rpm package
opensuse/kernel-source&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed
Vulnerabilities (1,435)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68725 | — | < 6.18.5-1.1 | 6.18.5-1.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When | ||
| CVE-2025-68365 | — | < 6.18.5-1.1 | 6.18.5-1.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfs_read_hdr (3) - KMSAN: uninit-value in bcmp (3) Memory is allocated by __ge | ||
| CVE-2025-68358 | — | < 6.18.5-1.1 | 6.18.5-1.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix racy bitfield write in btrfs_clear_space_info_full() From the memory-barriers.txt document regarding memory barrier ordering guarantees: (*) These guarantees do not apply to bitfields, because comp | ||
| CVE-2025-68351 | — | < 6.18.5-1.1 | 6.18.5-1.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfat_find Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get_dentry_set` would increase the reference counter of `es->bh` on success. Therefo | ||
| CVE-2025-68337 | — | < 6.18.5-1.1 | 6.18.5-1.1 | Dec 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: i | ||
| CVE-2025-68336 | — | < 6.18.5-1.1 | 6.18.5-1.1 | Dec 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: | ||
| CVE-2025-68335 | — | < 6.18.5-1.1 | 6.18.5-1.1 | Dec 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->r | ||
| CVE-2025-68332 | — | < 6.18.5-1.1 | 6.18.5-1.1 | Dec 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler | ||
| CVE-2025-68325 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that | ||
| CVE-2025-68324 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM | ||
| CVE-2025-68323 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec->work The delayed work uec->work is scheduled in gaokun_ucsi_probe() but never properly canceled in gaokun_ucsi_remove(). This creates use-after-free scenarios | ||
| CVE-2025-68264 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei->i_inline_size can become stale between the initial size check and when ext4_update_inline_data()/ext4_create_inline_data() use it. Although | ||
| CVE-2025-68263 | Cri | 9.8 | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler (handle_generic_event()/han | |
| CVE-2025-68262 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstd_streams (per-CPU con | ||
| CVE-2025-68261 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() changes the inode data layout b | ||
| CVE-2025-68260 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix race condition on death_list Rust Binder contains the following unsafe operation: // SAFETY: A `NodeDeath` is never inserted into the death list // of any node other than its owner, so it is | ||
| CVE-2025-68259 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or (select) INTn instruction, discard the exception and retry the instruction if the co | ||
| CVE-2025-68258 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3_attach() Syzbot identified an issue [1] in multiq3_attach() that induces a task timeout due to open() or COMEDI_DEVCONFIG ioctl operations, specifically, in t | ||
| CVE-2025-68257 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue [1] that crashes kernel, seemingly due to unexistent callback dev->get_valid_routes(). By all means, this should not occur as s | ||
| CVE-2025-68256 | — | < 6.18.2-1.1 | 6.18.2-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-b |
- CVE-2025-68725Dec 24, 2025affected < 6.18.5-1.1fixed 6.18.5-1.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When
- CVE-2025-68365Dec 24, 2025affected < 6.18.5-1.1fixed 6.18.5-1.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfs_read_hdr (3) - KMSAN: uninit-value in bcmp (3) Memory is allocated by __ge
- CVE-2025-68358Dec 24, 2025affected < 6.18.5-1.1fixed 6.18.5-1.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix racy bitfield write in btrfs_clear_space_info_full() From the memory-barriers.txt document regarding memory barrier ordering guarantees: (*) These guarantees do not apply to bitfields, because comp
- CVE-2025-68351Dec 24, 2025affected < 6.18.5-1.1fixed 6.18.5-1.1
In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfat_find Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get_dentry_set` would increase the reference counter of `es->bh` on success. Therefo
- CVE-2025-68337Dec 22, 2025affected < 6.18.5-1.1fixed 6.18.5-1.1
In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: i
- CVE-2025-68336Dec 22, 2025affected < 6.18.5-1.1fixed 6.18.5-1.1
In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1:
- CVE-2025-68335Dec 22, 2025affected < 6.18.5-1.1fixed 6.18.5-1.1
In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->r
- CVE-2025-68332Dec 22, 2025affected < 6.18.5-1.1fixed 6.18.5-1.1
In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler
- CVE-2025-68325Dec 18, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that
- CVE-2025-68324Dec 18, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM
- CVE-2025-68323Dec 18, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec->work The delayed work uec->work is scheduled in gaokun_ucsi_probe() but never properly canceled in gaokun_ucsi_remove(). This creates use-after-free scenarios
- CVE-2025-68264Dec 16, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei->i_inline_size can become stale between the initial size check and when ext4_update_inline_data()/ext4_create_inline_data() use it. Although
- affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler (handle_generic_event()/han
- CVE-2025-68262Dec 16, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstd_streams (per-CPU con
- CVE-2025-68261Dec 16, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() changes the inode data layout b
- CVE-2025-68260Dec 16, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix race condition on death_list Rust Binder contains the following unsafe operation: // SAFETY: A `NodeDeath` is never inserted into the death list // of any node other than its owner, so it is
- CVE-2025-68259Dec 16, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or (select) INTn instruction, discard the exception and retry the instruction if the co
- CVE-2025-68258Dec 16, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3_attach() Syzbot identified an issue [1] in multiq3_attach() that induces a task timeout due to open() or COMEDI_DEVCONFIG ioctl operations, specifically, in t
- CVE-2025-68257Dec 16, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue [1] that crashes kernel, seemingly due to unexistent callback dev->get_valid_routes(). By all means, this should not occur as s
- CVE-2025-68256Dec 16, 2025affected < 6.18.2-1.1fixed 6.18.2-1.1
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-b
Page 28 of 72