VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2025-68725Dec 24, 2025
    affected < 6.18.5-1.1fixed 6.18.5-1.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When

  • CVE-2025-68365Dec 24, 2025
    affected < 6.18.5-1.1fixed 6.18.5-1.1

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfs_read_hdr (3) - KMSAN: uninit-value in bcmp (3) Memory is allocated by __ge

  • CVE-2025-68358Dec 24, 2025
    affected < 6.18.5-1.1fixed 6.18.5-1.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix racy bitfield write in btrfs_clear_space_info_full() From the memory-barriers.txt document regarding memory barrier ordering guarantees: (*) These guarantees do not apply to bitfields, because comp

  • CVE-2025-68351Dec 24, 2025
    affected < 6.18.5-1.1fixed 6.18.5-1.1

    In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfat_find Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get_dentry_set` would increase the reference counter of `es->bh` on success. Therefo

  • CVE-2025-68337Dec 22, 2025
    affected < 6.18.5-1.1fixed 6.18.5-1.1

    In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: i

  • CVE-2025-68336Dec 22, 2025
    affected < 6.18.5-1.1fixed 6.18.5-1.1

    In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1:

  • CVE-2025-68335Dec 22, 2025
    affected < 6.18.5-1.1fixed 6.18.5-1.1

    In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->r

  • CVE-2025-68332Dec 22, 2025
    affected < 6.18.5-1.1fixed 6.18.5-1.1

    In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler

  • CVE-2025-68325Dec 18, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that

  • CVE-2025-68324Dec 18, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM

  • CVE-2025-68323Dec 18, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec->work The delayed work uec->work is scheduled in gaokun_ucsi_probe() but never properly canceled in gaokun_ucsi_remove(). This creates use-after-free scenarios

  • CVE-2025-68264Dec 16, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei->i_inline_size can become stale between the initial size check and when ext4_update_inline_data()/ext4_create_inline_data() use it. Although

  • CVE-2025-68263CriDec 16, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler (handle_generic_event()/han

  • CVE-2025-68262Dec 16, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstd_streams (per-CPU con

  • CVE-2025-68261Dec 16, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() changes the inode data layout b

  • CVE-2025-68260Dec 16, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix race condition on death_list Rust Binder contains the following unsafe operation: // SAFETY: A `NodeDeath` is never inserted into the death list // of any node other than its owner, so it is

  • CVE-2025-68259Dec 16, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or (select) INTn instruction, discard the exception and retry the instruction if the co

  • CVE-2025-68258Dec 16, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3_attach() Syzbot identified an issue [1] in multiq3_attach() that induces a task timeout due to open() or COMEDI_DEVCONFIG ioctl operations, specifically, in t

  • CVE-2025-68257Dec 16, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue [1] that crashes kernel, seemingly due to unexistent callback dev->get_valid_routes(). By all means, this should not occur as s

  • CVE-2025-68256Dec 16, 2025
    affected < 6.18.2-1.1fixed 6.18.2-1.1

    In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-b

Page 28 of 72