enterprise Server), 15 SP7 (SUSE Linux Enterprise Server for SAP Applications), 15 SP7 (SUSE Linux Enterprise Module for Basesystem), 15 SP7 (SUSE Linux Enterprise Module for Development Tools), 10 (Red Hat Enterprise Linux), 15 SP7 (SUSE Linux Enterprise Real Time), 15 SP7 (SUSE Linux Enterprise Workstation Extension), 15 SP7 (SUSE Linux Enterprise High Availability Extension), 15 SP7 (SUSE Linux Enterprise Live Patching), 15 SP7 (SUSE Linux Enterprise Module for Legacy), 15 SP7 (SUSE Linux Enterprise Module for Public Cloud), 15 SP7 (SUSE Real Time Module), от 6.6 до 6.6.92 (Linux), от 6.12 до 6.12.30 (Linux), от 6.14 до 6.14.8 (Linux), до 6.15 (Linux), от 6.1 до 6.1.140 (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://lore.kernel.org/linux-cve-announce/2025061846-CVE-2025-38020-e249@gregkh/ https://git.kernel.org/stable/c/1a69d53922c1221351739f17837d38e317234e5d https://git.kernel.org/stable/c/1e577aeb51e9deba4f2c10edfcb07cb3cb406598 https://git.kernel.org/stable/c/1f80e6ff026041721d8089da8c269b1963628325 https://git.kernel.org/stable/c/588431474eb7572e57a927fa8558c9ba2f8af143 https://git.kernel.org/stable/c/b48a47e137cedfd79655accaeeea6b296ad0b9e1 Для программных продуктов Red Hat Inc.: Компенсирующие меры: - минимизация пользовательских привилегий; - отключение/удаление неиспользуемых учётных записей пользователей; - контроль журналов аудита кластера для отслеживания попыток эксплуатации уязвимости. Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2025-38020.html Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2025-38020

Reference

https://lore.kernel.org/linux-cve-announce/2025061846-CVE-2025-38020-e249@gregkh/ https://git.kernel.org/stable/c/1a69d53922c1221351739f17837d38e317234e5d https://git.kernel.org/stable/c/1e577aeb51e9deba4f2c10edfcb07cb3cb406598 https://git.kernel.org/stable/c/1f80e6ff026041721d8089da8c269b1963628325 https://git.kernel.org/stable/c/588431474eb7572e57a927fa8558c9ba2f8af143 https://git.kernel.org/stable/c/b48a47e137cedfd79655accaeeea6b296ad0b9e1 https://www.suse.com/security/cve/CVE-2025-38020.html https://security-tracker.debian.org/tracker/CVE-2025-38020

