Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-40013 (GCVE-0-2025-40013)
Vulnerability from cvelistv5
Published
2025-10-20 15:29
Modified
2025-10-20 15:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: qcom: audioreach: fix potential null pointer dereference
It is possible that the topology parsing function
audioreach_widget_load_module_common() could return NULL or an error
pointer. Add missing NULL check so that we do not dereference it.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 Version: 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 Version: 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 Version: 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 Version: 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 Version: 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/qcom/qdsp6/topology.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9c1ad4192f3d2fc85339718a6252cb3337848f7b",
"status": "affected",
"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6",
"versionType": "git"
},
{
"lessThan": "70e1e5fe9f7e05ff831b56ebc02543e7811b8e18",
"status": "affected",
"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6",
"versionType": "git"
},
{
"lessThan": "4dda55d04caac3b4102c26e29b1c27fa35636be3",
"status": "affected",
"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6",
"versionType": "git"
},
{
"lessThan": "8f9c9fafc0e7a73bbff58954d171c016ddee1734",
"status": "affected",
"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6",
"versionType": "git"
},
{
"lessThan": "ef08ce6304d30b5778035d07b04514cb70839983",
"status": "affected",
"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6",
"versionType": "git"
},
{
"lessThan": "8318e04ab2526b155773313b66a1542476ce1106",
"status": "affected",
"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/qcom/qdsp6/topology.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.156",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.110",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.51",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.11",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.1",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18-rc1",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T15:29:09.076Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9c1ad4192f3d2fc85339718a6252cb3337848f7b"
},
{
"url": "https://git.kernel.org/stable/c/70e1e5fe9f7e05ff831b56ebc02543e7811b8e18"
},
{
"url": "https://git.kernel.org/stable/c/4dda55d04caac3b4102c26e29b1c27fa35636be3"
},
{
"url": "https://git.kernel.org/stable/c/8f9c9fafc0e7a73bbff58954d171c016ddee1734"
},
{
"url": "https://git.kernel.org/stable/c/ef08ce6304d30b5778035d07b04514cb70839983"
},
{
"url": "https://git.kernel.org/stable/c/8318e04ab2526b155773313b66a1542476ce1106"
}
],
"title": "ASoC: qcom: audioreach: fix potential null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40013",
"datePublished": "2025-10-20T15:29:09.076Z",
"dateReserved": "2025-04-16T07:20:57.151Z",
"dateUpdated": "2025-10-20T15:29:09.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-40013\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-20T16:15:38.057\",\"lastModified\":\"2025-10-21T19:31:25.450\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nASoC: qcom: audioreach: fix potential null pointer dereference\\n\\nIt is possible that the topology parsing function\\naudioreach_widget_load_module_common() could return NULL or an error\\npointer. Add missing NULL check so that we do not dereference it.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4dda55d04caac3b4102c26e29b1c27fa35636be3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/70e1e5fe9f7e05ff831b56ebc02543e7811b8e18\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8318e04ab2526b155773313b66a1542476ce1106\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8f9c9fafc0e7a73bbff58954d171c016ddee1734\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9c1ad4192f3d2fc85339718a6252cb3337848f7b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ef08ce6304d30b5778035d07b04514cb70839983\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
opensuse-su-2025:15671-1
Vulnerability from csaf_opensuse
Published
2025-10-27 00:00
Modified
2025-10-27 00:00
Summary
kernel-devel-6.17.5-1.1 on GA media
Notes
Title of the patch
kernel-devel-6.17.5-1.1 on GA media
Description of the patch
These are all security issues fixed in the kernel-devel-6.17.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15671
