VYPR

rpm package

suse/kernel-azure&distro=SUSE Linux Enterprise Server 16.0

pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Vulnerabilities (594)

  • CVE-2025-68346Dec 24, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds

  • CVE-2025-68345Dec 24, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() The acpi_get_first_physical_node() function can return NULL, in which case the get_device() function also returns NULL, but this value

  • CVE-2025-68344Dec 24, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fix integer overflow in sample size validation The wavefront_send_sample() function has an integer overflow issue when validating sample size. The header->size field is u32 but gets cast to int

  • CVE-2025-68725Dec 24, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When

  • CVE-2025-68351Dec 24, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfat_find Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get_dentry_set` would increase the reference counter of `es->bh` on success. Therefo

  • CVE-2025-68343Dec 23, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the

  • CVE-2025-68342Dec 23, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data The URB received in gs_usb_receive_bulk_callback() contains a struct gs_host_frame. The length of the data after the header

  • CVE-2025-68341Dec 23, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP no_direct return section to fix race As explain in commit fa349e396e48 ("veth: Fix race with AF_XDP exposing old or uninitialized descriptors") for veth there is a chance after napi_complete_do

  • CVE-2025-68339Dec 23, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200e_open() Protect access to fore200e->available_cell_rate with rate_mtx lock in the error handling path of fore200e_open() to prevent a data race. The field fore20

  • CVE-2025-68340Dec 23, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of team_port_add Attempting to add a port device that is already up will expectedly fail, but not before modifying the team device header_ops. In the case of the s

  • CVE-2025-68337Dec 22, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: i

  • CVE-2025-68335Dec 22, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->r

  • CVE-2025-68332Dec 22, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler

  • CVE-2025-68331Dec 22, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cau

  • CVE-2025-68330Dec 22, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a k

  • CVE-2025-68329Dec 22, 2025
    affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1

    In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs When a VMA is split (e.g., by partial munmap or MAP_FIXED), the kernel calls vm_ops->close on each portion. For trace buffer mappings, this resu

  • CVE-2025-68328Dec 22, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platform_set_drvdata and dev_set_drvdata. They both are of the same data and overrides each other. This resulted in the rmmo

  • CVE-2025-68327Dec 22, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usb_f

  • CVE-2025-68325Dec 18, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that

  • CVE-2025-68320Dec 16, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 in_atomic

Page 17 of 30