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:H/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Red Hat Inc., Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12 (Debian GNU/Linux), 9 (Red Hat Enterprise Linux), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15.6 (OpenSUSE Leap), 15 SP6 (SUSE Linux Enterprise Live Patching), 15 SP6 (SUSE Linux Enterprise Module for Public Cloud), 15 SP6 (SUSE Linux Enterprise Real Time), 15 SP6 (SUSE Real Time Module), 15 SP7 (Suse Linux Enterprise Desktop), 15 SP7 (SUSE Linux Enterprise High Performance Computing), 15 SP7 (Suse Linux Enterprise Server), 15 SP7 (SUSE Linux Enterprise Server for SAP Applications), 15 SP7 (SUSE Linux Enterprise Module for Basesystem), 15 SP7 (SUSE Linux Enterprise Module for Development Tools), 10 (Red Hat Enterprise Linux), 15 SP7 (SUSE Linux Enterprise Real Time), 15 SP7 (SUSE Linux Enterprise Workstation Extension), 15 SP7 (SUSE Linux Enterprise High Availability Extension), 15 SP7 (SUSE Linux Enterprise Live Patching), 15 SP7 (SUSE Linux Enterprise Module for Legacy), 15 SP7 (SUSE Linux Enterprise Module for Public Cloud), 15 SP7 (SUSE Real Time Module), \u043e\u0442 6.6 \u0434\u043e 6.6.92 (Linux), \u043e\u0442 6.12 \u0434\u043e 6.12.30 (Linux), \u043e\u0442 6.14 \u0434\u043e 6.14.8 (Linux), \u0434\u043e 6.15 (Linux), \u043e\u0442 6.1 \u0434\u043e 6.1.140 (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2025061846-CVE-2025-38020-e249@gregkh/\nhttps://git.kernel.org/stable/c/1a69d53922c1221351739f17837d38e317234e5d\t\nhttps://git.kernel.org/stable/c/1e577aeb51e9deba4f2c10edfcb07cb3cb406598\t\nhttps://git.kernel.org/stable/c/1f80e6ff026041721d8089da8c269b1963628325\t\nhttps://git.kernel.org/stable/c/588431474eb7572e57a927fa8558c9ba2f8af143\t\nhttps://git.kernel.org/stable/c/b48a47e137cedfd79655accaeeea6b296ad0b9e1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0430\u0443\u0434\u0438\u0442\u0430 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2025-38020.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-38020",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.09.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.09.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-10611",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-38021",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Red Hat Enterprise Linux, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise High Performance Computing, OpenSUSE Leap, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise Real Time, SUSE Real Time Module, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Workstation Extension, SUSE Linux Enterprise High Availability Extension, SUSE Linux Enterprise Module for Legacy, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 , Novell Inc. OpenSUSE Leap 15.6 , Novell Inc. SUSE Linux Enterprise Real Time 15 SP6 , Novell Inc. Suse Linux Enterprise Desktop 15 SP7 , Novell Inc. Suse Linux Enterprise Server 15 SP7 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP7 , Red Hat Inc. Red Hat Enterprise Linux 10 , Novell Inc. SUSE Linux Enterprise Real Time 15 SP7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.6 \u0434\u043e 6.6.92 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.12 \u0434\u043e 6.12.30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.14 \u0434\u043e 6.14.8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 6.15 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.1 \u0434\u043e 6.1.140 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mlx5e_fix_uplink_rep_features \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mlx5e_fix_uplink_rep_features \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lore.kernel.org/linux-cve-announce/2025061846-CVE-2025-38020-e249@gregkh/\nhttps://git.kernel.org/stable/c/1a69d53922c1221351739f17837d38e317234e5d\t\nhttps://git.kernel.org/stable/c/1e577aeb51e9deba4f2c10edfcb07cb3cb406598\t\nhttps://git.kernel.org/stable/c/1f80e6ff026041721d8089da8c269b1963628325\t\nhttps://git.kernel.org/stable/c/588431474eb7572e57a927fa8558c9ba2f8af143\t\nhttps://git.kernel.org/stable/c/b48a47e137cedfd79655accaeeea6b296ad0b9e1\nhttps://www.suse.com/security/cve/CVE-2025-38020.html\nhttps://security-tracker.debian.org/tracker/CVE-2025-38020",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,8)"
}

