rpm package
opensuse/kernel-azure&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2016.0
Vulnerabilities (643)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40225 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix kernel panic on partial unmap of a GPU VA region This commit address a kernel panic issue that can happen if Userspace tries to partially unmap a GPU virtual region (aka drm_gpuva). The VM_BIND | ||
| CVE-2025-40223 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: most: usb: Fix use-after-free in hdm_disconnect hdm_disconnect() calls most_deregister_interface(), which eventually unregisters the MOST interface device with device_unregister(iface->dev). If that drops the l | ||
| CVE-2025-40251 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific `rate_l | ||
| CVE-2025-40221 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: pci: mg4b: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the `scan` structure is zeroed before use. | ||
| CVE-2025-40220 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor | ||
| CVE-2025-40219 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV") tried to fix a race between the VF removal inside sriov_ | ||
| CVE-2025-40218 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table walk callback function. Th | ||
| CVE-2025-40215 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists and hashtables) as the last user state that needed that fallback is destroyed (not deleted). If a | ||
| CVE-2025-40214 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro. The repro consists of three stages | ||
| CVE-2025-40213 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Nov 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to memcpy from badly declared on-stack flexible array. Another crash is in set_ | ||
| CVE-2025-40212 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Nov 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsd_set_fh_dentry() nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 | ||
| CVE-2025-40211 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Nov 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during | ||
| CVE-2025-40209 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Nov 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation When btrfs_add_qgroup_relation() is called with invalid qgroup levels (src >= dst), the function returns -EINVAL directly without freeing the p | ||
| CVE-2025-40195 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully. | ||
| CVE-2025-40190 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1). | ||
| CVE-2025-40179 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with ab | ||
| CVE-2025-40170 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_for | ||
| CVE-2025-40167 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is | ||
| CVE-2025-40160 | — | < 6.12.0-160000.9.1 | 6.12.0-160000.9.1 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propoga | ||
| CVE-2025-40147 | — | < 6.12.0-160000.26.1 | 6.12.0-160000.26.1 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blk_should_throtl() when throttling is consulted before the throttle policy is |
- CVE-2025-40225Dec 4, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix kernel panic on partial unmap of a GPU VA region This commit address a kernel panic issue that can happen if Userspace tries to partially unmap a GPU virtual region (aka drm_gpuva). The VM_BIND
- CVE-2025-40223Dec 4, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: most: usb: Fix use-after-free in hdm_disconnect hdm_disconnect() calls most_deregister_interface(), which eventually unregisters the MOST interface device with device_unregister(iface->dev). If that drops the l
- CVE-2025-40251Dec 4, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific `rate_l
- CVE-2025-40221Dec 4, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: media: pci: mg4b: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the `scan` structure is zeroed before use.
- CVE-2025-40220Dec 4, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor
- CVE-2025-40219Dec 4, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV") tried to fix a race between the VF removal inside sriov_
- CVE-2025-40218Dec 4, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table walk callback function. Th
- CVE-2025-40215Dec 4, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists and hashtables) as the last user state that needed that fallback is destroyed (not deleted). If a
- CVE-2025-40214Dec 4, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro. The repro consists of three stages
- CVE-2025-40213Nov 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to memcpy from badly declared on-stack flexible array. Another crash is in set_
- CVE-2025-40212Nov 24, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsd_set_fh_dentry() nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3
- CVE-2025-40211Nov 21, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during
- CVE-2025-40209Nov 21, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation When btrfs_add_qgroup_relation() is called with invalid qgroup levels (src >= dst), the function returns -EINVAL directly without freeing the p
- CVE-2025-40195Nov 12, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully.
- CVE-2025-40190Nov 12, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1).
- CVE-2025-40179Nov 12, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with ab
- CVE-2025-40170Nov 12, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_for
- CVE-2025-40167Nov 12, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is
- CVE-2025-40160Nov 12, 2025affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1
In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propoga
- CVE-2025-40147Nov 12, 2025affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1
In the Linux kernel, the following vulnerability has been resolved: blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blk_should_throtl() when throttling is consulted before the throttle policy is
Page 29 of 33