rpm package
opensuse/kernel-source-longterm&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweed
Vulnerabilities (694)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68335 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->r | ||
| CVE-2025-68332 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler | ||
| CVE-2025-68325 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that | ||
| CVE-2025-68324 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM | ||
| CVE-2025-68323 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec->work The delayed work uec->work is scheduled in gaokun_ucsi_probe() but never properly canceled in gaokun_ucsi_remove(). This creates use-after-free scenarios | ||
| CVE-2025-68264 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei->i_inline_size can become stale between the initial size check and when ext4_update_inline_data()/ext4_create_inline_data() use it. Although | ||
| CVE-2025-68263 | Cri | 9.8 | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler (handle_generic_event()/han | |
| CVE-2025-68262 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstd_streams (per-CPU con | ||
| CVE-2025-68261 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() changes the inode data layout b | ||
| CVE-2025-68260 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix race condition on death_list Rust Binder contains the following unsafe operation: // SAFETY: A `NodeDeath` is never inserted into the death list // of any node other than its owner, so it is | ||
| CVE-2025-68259 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or (select) INTn instruction, discard the exception and retry the instruction if the co | ||
| CVE-2025-68258 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3_attach() Syzbot identified an issue [1] in multiq3_attach() that induces a task timeout due to open() or COMEDI_DEVCONFIG ioctl operations, specifically, in t | ||
| CVE-2025-68257 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue [1] that crashes kernel, seemingly due to unexistent callback dev->get_valid_routes(). By all means, this should not occur as s | ||
| CVE-2025-68256 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-b | ||
| CVE-2025-68255 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy() length when copying into a fixed | ||
| CVE-2025-68254 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these offse | ||
| CVE-2025-40106 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 31, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if chanlist_len is zero. If a u | ||
| CVE-2025-40105 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh | ||
| CVE-2025-40104 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfo | ||
| CVE-2025-40103 | — | < 6.18.16-1.1 | 6.18.16-1.1 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successf |
- CVE-2025-68335Dec 22, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->r
- CVE-2025-68332Dec 22, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler
- CVE-2025-68325Dec 18, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that
- CVE-2025-68324Dec 18, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM
- CVE-2025-68323Dec 18, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec->work The delayed work uec->work is scheduled in gaokun_ucsi_probe() but never properly canceled in gaokun_ucsi_remove(). This creates use-after-free scenarios
- CVE-2025-68264Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei->i_inline_size can become stale between the initial size check and when ext4_update_inline_data()/ext4_create_inline_data() use it. Although
- affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler (handle_generic_event()/han
- CVE-2025-68262Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstd_streams (per-CPU con
- CVE-2025-68261Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() changes the inode data layout b
- CVE-2025-68260Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix race condition on death_list Rust Binder contains the following unsafe operation: // SAFETY: A `NodeDeath` is never inserted into the death list // of any node other than its owner, so it is
- CVE-2025-68259Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or (select) INTn instruction, discard the exception and retry the instruction if the co
- CVE-2025-68258Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3_attach() Syzbot identified an issue [1] in multiq3_attach() that induces a task timeout due to open() or COMEDI_DEVCONFIG ioctl operations, specifically, in t
- CVE-2025-68257Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue [1] that crashes kernel, seemingly due to unexistent callback dev->get_valid_routes(). By all means, this should not occur as s
- CVE-2025-68256Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-b
- CVE-2025-68255Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy() length when copying into a fixed
- CVE-2025-68254Dec 16, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these offse
- CVE-2025-40106Oct 31, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if chanlist_len is zero. If a u
- CVE-2025-40105Oct 30, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh
- CVE-2025-40104Oct 30, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfo
- CVE-2025-40103Oct 30, 2025affected < 6.18.16-1.1fixed 6.18.16-1.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successf
Page 5 of 35