CERTFR-2025-AVI-0721

Vulnerability from certfr_avis - Published: 2025-08-22 - Updated: 2025-08-22

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 20.04 ESM
Ubuntu	Ubuntu	Ubuntu 24.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 ESM
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-7704-1	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7703-1	2025-08-19	vendor-advisory
Bulletin de sécurité Ubuntu USN-7704-4	2025-08-21	vendor-advisory
Bulletin de sécurité Ubuntu USN-7704-3	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7701-3	2025-08-21	vendor-advisory
Bulletin de sécurité Ubuntu USN-7682-6	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7703-2	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7703-3	2025-08-21	vendor-advisory
Bulletin de sécurité Ubuntu USN-7701-1	2025-08-19	vendor-advisory
Bulletin de sécurité Ubuntu USN-7704-2	2025-08-19	vendor-advisory
Bulletin de sécurité Ubuntu USN-7699-2	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7701-2	2025-08-20	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 20.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 24.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 22.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-21861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
    },
    {
      "name": "CVE-2024-58088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
    },
    {
      "name": "CVE-2025-38043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
    },
    {
      "name": "CVE-2025-21783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21783"
    },
    {
      "name": "CVE-2025-21786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
    },
    {
      "name": "CVE-2025-38002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38002"
    },
    {
      "name": "CVE-2025-21847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
    },
    {
      "name": "CVE-2025-21853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
    },
    {
      "name": "CVE-2025-21871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
    },
    {
      "name": "CVE-2025-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
    },
    {
      "name": "CVE-2025-21763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
    },
    {
      "name": "CVE-2025-37965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37965"
    },
    {
      "name": "CVE-2025-21796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
    },
    {
      "name": "CVE-2024-49950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
    },
    {
      "name": "CVE-2025-21768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
    },
    {
      "name": "CVE-2025-21864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
    },
    {
      "name": "CVE-2025-37961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37961"
    },
    {
      "name": "CVE-2025-38061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
    },
    {
      "name": "CVE-2025-21839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
    },
    {
      "name": "CVE-2025-38023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
    },
    {
      "name": "CVE-2025-21779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21779"
    },
    {
      "name": "CVE-2025-38004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
    },
    {
      "name": "CVE-2025-38016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38016"
    },
    {
      "name": "CVE-2025-21712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
    },
    {
      "name": "CVE-2025-21746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21746"
    },
    {
      "name": "CVE-2025-38066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
    },
    {
      "name": "CVE-2025-21836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
    },
    {
      "name": "CVE-2025-21781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
    },
    {
      "name": "CVE-2025-38022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
    },
    {
      "name": "CVE-2025-38068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
    },
    {
      "name": "CVE-2025-21772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
    },
    {
      "name": "CVE-2025-37971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37971"
    },
    {
      "name": "CVE-2025-21868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
    },
    {
      "name": "CVE-2025-38056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38056"
    },
    {
      "name": "CVE-2025-38027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38027"
    },
    {
      "name": "CVE-2025-21792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
    },
    {
      "name": "CVE-2025-37993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37993"
    },
    {
      "name": "CVE-2025-37955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37955"
    },
    {
      "name": "CVE-2025-38015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38015"
    },
    {
      "name": "CVE-2025-37958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
    },
    {
      "name": "CVE-2025-21855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
    },
    {
      "name": "CVE-2025-38065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
    },
    {
      "name": "CVE-2025-38031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
    },
    {
      "name": "CVE-2025-37950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37950"
    },
    {
      "name": "CVE-2025-21767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
    },
    {
      "name": "CVE-2025-38008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38008"
    },
    {
      "name": "CVE-2025-38011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38011"
    },
    {
      "name": "CVE-2025-21764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
    },
    {
      "name": "CVE-2024-58093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
    },
    {
      "name": "CVE-2025-38025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38025"
    },
    {
      "name": "CVE-2025-38034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
    },
    {
      "name": "CVE-2025-38095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38095"
    },
    {
      "name": "CVE-2025-21838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
    },
    {
      "name": "CVE-2025-21867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
    },
    {
      "name": "CVE-2025-21704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
    },
    {
      "name": "CVE-2025-21766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
    },
    {
      "name": "CVE-2025-38024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
    },
    {
      "name": "CVE-2024-57834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57834"
    },
    {
      "name": "CVE-2025-38078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
    },
    {
      "name": "CVE-2025-21791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
    },
    {
      "name": "CVE-2024-52559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
    },
    {
      "name": "CVE-2025-38077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
    },
    {
      "name": "CVE-2025-38005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
    },
    {
      "name": "CVE-2025-21795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
    },
    {
      "name": "CVE-2025-21758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
    },
    {
      "name": "CVE-2025-21780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
    },
    {
      "name": "CVE-2025-37969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
    },
    {
      "name": "CVE-2025-21787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
    },
    {
      "name": "CVE-2025-21776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
    },
    {
      "name": "CVE-2025-21706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
    },
    {
      "name": "CVE-2025-38014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38014"
    },
    {
      "name": "CVE-2025-38003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
    },
    {
      "name": "CVE-2025-38007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38007"
    },
    {
      "name": "CVE-2025-21760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
    },
    {
      "name": "CVE-2025-38079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
    },
    {
      "name": "CVE-2025-37964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37964"
    },
    {
      "name": "CVE-2025-21785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
    },
    {
      "name": "CVE-2024-58086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58086"
    },
    {
      "name": "CVE-2025-37999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37999"
    },
    {
      "name": "CVE-2025-38018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38018"
    },
    {
      "name": "CVE-2025-21857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
    },
    {
      "name": "CVE-2025-37797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
    },
    {
