rpm package
opensuse/kernel-azure&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2016.0
Vulnerabilities (643)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68207 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind ope | ||
| CVE-2025-68206 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload (IP, port) on the ftp control conn | ||
| CVE-2025-68202 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix unsafe locking in the scx_dump_state() For built with CONFIG_PREEMPT_RT=y kernels, the dump_lock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur: incon | ||
| CVE-2025-68201 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace. | ||
| CVE-2025-68200 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). WARNING: CPU: 0 PID: 5965 at net/core/skbu | ||
| CVE-2025-68198 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objec | ||
| CVE-2025-68197 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been initialized. This will resu | ||
| CVE-2025-68195 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode Running x86_match_min_microcode_rev() on a Zen5 CPU trips up KASAN for an out of bounds access. | ||
| CVE-2025-68194 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. First problem is that when usb_rx_callback_intf0( | ||
| CVE-2025-68192 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystem | ||
| CVE-2025-68190 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a po | ||
| CVE-2025-68188 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. | ||
| CVE-2025-68186 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up The function ring_buffer_map_get_reader() is a bit more strict than the other get reader functions, and except for certain situati | ||
| CVE-2025-68185 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, | ||
| CVE-2025-68184 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM driver") added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modif | ||
| CVE-2025-68183 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in se | ||
| CVE-2025-68181 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drm_put_dev() Since the allocation of the drivers main structure was changed to devm_drm_dev_alloc() drm_put_dev()'ing to trigger it to be free'd should be done by devres. However, | ||
| CVE-2025-68180 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref in debugfs odm_combine_segments When a connector is connected but inactive (e.g., disabled by desktop environments), pipe_ctx->stream_res.tg will be destroyed. Then, reading odm_ | ||
| CVE-2025-68178 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix possible deadlock while configuring policy Following deadlock can be triggered easily by lockdep: WARNING: possible circular locking dependency detected 6.17.0-rc3-00124-ga12c2658ced0 #1665 Not | ||
| CVE-2025-68176 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie::ops before using it cdns_pcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doe |
- CVE-2025-68207Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind ope
- CVE-2025-68206Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload (IP, port) on the ftp control conn
- CVE-2025-68202Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix unsafe locking in the scx_dump_state() For built with CONFIG_PREEMPT_RT=y kernels, the dump_lock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur: incon
- CVE-2025-68201Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace.
- CVE-2025-68200Dec 16, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). WARNING: CPU: 0 PID: 5965 at net/core/skbu
- CVE-2025-68198Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objec
- CVE-2025-68197Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been initialized. This will resu
- CVE-2025-68195Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode Running x86_match_min_microcode_rev() on a Zen5 CPU trips up KASAN for an out of bounds access.
- CVE-2025-68194Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. First problem is that when usb_rx_callback_intf0(
- CVE-2025-68192Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystem
- CVE-2025-68190Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a po
- CVE-2025-68188Dec 16, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags.
- CVE-2025-68186Dec 16, 2025affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up The function ring_buffer_map_get_reader() is a bit more strict than the other get reader functions, and except for certain situati
- CVE-2025-68185Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM,
- CVE-2025-68184Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM driver") added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modif
- CVE-2025-68183Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in se
- CVE-2025-68181Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drm_put_dev() Since the allocation of the drivers main structure was changed to devm_drm_dev_alloc() drm_put_dev()'ing to trigger it to be free'd should be done by devres. However,
- CVE-2025-68180Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref in debugfs odm_combine_segments When a connector is connected but inactive (e.g., disabled by desktop environments), pipe_ctx->stream_res.tg will be destroyed. Then, reading odm_
- CVE-2025-68178Dec 16, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix possible deadlock while configuring policy Following deadlock can be triggered easily by lockdep: WARNING: possible circular locking dependency detected 6.17.0-rc3-00124-ga12c2658ced0 #1665 Not
- CVE-2025-68176Dec 16, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie::ops before using it cdns_pcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doe
Page 23 of 33