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kernel-devel-6.17.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kernel-devel-6.17.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15671",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15671-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39992 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39998 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39999 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40001 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40002 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40003 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40004 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40015 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40017 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40017/"
}
],
"title": "kernel-devel-6.17.5-1.1 on GA media",
"tracking": {
"current_release_date": "2025-10-27T00:00:00Z",
"generator": {
"date": "2025-10-27T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15671-1",
"initial_release_date": "2025-10-27T00:00:00Z",
"revision_history": [
{
"date": "2025-10-27T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.17.5-1.1.aarch64",
"product": {
"name": "kernel-devel-6.17.5-1.1.aarch64",
"product_id": "kernel-devel-6.17.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.17.5-1.1.aarch64",
"product": {
"name": "kernel-macros-6.17.5-1.1.aarch64",
"product_id": "kernel-macros-6.17.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.17.5-1.1.aarch64",
"product": {
"name": "kernel-source-6.17.5-1.1.aarch64",
"product_id": "kernel-source-6.17.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.17.5-1.1.aarch64",
"product": {
"name": "kernel-source-vanilla-6.17.5-1.1.aarch64",
"product_id": "kernel-source-vanilla-6.17.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.17.5-1.1.ppc64le",
"product": {
"name": "kernel-devel-6.17.5-1.1.ppc64le",
"product_id": "kernel-devel-6.17.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.17.5-1.1.ppc64le",
"product": {
"name": "kernel-macros-6.17.5-1.1.ppc64le",
"product_id": "kernel-macros-6.17.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-6.17.5-1.1.ppc64le",
"product": {
"name": "kernel-source-6.17.5-1.1.ppc64le",
"product_id": "kernel-source-6.17.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.17.5-1.1.ppc64le",
"product": {
"name": "kernel-source-vanilla-6.17.5-1.1.ppc64le",
"product_id": "kernel-source-vanilla-6.17.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.17.5-1.1.s390x",
"product": {
"name": "kernel-devel-6.17.5-1.1.s390x",
"product_id": "kernel-devel-6.17.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.17.5-1.1.s390x",
"product": {
"name": "kernel-macros-6.17.5-1.1.s390x",
"product_id": "kernel-macros-6.17.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-6.17.5-1.1.s390x",
"product": {
"name": "kernel-source-6.17.5-1.1.s390x",
"product_id": "kernel-source-6.17.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.17.5-1.1.s390x",
"product": {
"name": "kernel-source-vanilla-6.17.5-1.1.s390x",
"product_id": "kernel-source-vanilla-6.17.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.17.5-1.1.x86_64",
"product": {
"name": "kernel-devel-6.17.5-1.1.x86_64",
"product_id": "kernel-devel-6.17.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.17.5-1.1.x86_64",
"product": {
"name": "kernel-macros-6.17.5-1.1.x86_64",
"product_id": "kernel-macros-6.17.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.17.5-1.1.x86_64",
"product": {
"name": "kernel-source-6.17.5-1.1.x86_64",
"product_id": "kernel-source-6.17.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.17.5-1.1.x86_64",
"product": {
"name": "kernel-source-vanilla-6.17.5-1.1.x86_64",
"product_id": "kernel-source-vanilla-6.17.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.17.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64"
},
"product_reference": "kernel-devel-6.17.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.17.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le"
},
"product_reference": "kernel-devel-6.17.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.17.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x"
},
"product_reference": "kernel-devel-6.17.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.17.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64"
},
"product_reference": "kernel-devel-6.17.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.17.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64"
},
"product_reference": "kernel-macros-6.17.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.17.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le"
},
"product_reference": "kernel-macros-6.17.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.17.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x"
},
"product_reference": "kernel-macros-6.17.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.17.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64"
},
"product_reference": "kernel-macros-6.17.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.17.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64"
