VYPR

rpm package

opensuse/kernel-source-longterm&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweed

Vulnerabilities (694)

  • CVE-2025-40102Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpr

  • CVE-2025-40101Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST At the end of btrfs_load_block_group_zone_info() the first thing we do is to ensure that if the mapping type is not a SINGLE one a

  • CVE-2025-40100Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populate_free_space_tree(), if we are not using the block group tree feature, we always

  • CVE-2025-40099Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS - reply smaller than sizeof(struct get_dfs_referral_rsp) - reply with number of

  • CVE-2025-40098Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() Return value of a function acpi_evaluate_dsm() is dereferenced without checking for NULL, but it is usually checked for this fu

  • CVE-2025-40097Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hda_component_manager_init function The __component_match_add function may assign the 'matchptr' pointer the value ERR_PTR(-ENOMEM), which will subsequently be dereferenc

  • CVE-2025-40096Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure,

  • CVE-2025-40095Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request,

  • CVE-2025-40094Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, lea

  • CVE-2025-40093Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, lea

  • CVE-2025-40092Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, lea

  • CVE-2025-40091Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlink_free() in ixgbe_remove() Since ixgbe_adapter is embedded in devlink, calling devlink_free() prematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free() to the end.

  • CVE-2025-40089Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be passed in as NULL. [ 51.9

  • CVE-2025-40088Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() The hfsplus_strcasecmp() logic can trigger the issue: [ 117.317703][ T9855] ================================================================== [ 1

  • CVE-2025-40087Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout.

  • CVE-2025-40086Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects (BOs) within the same VM under certain conditions, which may lead to NULL poin

  • CVE-2025-40090Oct 30, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 ("ksmbd: Fix race condition in RPC handle list access"), ksmbd_session_rpc_method() attempts to lock sess->rpc_lock. This cause

  • CVE-2025-40085Oct 29, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which wil

  • CVE-2025-40084Oct 29, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed

  • CVE-2025-40081Oct 28, 2025
    affected < 6.18.16-1.1fixed 6.18.16-1.1

    In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB).

Page 6 of 35