rpm package
opensuse/kernel-source-longterm&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweed
Vulnerabilities (694)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40016 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function i | ||
| CVE-2025-40015 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32_csi_start', 'csidev->s_subdev' is dereferenced directly while assigning a value to the 'src_pad'. However the same value is being checked against NU | ||
| CVE-2025-40013 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error pointer. Add missing NULL ch | ||
| CVE-2025-40004 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying | ||
| CVE-2025-40003 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls cancel_delayed_work() in ocelot_stats_deinit() to cancel the cyclic delayed work item ocelot->stats_work. However, cance | ||
| CVE-2025-40002 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix use-after-free in tb_dp_dprx_work The original code relies on cancel_delayed_work() in tb_dp_dprx_stop(), which does not ensure that the delayed work item tunnel->dprx_work has fully completed | ||
| CVE-2025-40001 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue During the detaching of Marvell's SAS/SATA controller, the original code calls cancel_delayed_work() in mvs_free() to cancel the delayed work item mwq->wor | ||
| CVE-2025-40000 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() There is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to access already freed skb_data: BUG: KFENCE: use-after-free write in | ||
| CVE-2025-39999 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blk_mq_tags double free while nr_requests grown In the case user trigger tags grow by queue sysfs attribute nr_requests, hctx->sched_tags will be freed directly and replaced with a new allocated tag | ||
| CVE-2025-39998 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in target_lu_gp_members_show function located in | ||
| CVE-2025-39997 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f ("ALSA: usb-audio: Kill timer properly at removal") patched a UAF issue caused by the error timer. However, becau | ||
| CVE-2025-39996 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original code uses cancel_delayed_work() in flexcop_pci_remove(), which does not guarantee that the delayed work item irq_chec | ||
| CVE-2025-39995 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state->timer is a cyclic timer that schedules work_i2c_poll and delayed_work_enable_hotplug, while rearming itself. Using timer_ | ||
| CVE-2025-39994 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed_work() in xc5000_release(), which does not guarantee that the delayed work item timer_sleep has fully completed i | ||
| CVE-2025-39993 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-free in send_packet+0xa2d/0 | ||
| CVE-2025-39992 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm: swap: check for stable address space before operating on the VMA It is possible to hit a zero entry while traversing the vmas in unuse_mm() called from swapoff path and accessing it causes the OOPS: Unable | ||
| CVE-2025-39991 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() If ab->fw.m3_data points to data, then fw pointer remains null. Further, if m3_mem is not allocated, then fw is dereferenced to be passed to ath11k_err | ||
| CVE-2025-40300 | Med | 5.5 | < 6.18.16-1.1 | 6.18.16-1.1 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already | |
| CVE-2024-28956 | Med | 5.6 | < 6.18.16-1.1 | 6.18.16-1.1 | May 13, 2025 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2024-2201 | Med | 4.7 | < 6.12.11-1.1 | 6.12.11-1.1 | Dec 19, 2024 | A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. |
- CVE-2025-40016Oct 20, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function i
- CVE-2025-40015Oct 20, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32_csi_start', 'csidev->s_subdev' is dereferenced directly while assigning a value to the 'src_pad'. However the same value is being checked against NU
- CVE-2025-40013Oct 20, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error pointer. Add missing NULL ch
- CVE-2025-40004Oct 20, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying
- CVE-2025-40003Oct 18, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls cancel_delayed_work() in ocelot_stats_deinit() to cancel the cyclic delayed work item ocelot->stats_work. However, cance
- CVE-2025-40002Oct 18, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix use-after-free in tb_dp_dprx_work The original code relies on cancel_delayed_work() in tb_dp_dprx_stop(), which does not ensure that the delayed work item tunnel->dprx_work has fully completed
- CVE-2025-40001Oct 18, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue During the detaching of Marvell's SAS/SATA controller, the original code calls cancel_delayed_work() in mvs_free() to cancel the delayed work item mwq->wor
- CVE-2025-40000Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() There is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to access already freed skb_data: BUG: KFENCE: use-after-free write in
- CVE-2025-39999Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blk_mq_tags double free while nr_requests grown In the case user trigger tags grow by queue sysfs attribute nr_requests, hctx->sched_tags will be freed directly and replaced with a new allocated tag
- CVE-2025-39998Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in target_lu_gp_members_show function located in
- CVE-2025-39997Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f ("ALSA: usb-audio: Kill timer properly at removal") patched a UAF issue caused by the error timer. However, becau
- CVE-2025-39996Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original code uses cancel_delayed_work() in flexcop_pci_remove(), which does not guarantee that the delayed work item irq_chec
- CVE-2025-39995Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state->timer is a cyclic timer that schedules work_i2c_poll and delayed_work_enable_hotplug, while rearming itself. Using timer_
- CVE-2025-39994Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed_work() in xc5000_release(), which does not guarantee that the delayed work item timer_sleep has fully completed i
- CVE-2025-39993Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-free in send_packet+0xa2d/0
- CVE-2025-39992Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: mm: swap: check for stable address space before operating on the VMA It is possible to hit a zero entry while traversing the vmas in unuse_mm() called from swapoff path and accessing it causes the OOPS: Unable
- CVE-2025-39991Oct 15, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() If ab->fw.m3_data points to data, then fw pointer remains null. Further, if m3_mem is not allocated, then fw is dereferenced to be passed to ath11k_err
- affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already
- affected < 6.18.16-1.1fixed 6.18.16-1.1
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- affected < 6.12.11-1.1fixed 6.12.11-1.1
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Page 10 of 35