rpm package
opensuse/kernel-azure&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2016.0
Vulnerabilities (643)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23179 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed while in TCP_LISTEN a callback is run to flush all outstanding packets, which in turns calls nvmet_tcp_listen_data_ready() with t | ||
| CVE-2026-23178 | Hig | 7.8 | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data into `ihid->rawbuf`. The former can come from the userspace in the h | |
| CVE-2026-23177 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm, shmem: prevent infinite loop on truncate race When truncating a large swap entry, shmem_free_swap() returns 0 when the entry's index doesn't match the given index due to lookup alignment. The failure fallb | ||
| CVE-2026-23176 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines toshiba_haps_add() leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshiba_haps_remov | ||
| CVE-2025-71224 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only present after JOIN_OCB. RX may run before JOIN_OCB is executed, in whic | ||
| CVE-2026-23208 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize[0] 22 packsize[1] 23. The buffer size for each d | ||
| CVE-2026-23202 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer The curr_xfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing curr_xfer in th | ||
| CVE-2026-23201 | — | < 6.12.0-160000.28.1 | 6.12.0-160000.28.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree() in parse_longname() This fixes a kernel oops when reading ceph snapshot directories (.snap), for example by simply running `ls /mnt/my_ceph/.snap`. The variabl | ||
| CVE-2026-23190 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops | ||
| CVE-2026-23189 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in ceph_mds_auth_match() The CephFS kernel client has regression starting from 6.18-rc1. We have issue in ceph_mds_auth_match() if fs_name == NULL: const char fs_name = m | ||
| CVE-2026-23188 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: **** DPM device timeout after 10 seconds; 15 seconds until panic **** Call | ||
| CVE-2026-23187 | — | < 6.12.0-160000.28.1 | 6.12.0-160000.28.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove(). | ||
| CVE-2025-71222 | — | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skb_push This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is less than needed (typically 110 - 94 = 16 bytes). | ||
| CVE-2026-23172 | Hig | 8.4 | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb->frags overflow in RX path When receiving data in the DPMAIF RX path, the t7xx_dpmaif_set_frag_to_skb() function adds page fragments to an skb without checking if the number o | |
| CVE-2026-23171 | Hig | 7.8 | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failure after the new slave has been added to the array. Since the new slave can be use | |
| CVE-2026-23169 | Hig | 7.8 | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id() and/or mptcp_pm_nl_is_backup() Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs | |
| CVE-2026-23161 | Hig | 7.3 | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix race of truncate and swap entry split The helper for shmem swap freeing is not handling the order of swap entries correctly. It uses xa_cmpxchg_irq to erase the swap entry, but it gets the | |
| CVE-2026-23155 | Med | 5.5 | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix error message Sinc commit 79a6d1bfe114 ("can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error") a failing resubmit URB will print | |
| CVE-2026-23151 | Med | 5.5 | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in set_ssp_complete Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures are not freed after being removed from the pending list. Commit 302a1f674c00 ("Bluet | |
| CVE-2026-23148 | Hig | 7.5 | < 6.12.0-160000.27.1 | 6.12.0-160000.27.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference There is a race condition in nvmet_bio_done() that can cause a NULL pointer dereference in blk_cgroup_bio_start(): 1. nvmet_bio_done() is |
- CVE-2026-23179Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed while in TCP_LISTEN a callback is run to flush all outstanding packets, which in turns calls nvmet_tcp_listen_data_ready() with t
- affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data into `ihid->rawbuf`. The former can come from the userspace in the h
- CVE-2026-23177Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: mm, shmem: prevent infinite loop on truncate race When truncating a large swap entry, shmem_free_swap() returns 0 when the entry's index doesn't match the given index due to lookup alignment. The failure fallb
- CVE-2026-23176Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines toshiba_haps_add() leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshiba_haps_remov
- CVE-2025-71224Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only present after JOIN_OCB. RX may run before JOIN_OCB is executed, in whic
- CVE-2026-23208Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize[0] 22 packsize[1] 23. The buffer size for each d
- CVE-2026-23202Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer The curr_xfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing curr_xfer in th
- CVE-2026-23201Feb 14, 2026affected < 6.12.0-160000.28.1fixed 6.12.0-160000.28.1
In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree() in parse_longname() This fixes a kernel oops when reading ceph snapshot directories (.snap), for example by simply running `ls /mnt/my_ceph/.snap`. The variabl
- CVE-2026-23190Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops
- CVE-2026-23189Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in ceph_mds_auth_match() The CephFS kernel client has regression starting from 6.18-rc1. We have issue in ceph_mds_auth_match() if fs_name == NULL: const char fs_name = m
- CVE-2026-23188Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: **** DPM device timeout after 10 seconds; 15 seconds until panic **** Call
- CVE-2026-23187Feb 14, 2026affected < 6.12.0-160000.28.1fixed 6.12.0-160000.28.1
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove().
- CVE-2025-71222Feb 14, 2026affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skb_push This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is less than needed (typically 110 - 94 = 16 bytes).
- affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb->frags overflow in RX path When receiving data in the DPMAIF RX path, the t7xx_dpmaif_set_frag_to_skb() function adds page fragments to an skb without checking if the number o
- affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failure after the new slave has been added to the array. Since the new slave can be use
- affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id() and/or mptcp_pm_nl_is_backup() Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs
- affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix race of truncate and swap entry split The helper for shmem swap freeing is not handling the order of swap entries correctly. It uses xa_cmpxchg_irq to erase the swap entry, but it gets the
- affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix error message Sinc commit 79a6d1bfe114 ("can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error") a failing resubmit URB will print
- affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in set_ssp_complete Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures are not freed after being removed from the pending list. Commit 302a1f674c00 ("Bluet
- affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference There is a race condition in nvmet_bio_done() that can cause a NULL pointer dereference in blk_cgroup_bio_start(): 1. nvmet_bio_done() is
Page 4 of 33