      "name": "CVE-2025-21848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
    },
    {
      "name": "CVE-2025-37952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37952"
    },
    {
      "name": "CVE-2025-38012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38012"
    },
    {
      "name": "CVE-2025-38019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38019"
    },
    {
      "name": "CVE-2025-21866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
    },
    {
      "name": "CVE-2025-38037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
    },
    {
      "name": "CVE-2025-37962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37962"
    },
    {
      "name": "CVE-2025-21862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
    },
    {
      "name": "CVE-2025-37972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37972"
    },
    {
      "name": "CVE-2025-38010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38010"
    },
    {
      "name": "CVE-2024-57977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
    },
    {
      "name": "CVE-2025-37970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
    },
    {
      "name": "CVE-2025-38013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38013"
    },
    {
      "name": "CVE-2025-37956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37956"
    },
    {
      "name": "CVE-2025-38094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
    },
    {
      "name": "CVE-2025-38072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
    },
    {
      "name": "CVE-2025-37967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
    },
    {
      "name": "CVE-2025-38075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
    },
    {
      "name": "CVE-2025-37949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
    },
    {
      "name": "CVE-2025-37957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37957"
    },
    {
      "name": "CVE-2025-38058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
    },
    {
      "name": "CVE-2025-21762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
    },
    {
      "name": "CVE-2025-38083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
    },
    {
      "name": "CVE-2025-21869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
    },
    {
      "name": "CVE-2024-54458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
    },
    {
      "name": "CVE-2025-37951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37951"
    },
    {
      "name": "CVE-2025-37947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37947"
    },
    {
      "name": "CVE-2025-21859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
    },
    {
      "name": "CVE-2025-21761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
    },
    {
      "name": "CVE-2025-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
    },
    {
      "name": "CVE-2025-21844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
    },
    {
      "name": "CVE-2025-21784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21784"
    },
    {
      "name": "CVE-2024-58020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
    },
    {
      "name": "CVE-2025-37973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37973"
    },
    {
      "name": "CVE-2025-37996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37996"
    },
    {
      "name": "CVE-2025-21775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21775"
    },
    {
      "name": "CVE-2025-21846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
    },
    {
      "name": "CVE-2025-37998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
    },
    {
      "name": "CVE-2025-37968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37968"
    },
    {
      "name": "CVE-2025-38006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38006"
    },
    {
      "name": "CVE-2025-38048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
    },
    {
      "name": "CVE-2025-21765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
    },
    {
      "name": "CVE-2025-21782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
    },
    {
      "name": "CVE-2025-38009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
    },
    {
      "name": "CVE-2025-21870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
    },
    {
      "name": "CVE-2024-54456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
    },
    {
      "name": "CVE-2024-38541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
    },
    {
      "name": "CVE-2025-37994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
    },
    {
      "name": "CVE-2025-21773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21773"
    },
    {
      "name": "CVE-2025-21858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
    },
    {
      "name": "CVE-2025-37995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
    },
    {
      "name": "CVE-2025-21821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
    },
    {
      "name": "CVE-2025-38052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
    },
    {
      "name": "CVE-2025-38035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
    },
    {
      "name": "CVE-2025-37963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
    },
    {
      "name": "CVE-2024-50073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
    },
    {
      "name": "CVE-2025-37948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
    },
    {
      "name": "CVE-2025-21863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
    },
    {
      "name": "CVE-2025-21856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
    },
    {
      "name": "CVE-2025-37960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37960"
    },
    {
      "name": "CVE-2025-38051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
    },
    {
      "name": "CVE-2025-37954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37954"
    },
    {
      "name": "CVE-2025-38044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
    },
    {
      "name": "CVE-2025-37959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37959"
    },
    {
      "name": "CVE-2025-21793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21793"
    },
    {
      "name": "CVE-2025-21854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
    },
    {
      "name": "CVE-2023-52757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
    },
    {
      "name": "CVE-2025-21759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
    },
    {
      "name": "CVE-2023-52975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52975"
    },
    {
      "name": "CVE-2025-37966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37966"
    },
    {
      "name": "CVE-2025-38028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38028"
    },
    {
      "name": "CVE-2025-21790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
    },
    {
      "name": "CVE-2025-38020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38020"
    },
    {
      "name": "CVE-2025-21835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
    },
    {
      "name": "CVE-2025-38021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38021"
    }
  ],
  "initial_release_date": "2025-08-22T00:00:00",
  "last_revision_date": "2025-08-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0721",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-1",
      "url": "https://ubuntu.com/security/notices/USN-7704-1"
    },
    {
      "published_at": "2025-08-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7703-1",
      "url": "https://ubuntu.com/security/notices/USN-7703-1"
    },
    {
      "published_at": "2025-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-4",
      "url": "https://ubuntu.com/security/notices/USN-7704-4"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-3",
      "url": "https://ubuntu.com/security/notices/USN-7704-3"
    },
    {
      "published_at": "2025-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7701-3",
      "url": "https://ubuntu.com/security/notices/USN-7701-3"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7682-6",
      "url": "https://ubuntu.com/security/notices/USN-7682-6"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7703-2",
      "url": "https://ubuntu.com/security/notices/USN-7703-2"
    },
    {
      "published_at": "2025-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7703-3",
      "url": "https://ubuntu.com/security/notices/USN-7703-3"
    },
    {
      "published_at": "2025-08-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7701-1",
      "url": "https://ubuntu.com/security/notices/USN-7701-1"
    },
    {
      "published_at": "2025-08-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-2",
      "url": "https://ubuntu.com/security/notices/USN-7704-2"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7699-2",
      "url": "https://ubuntu.com/security/notices/USN-7699-2"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7701-2",
      "url": "https://ubuntu.com/security/notices/USN-7701-2"
    }
  ]
}

