rpm package
opensuse/kernel-azure&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2016.0
Vulnerabilities (643)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68736 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories Disconnected files or directories can appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mou | ||
| CVE-2025-68735 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF in group creation This commit prevents the possibility of a use after free issue in the GROUP_CREATE ioctl function, which arose as pointer to the group is accessed in that io | ||
| CVE-2025-68749 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it gets unmapped. Then file_p | ||
| CVE-2025-68732 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex locking. This ensures no threa | ||
| CVE-2025-68724 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k | ||
| CVE-2025-68380 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix peer HE MCS assignment In ath11k_wmi_send_peer_assoc_cmd(), peer's transmit MCS is sent to firmware as receive MCS while peer's receive MCS sent as transmit MCS, which goes against firmwire's | ||
| CVE-2025-68379 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure A NULL pointer dereference can occur in rxe_srq_chk_attr() when ibv_modify_srq() is invoked twice in succession under certain error conditions. The | ||
| CVE-2025-68378 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check in __bpf_get_stackid() Syzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid() when copying stack trace data. The issue occurs when the perf trace contains m | ||
| CVE-2025-68376 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: coresight: ETR: Fix ETR buffer use-after-free issue When ETR is enabled as CS_MODE_SYSFS, if the buffer size is changed and enabled again, currently sysfs_buf will point to the newly allocated memory(buf_new) a | ||
| CVE-2025-68374 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: md: fix rcu protection in md_wakeup_thread We attempted to use RCU to protect the pointer 'thread', but directly passed the value when calling md_wakeup_thread(). This means that the RCU pointer has been acquir | ||
| CVE-2025-68372 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: nbd: defer config put in recv_work There is one uaf issue in recv_work when running NBD_CLEAR_SOCK and NBD_CMD_RECONFIGURE: nbd_genl_connect // conf_ref=2 (connect and recv_work A) nbd_open // co | ||
| CVE-2025-68371 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix device resources accessed after device removal Correct possible race conditions during device removal. Previously, a scheduled work item to reset a LUN could still execute after the device | ||
| CVE-2025-68368 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: md: init bioset in mddev_init IO operations may be needed before md_run(), such as updating metadata after writing sysfs. Without bioset, this triggers a NULL pointer dereference as below: BUG: kernel NULL po | ||
| CVE-2025-68367 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------[ cut here ]------------ li | ||
| CVE-2025-68366 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic | ||
| CVE-2025-68363 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0 | ||
| CVE-2025-68362 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not | ||
| CVE-2025-68361 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: erofs: limit the level of fs stacking for file-backed mounts Otherwise, it could cause potential kernel stack overflow (e.g., EROFS mounting itself). | ||
| CVE-2025-68360 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks MT7996 driver can use both wed and wed_hif2 devices to offload traffic from/to the wireless NIC. In the current codebase we assume to alwa | ||
| CVE-2025-68359 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree() scenario when calling add_delayed_ref_head(). This could happen |
- CVE-2025-68736Dec 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories Disconnected files or directories can appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mou
- CVE-2025-68735Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF in group creation This commit prevents the possibility of a use after free issue in the GROUP_CREATE ioctl function, which arose as pointer to the group is accessed in that io
- CVE-2025-68749Dec 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it gets unmapped. Then file_p
- CVE-2025-68732Dec 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex locking. This ensures no threa
- CVE-2025-68724Dec 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k
- CVE-2025-68380Dec 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix peer HE MCS assignment In ath11k_wmi_send_peer_assoc_cmd(), peer's transmit MCS is sent to firmware as receive MCS while peer's receive MCS sent as transmit MCS, which goes against firmwire's
- CVE-2025-68379Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure A NULL pointer dereference can occur in rxe_srq_chk_attr() when ibv_modify_srq() is invoked twice in succession under certain error conditions. The
- CVE-2025-68378Dec 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check in __bpf_get_stackid() Syzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid() when copying stack trace data. The issue occurs when the perf trace contains m
- CVE-2025-68376Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: coresight: ETR: Fix ETR buffer use-after-free issue When ETR is enabled as CS_MODE_SYSFS, if the buffer size is changed and enabled again, currently sysfs_buf will point to the newly allocated memory(buf_new) a
- CVE-2025-68374Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: md: fix rcu protection in md_wakeup_thread We attempted to use RCU to protect the pointer 'thread', but directly passed the value when calling md_wakeup_thread(). This means that the RCU pointer has been acquir
- CVE-2025-68372Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config put in recv_work There is one uaf issue in recv_work when running NBD_CLEAR_SOCK and NBD_CMD_RECONFIGURE: nbd_genl_connect // conf_ref=2 (connect and recv_work A) nbd_open // co
- CVE-2025-68371Dec 24, 2025affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix device resources accessed after device removal Correct possible race conditions during device removal. Previously, a scheduled work item to reset a LUN could still execute after the device
- CVE-2025-68368Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: md: init bioset in mddev_init IO operations may be needed before md_run(), such as updating metadata after writing sysfs. Without bioset, this triggers a NULL pointer dereference as below: BUG: kernel NULL po
- CVE-2025-68367Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------[ cut here ]------------ li
- CVE-2025-68366Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic
- CVE-2025-68363Dec 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0
- CVE-2025-68362Dec 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not
- CVE-2025-68361Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: erofs: limit the level of fs stacking for file-backed mounts Otherwise, it could cause potential kernel stack overflow (e.g., EROFS mounting itself).
- CVE-2025-68360Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks MT7996 driver can use both wed and wed_hif2 devices to offload traffic from/to the wireless NIC. In the current codebase we assume to alwa
- CVE-2025-68359Dec 24, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree() scenario when calling add_delayed_ref_head(). This could happen
Page 18 of 33