},
"product_reference": "kernel-source-6.17.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.17.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le"
},
"product_reference": "kernel-source-6.17.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.17.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x"
},
"product_reference": "kernel-source-6.17.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.17.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64"
},
"product_reference": "kernel-source-6.17.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.17.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64"
},
"product_reference": "kernel-source-vanilla-6.17.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.17.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le"
},
"product_reference": "kernel-source-vanilla-6.17.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.17.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x"
},
"product_reference": "kernel-source-vanilla-6.17.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.17.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
},
"product_reference": "kernel-source-vanilla-6.17.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: check for stable address space before operating on the VMA\n\nIt is possible to hit a zero entry while traversing the vmas in unuse_mm()\ncalled from swapoff path and accessing it causes the OOPS:\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000446--\u003e Loading the memory from offset 0x40 on the\nXA_ZERO_ENTRY as address.\nMem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n\nThe issue is manifested from the below race between the fork() on a\nprocess and swapoff:\nfork(dup_mmap())\t\t\tswapoff(unuse_mm)\n--------------- -----------------\n1) Identical mtree is built using\n __mt_dup().\n\n2) copy_pte_range()--\u003e\n\tcopy_nonpresent_pte():\n The dst mm is added into the\n mmlist to be visible to the\n swapoff operation.\n\n3) Fatal signal is sent to the parent\nprocess(which is the current during the\nfork) thus skip the duplication of the\nvmas and mark the vma range with\nXA_ZERO_ENTRY as a marker for this process\nthat helps during exit_mmap().\n\n\t\t\t\t 4) swapoff is tried on the\n\t\t\t\t\t\u0027mm\u0027 added to the \u0027mmlist\u0027 as\n\t\t\t\t\tpart of the 2.\n\n\t\t\t\t 5) unuse_mm(), that iterates\n\t\t\t\t\tthrough the vma\u0027s of this \u0027mm\u0027\n\t\t\t\t\twill hit the non-NULL zero entry\n\t\t\t\t\tand operating on this zero entry\n\t\t\t\t\tas a vma is resulting into the\n\t\t\t\t\toops.\n\nThe proper fix would be around not exposing this partially-valid tree to\nothers when droping the mmap lock, which is being solved with [1]. A\nsimpler solution would be checking for MMF_UNSTABLE, as it is set if\nmm_struct is not fully initialized in dup_mmap().\n\nThanks to Liam/Lorenzo/David for all the suggestions in fixing this\nissue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39992",
"url": "https://www.suse.com/security/cve/CVE-2025-39992"
},
{
"category": "external",
"summary": "SUSE Bug 1252076 for CVE-2025-39992",
"url": "https://bugzilla.suse.com/1252076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39992"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-39998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba-\u003ehba_group.cg_item), a slash character, a devicename (dev-\u003e\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39998",
"url": "https://www.suse.com/security/cve/CVE-2025-39998"
},
{
"category": "external",
"summary": "SUSE Bug 1252073 for CVE-2025-39998",
"url": "https://bugzilla.suse.com/1252073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39998"
},
{
"cve": "CVE-2025-39999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix blk_mq_tags double free while nr_requests grown\n\nIn the case user trigger tags grow by queue sysfs attribute nr_requests,\nhctx-\u003esched_tags will be freed directly and replaced with a new\nallocated tags, see blk_mq_tag_update_depth().\n\nThe problem is that hctx-\u003esched_tags is from elevator-\u003eet-\u003etags, while\net-\u003etags is still the freed tags, hence later elevator exit will try to\nfree the tags again, causing kernel panic.\n\nFix this problem by replacing et-\u003etags with new allocated tags as well.\n\nNoted there are still some long term problems that will require some\nrefactor to be fixed thoroughly[1].\n\n[1] https://lore.kernel.org/all/20250815080216.410665-1-yukuai1@huaweicloud.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39999",
"url": "https://www.suse.com/security/cve/CVE-2025-39999"
},
{
"category": "external",
"summary": "SUSE Bug 1252059 for CVE-2025-39999",
