rpm package
suse/kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP7
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7
Vulnerabilities (2,117)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68728 | — | < 6.4.0-150700.20.27.1 | 6.4.0-150700.20.27.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the | ||
| CVE-2025-68727 | — | < 6.4.0-150700.20.27.1 | 6.4.0-150700.20.27.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN. | ||
| CVE-2025-68724 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k | ||
| CVE-2025-68380 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix peer HE MCS assignment In ath11k_wmi_send_peer_assoc_cmd(), peer's transmit MCS is sent to firmware as receive MCS while peer's receive MCS sent as transmit MCS, which goes against firmwire's | ||
| CVE-2025-68379 | — | < 6.4.0-150700.20.27.1 | 6.4.0-150700.20.27.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure A NULL pointer dereference can occur in rxe_srq_chk_attr() when ibv_modify_srq() is invoked twice in succession under certain error conditions. The | ||
| CVE-2025-68378 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check in __bpf_get_stackid() Syzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid() when copying stack trace data. The issue occurs when the perf trace contains m | ||
| CVE-2025-68372 | — | < 6.4.0-150700.20.27.1 | 6.4.0-150700.20.27.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: nbd: defer config put in recv_work There is one uaf issue in recv_work when running NBD_CLEAR_SOCK and NBD_CMD_RECONFIGURE: nbd_genl_connect // conf_ref=2 (connect and recv_work A) nbd_open // co | ||
| CVE-2025-68367 | — | < 6.4.0-150700.20.27.1 | 6.4.0-150700.20.27.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------[ cut here ]------------ li | ||
| CVE-2025-68366 | — | < 6.4.0-150700.20.27.1 | 6.4.0-150700.20.27.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic | ||
| CVE-2025-68363 | — | < 6.4.0-150700.20.27.1 | 6.4.0-150700.20.27.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0 | ||
| CVE-2025-68362 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not | ||
| CVE-2025-68354 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_register_supply_alias(), and re | ||
| CVE-2025-68349 | — | < 6.4.0-150700.20.27.1 | 6.4.0-150700.20.27.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs | ||
| CVE-2025-68347 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller | ||
| CVE-2025-68346 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds | ||
| CVE-2025-68345 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() The acpi_get_first_physical_node() function can return NULL, in which case the get_device() function also returns NULL, but this value | ||
| CVE-2023-54042 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix VAS mm use after free The refcount on mm is dropped before the coprocessor is detached. | ||
| CVE-2023-54038 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR | ||
| CVE-2023-54037 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can lead to call trace, because VSI isn't configured for some time, but netdev is alive. To fix it add rtnl lock for VSI deconfig and | ||
| CVE-2023-54035 | — | < 6.4.0-150700.20.24.1 | 6.4.0-150700.20.24.1 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nft_data_release(). Then, d6b4 |
- CVE-2025-68728Dec 24, 2025affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the
- CVE-2025-68727Dec 24, 2025affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN.
- CVE-2025-68724Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k
- CVE-2025-68380Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix peer HE MCS assignment In ath11k_wmi_send_peer_assoc_cmd(), peer's transmit MCS is sent to firmware as receive MCS while peer's receive MCS sent as transmit MCS, which goes against firmwire's
- CVE-2025-68379Dec 24, 2025affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure A NULL pointer dereference can occur in rxe_srq_chk_attr() when ibv_modify_srq() is invoked twice in succession under certain error conditions. The
- CVE-2025-68378Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check in __bpf_get_stackid() Syzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid() when copying stack trace data. The issue occurs when the perf trace contains m
- CVE-2025-68372Dec 24, 2025affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config put in recv_work There is one uaf issue in recv_work when running NBD_CLEAR_SOCK and NBD_CMD_RECONFIGURE: nbd_genl_connect // conf_ref=2 (connect and recv_work A) nbd_open // co
- CVE-2025-68367Dec 24, 2025affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------[ cut here ]------------ li
- CVE-2025-68366Dec 24, 2025affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic
- CVE-2025-68363Dec 24, 2025affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0
- CVE-2025-68362Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not
- CVE-2025-68354Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_register_supply_alias(), and re
- CVE-2025-68349Dec 24, 2025affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs
- CVE-2025-68347Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller
- CVE-2025-68346Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds
- CVE-2025-68345Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() The acpi_get_first_physical_node() function can return NULL, in which case the get_device() function also returns NULL, but this value
- CVE-2023-54042Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix VAS mm use after free The refcount on mm is dropped before the coprocessor is detached.
- CVE-2023-54038Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR
- CVE-2023-54037Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can lead to call trace, because VSI isn't configured for some time, but netdev is alive. To fix it add rtnl lock for VSI deconfig and
- CVE-2023-54035Dec 24, 2025affected < 6.4.0-150700.20.24.1fixed 6.4.0-150700.20.24.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nft_data_release(). Then, d6b4
Page 13 of 106