VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2025-40087Oct 30, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout.

  • CVE-2025-40086Oct 30, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects (BOs) within the same VM under certain conditions, which may lead to NULL poin

  • CVE-2025-40090Oct 30, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 ("ksmbd: Fix race condition in RPC handle list access"), ksmbd_session_rpc_method() attempts to lock sess->rpc_lock. This cause

  • CVE-2025-40085Oct 29, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which wil

  • CVE-2025-40084Oct 29, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed

  • CVE-2025-40081Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB).

  • CVE-2025-40080Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 ("nbd: verify socket is supported during setup") made sure the socket supported a shutd

  • CVE-2025-40079Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct ops return values properly The ns_bpf_qdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58 Current test_prog

  • CVE-2025-40078Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which triggers: verifier bug: e

  • CVE-2025-40077Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation.

  • CVE-2025-40076Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-host: Pass proper IRQ domain to generic_handle_domain_irq() Starting with commit dd26c1a23fd5 ("PCI: rcar-host: Switch to msi_create_parent_irq_domain()"), the MSI parent IRQ domain is NULL because th

  • CVE-2025-40075Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: use dst_dev_net_rcu() Replace three dst_dev() with a lockdep enabled helper.

  • CVE-2025-40074Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup() to use lockdep enabled d

  • CVE-2025-40073Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already allocated for previous p

  • CVE-2025-40072Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return value of mnt_ns_from_dentry() before dereferencing The function do_fanotify_mark() does not validate if mnt_ns_from_dentry() returns NULL before dereferencing mntns->user_ns. This

  • CVE-2025-40071Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Don't block input queue by waiting MSC Currently gsm_queue() processes incoming frames and when opening a DLC channel it calls gsm_dlci_open() which calls gsm_modem_update(). If basic mode is used i

  • CVE-2025-40070Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in pps_register_cdev when register device fail Similar to previous commit 2a934fdb01db ("media: v4l2-dev: fix error handling in __video_register_device()"), the release hook should be set befor

  • CVE-2025-40069Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix obj leak in VM_BIND error path If we fail a handle-lookup part way thru, we need to drop the already obtained obj references. Patchwork: https://patchwork.freedesktop.org/patch/669784/

  • CVE-2025-40068Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in run_unpack() The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of

  • CVE-2025-40067Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blo

Page 30 of 72