GHSA-FV54-4G3V-MW5V

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 21:30

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp

Similar to commit 6a057072ddd1 ("drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe") that addresses a null pointer dereference on dcn20_update_dchubp_dpp. This is the same function hooked for update_dchubp_dpp in dcn401, with the same issue. Fix possible null pointer deference on dcn401_program_pipe too.

(cherry picked from commit d8d47f739752227957d8efc0cb894761bfe1d879)

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-38021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T10:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check of pipe_ctx-\u003eplane_state for update_dchubp_dpp\n\nSimilar to commit 6a057072ddd1 (\"drm/amd/display: Fix null check for\npipe_ctx-\u003eplane_state in dcn20_program_pipe\") that addresses a null\npointer dereference on dcn20_update_dchubp_dpp. This is the same\nfunction hooked for update_dchubp_dpp in dcn401, with the same issue.\nFix possible null pointer deference on dcn401_program_pipe too.\n\n(cherry picked from commit d8d47f739752227957d8efc0cb894761bfe1d879)",
  "id": "GHSA-fv54-4g3v-mw5v",
  "modified": "2025-11-14T21:30:27Z",
  "published": "2025-06-18T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38021"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4679061fb25344d6010ce7b9bebac21c91a0b75a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3b7e65b6be59e686e163fa1ceb0922f996897c2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-38021

Vulnerability from fkie_nvd - Published: 2025-06-18 10:15 - Updated: 2025-11-14 19:01

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4679061fb25344d6010ce7b9bebac21c91a0b75a	Patch
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a3b7e65b6be59e686e163fa1ceb0922f996897c2	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	6.15
linux	linux_kernel	6.15
linux	linux_kernel	6.15
linux	linux_kernel	6.15
linux	linux_kernel	6.15
linux	linux_kernel	6.15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D683EB-C1CA-489A-8B09-BA2523EA4F0C",
              "versionEndExcluding": "6.14.8",
              "versionStartIncluding": "6.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4C9D071F-B28E-46EC-AC61-22B913390211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "13FC0DDE-E513-465E-9E81-515702D49B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "8C7B5B0E-4EEB-48F5-B4CF-0935A7633845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2D240580-3048-49B2-9E27-F115A9DF8224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "90320558-E553-4EF5-8A0B-0F5D20113BD2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check of pipe_ctx-\u003eplane_state for update_dchubp_dpp\n\nSimilar to commit 6a057072ddd1 (\"drm/amd/display: Fix null check for\npipe_ctx-\u003eplane_state in dcn20_program_pipe\") that addresses a null\npointer dereference on dcn20_update_dchubp_dpp. This is the same\nfunction hooked for update_dchubp_dpp in dcn401, with the same issue.\nFix possible null pointer deference on dcn401_program_pipe too.\n\n(cherry picked from commit d8d47f739752227957d8efc0cb894761bfe1d879)"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Se corrige la comprobaci\u00f3n nula de pipe_ctx-\u0026gt;plane_state para update_dchubp_dpp. Similar a el commit 6a057072ddd1 (\"drm/amd/display: Se corrige la comprobaci\u00f3n nula de pipe_ctx-\u0026gt;plane_state en dcn20_program_pipe\"), que soluciona una desreferencia de puntero nulo en dcn20_update_dchubp_dpp. Esta es la misma funci\u00f3n asociada a update_dchubp_dpp en dcn401, con el mismo problema. Tambi\u00e9n se corrige una posible desreferencia de puntero nulo en dcn401_program_pipe. (Seleccionado de el commit d8d47f739752227957d8efc0cb894761bfe1d879)"
    }
  ],
  "id": "CVE-2025-38021",
  "lastModified": "2025-11-14T19:01:13.340",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-18T10:15:33.827",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4679061fb25344d6010ce7b9bebac21c91a0b75a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a3b7e65b6be59e686e163fa1ceb0922f996897c2"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-38021 (GCVE-0-2025-38021)

CVE-2025-38021

CERTFR-2025-AVI-0721

Solutions

GHSA-FV54-4G3V-MW5V

FKIE_CVE-2025-38021

Tags

Sightings

Nomenclature