"url": "https://bugzilla.suse.com/1252059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39999"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mvsas: Fix use-after-free bugs in mvs_work_queue\n\nDuring the detaching of Marvell\u0027s SAS/SATA controller, the original code\ncalls cancel_delayed_work() in mvs_free() to cancel the delayed work\nitem mwq-\u003ework_q. However, if mwq-\u003ework_q is already running, the\ncancel_delayed_work() may fail to cancel it. This can lead to\nuse-after-free scenarios where mvs_free() frees the mvs_info while\nmvs_work_queue() is still executing and attempts to access the\nalready-freed mvs_info.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nmvs_pci_remove() |\n mvs_free() | mvs_work_queue()\n cancel_delayed_work() |\n kfree(mvi) |\n | mvi-\u003e // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing\ndelayed work item completes before the mvs_info is deallocated.\n\nThis bug was found by static analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40001",
"url": "https://www.suse.com/security/cve/CVE-2025-40001"
},
{
"category": "external",
"summary": "SUSE Bug 1252303 for CVE-2025-40001",
"url": "https://bugzilla.suse.com/1252303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40001"
},
{
"cve": "CVE-2025-40002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix use-after-free in tb_dp_dprx_work\n\nThe original code relies on cancel_delayed_work() in tb_dp_dprx_stop(),\nwhich does not ensure that the delayed work item tunnel-\u003edprx_work has\nfully completed if it was already running. This leads to use-after-free\nscenarios where tb_tunnel is deallocated by tb_tunnel_put(), while\ntunnel-\u003edprx_work remains active and attempts to dereference tb_tunnel\nin tb_dp_dprx_work().\n\nA typical race condition is illustrated below:\n\nCPU 0 | CPU 1\ntb_dp_tunnel_active() |\n tb_deactivate_and_free_tunnel()| tb_dp_dprx_start()\n tb_tunnel_deactivate() | queue_delayed_work()\n tb_dp_activate() |\n tb_dp_dprx_stop() | tb_dp_dprx_work() //delayed worker\n cancel_delayed_work() |\n tb_tunnel_put(tunnel); |\n | tunnel = container_of(...); //UAF\n | tunnel-\u003e //UAF\n\nReplacing cancel_delayed_work() with cancel_delayed_work_sync() is\nnot feasible as it would introduce a deadlock: both tb_dp_dprx_work()\nand the cleanup path acquire tb-\u003elock, and cancel_delayed_work_sync()\nwould wait indefinitely for the work item that cannot proceed.\n\nInstead, implement proper reference counting:\n- If cancel_delayed_work() returns true (work is pending), we release\n the reference in the stop function.\n- If it returns false (work is executing or already completed), the\n reference is released in delayed work function itself.\n\nThis ensures the tb_tunnel remains valid during work item execution\nwhile preventing memory leaks.\n\nThis bug was found by static analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40002",
"url": "https://www.suse.com/security/cve/CVE-2025-40002"
},
{
"category": "external",
"summary": "SUSE Bug 1252302 for CVE-2025-40002",
"url": "https://bugzilla.suse.com/1252302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40002"
},
{
"cve": "CVE-2025-40003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: Fix use-after-free caused by cyclic delayed work\n\nThe origin code calls cancel_delayed_work() in ocelot_stats_deinit()\nto cancel the cyclic delayed work item ocelot-\u003estats_work. However,\ncancel_delayed_work() may fail to cancel the work item if it is already\nexecuting. While destroy_workqueue() does wait for all pending work items\nin the work queue to complete before destroying the work queue, it cannot\nprevent the delayed work item from being rescheduled within the\nocelot_check_stats_work() function. This limitation exists because the\ndelayed work item is only enqueued into the work queue after its timer\nexpires. Before the timer expiration, destroy_workqueue() has no visibility\nof this pending work item. Once the work queue appears empty,\ndestroy_workqueue() proceeds with destruction. When the timer eventually\nexpires, the delayed work item gets queued again, leading to the following\nwarning:\n\nworkqueue: cannot queue ocelot_check_stats_work on wq ocelot-switch-stats\nWARNING: CPU: 2 PID: 0 at kernel/workqueue.c:2255 __queue_work+0x875/0xaf0\n...\nRIP: 0010:__queue_work+0x875/0xaf0\n...\nRSP: 0018:ffff88806d108b10 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000101 RCX: 0000000000000027\nRDX: 0000000000000027 RSI: 0000000000000004 RDI: ffff88806d123e88\nRBP: ffffffff813c3170 R08: 0000000000000000 R09: ffffed100da247d2\nR10: ffffed100da247d1 R11: ffff88806d123e8b R12: ffff88800c00f000\nR13: ffff88800d7285c0 R14: ffff88806d0a5580 R15: ffff88800d7285a0\nFS: 0000000000000000(0000) GS:ffff8880e5725000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe18e45ea10 CR3: 0000000005e6c000 CR4: 00000000000006f0\nCall Trace:\n \u003cIRQ\u003e\n ? kasan_report+0xc6/0xf0\n ? __pfx_delayed_work_timer_fn+0x10/0x10\n ? __pfx_delayed_work_timer_fn+0x10/0x10\n call_timer_fn+0x25/0x1c0\n __run_timer_base.part.0+0x3be/0x8c0\n ? __pfx_delayed_work_timer_fn+0x10/0x10\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x1c0/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nThe following diagram reveals the cause of the above warning:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nmscc_ocelot_remove() |\n ocelot_deinit() | ocelot_check_stats_work()\n ocelot_stats_deinit() |\n cancel_delayed_work()| ...\n | queue_delayed_work()\n destroy_workqueue() | (wait a time)\n | __queue_work() //UAF\n\nThe above scenario actually constitutes a UAF vulnerability.\n\nThe ocelot_stats_deinit() is only invoked when initialization\nfailure or resource destruction, so we must ensure that any\ndelayed work items cannot be rescheduled.\n\nReplace cancel_delayed_work() with disable_delayed_work_sync()\nto guarantee proper cancellation of the delayed work item and\nensure completion of any currently executing work before the\nworkqueue is deallocated.\n\nA deadlock concern was considered: ocelot_stats_deinit() is called\nin a process context and is not holding any locks that the delayed\nwork item might also need. Therefore, the use of the _sync() variant\nis safe here.\n\nThis bug was identified through static analysis. To reproduce the\nissue and validate the fix, I simulated ocelot-swit\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40003",
"url": "https://www.suse.com/security/cve/CVE-2025-40003"
},
{
"category": "external",
"summary": "SUSE Bug 1252301 for CVE-2025-40003",
"url": "https://bugzilla.suse.com/1252301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40003"
},
{
"cve": "CVE-2025-40004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix buffer overflow in USB transport layer\n\nA buffer overflow vulnerability exists in the USB 9pfs transport layer\nwhere inconsistent size validation between packet header parsing and\nactual data copying allows a malicious USB host to overflow heap buffers.\n\nThe issue occurs because:\n- usb9pfs_rx_header() validates only the declared size in packet header\n- usb9pfs_rx_complete() uses req-\u003eactual (actual received bytes) for\nmemcpy\n\nThis allows an attacker to craft packets with small declared size\n(bypassing validation) but large actual payload (triggering overflow\nin memcpy).\n\nAdd validation in usb9pfs_rx_complete() to ensure req-\u003eactual does not\nexceed the buffer capacity before copying data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40004",
"url": "https://www.suse.com/security/cve/CVE-2025-40004"
},
{
"category": "external",
"summary": "SUSE Bug 1252310 for CVE-2025-40004",
"url": "https://bugzilla.suse.com/1252310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40004"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stm32-csi: Fix dereference before NULL check\n\nIn \u0027stm32_csi_start\u0027, \u0027csidev-\u003es_subdev\u0027 is dereferenced directly while\nassigning a value to the \u0027src_pad\u0027. However the same value is being\nchecked against NULL at a later point of time indicating that there\nare chances that the value can be NULL.\n\nMove the dereference after the NULL check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40015",
"url": "https://www.suse.com/security/cve/CVE-2025-40015"
},
{
"category": "external",
"summary": "SUSE Bug 1252345 for CVE-2025-40015",
"url": "https://bugzilla.suse.com/1252345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40015"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: Fix memory leak by freeing untracked persist buffer\n\nOne internal buffer which is allocated only once per session was not\nbeing freed during session close because it was not being tracked as\npart of internal buffer list which resulted in a memory leak.\n\nAdd the necessary logic to explicitly free the untracked internal buffer\nduring session close to ensure all allocated memory is released\nproperly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40017",
"url": "https://www.suse.com/security/cve/CVE-2025-40017"
},
{
"category": "external",
"summary": "SUSE Bug 1252335 for CVE-2025-40017",
"url": "https://bugzilla.suse.com/1252335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-40017"
}
]
}
ghsa-fq68-g93v-pw49
Vulnerability from github
Published
2025-10-20 18:30
Modified
2025-10-20 18:30
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
ASoC: qcom: audioreach: fix potential null pointer dereference
It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error pointer. Add missing NULL check so that we do not dereference it.
{
"affected": [],
"aliases": [
"CVE-2025-40013"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-20T16:15:38Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"id": "GHSA-fq68-g93v-pw49",
"modified": "2025-10-20T18:30:34Z",
"published": "2025-10-20T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40013"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4dda55d04caac3b4102c26e29b1c27fa35636be3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70e1e5fe9f7e05ff831b56ebc02543e7811b8e18"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8318e04ab2526b155773313b66a1542476ce1106"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f9c9fafc0e7a73bbff58954d171c016ddee1734"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c1ad4192f3d2fc85339718a6252cb3337848f7b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef08ce6304d30b5778035d07b04514cb70839983"
}
],
"schema_version": "1.4.0",
"severity": []
}
msrc_cve-2025-40013
Vulnerability from csaf_microsoft
Published
2025-10-02 00:00
Modified
2025-10-22 01:01
Summary
ASoC: qcom: audioreach: fix potential null pointer dereference
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40013 ASoC: qcom: audioreach: fix potential null pointer dereference - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40013.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "ASoC: qcom: audioreach: fix potential null pointer dereference",
"tracking": {
"current_release_date": "2025-10-22T01:01:20.000Z",
"generator": {
"date": "2025-10-22T22:49:11.229Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-40013",
"initial_release_date": "2025-10-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-10-22T01:01:20.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 kernel 6.6.96.2-2",
"product": {
"name": "azl3 kernel 6.6.96.2-2",
"product_id": "2"
}
},
{
"category": "product_name",
"name": "azl3 kernel 6.6.104.2-4",
"product": {
"name": "azl3 kernel 6.6.104.2-4",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 6.6.96.2-2 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 6.6.104.2-4 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40013",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-2",
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "Linux",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-2",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40013 ASoC: qcom: audioreach: fix potential null pointer dereference - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40013.json"
}
],
"title": "ASoC: qcom: audioreach: fix potential null pointer dereference"
}
]
}
fkie_cve-2025-40013
Vulnerability from fkie_nvd
Published
2025-10-20 16:15
Modified
2025-10-21 19:31
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: qcom: audioreach: fix potential null pointer dereference
It is possible that the topology parsing function
audioreach_widget_load_module_common() could return NULL or an error
pointer. Add missing NULL check so that we do not dereference it.
References
| URL | Tags | ||
|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/4dda55d04caac3b4102c26e29b1c27fa35636be3 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/70e1e5fe9f7e05ff831b56ebc02543e7811b8e18 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/8318e04ab2526b155773313b66a1542476ce1106 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/8f9c9fafc0e7a73bbff58954d171c016ddee1734 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/9c1ad4192f3d2fc85339718a6252cb3337848f7b | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ef08ce6304d30b5778035d07b04514cb70839983 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it."
}
],
"id": "CVE-2025-40013",
"lastModified": "2025-10-21T19:31:25.450",
"metrics": {},
"published": "2025-10-20T16:15:38.057",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/4dda55d04caac3b4102c26e29b1c27fa35636be3"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/70e1e5fe9f7e05ff831b56ebc02543e7811b8e18"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/8318e04ab2526b155773313b66a1542476ce1106"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/8f9c9fafc0e7a73bbff58954d171c016ddee1734"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/9c1ad4192f3d2fc85339718a6252cb3337848f7b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/ef08ce6304d30b5778035d07b04514cb70839983"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…