Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-40054 (GCVE-0-2025-40054)
Vulnerability from cvelistv5
Published
2025-10-28 11:48
Modified
2025-10-28 11:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix UAF issue in f2fs_merge_page_bio()
As JY reported in bugzilla [1],
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
pc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98
lr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4
CPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5
Tainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Workqueue: writeback wb_workfn (flush-254:49)
Call trace:
f2fs_is_cp_guaranteed+0x70/0x98
f2fs_inplace_write_data+0x174/0x2f4
f2fs_do_write_data_page+0x214/0x81c
f2fs_write_single_data_page+0x28c/0x764
f2fs_write_data_pages+0x78c/0xce4
do_writepages+0xe8/0x2fc
__writeback_single_inode+0x4c/0x4b4
writeback_sb_inodes+0x314/0x540
__writeback_inodes_wb+0xa4/0xf4
wb_writeback+0x160/0x448
wb_workfn+0x2f0/0x5dc
process_scheduled_works+0x1c8/0x458
worker_thread+0x334/0x3f0
kthread+0x118/0x1ac
ret_from_fork+0x10/0x20
[1] https://bugzilla.kernel.org/show_bug.cgi?id=220575
The panic was caused by UAF issue w/ below race condition:
kworker
- writepages
- f2fs_write_cache_pages
- f2fs_write_single_data_page
- f2fs_do_write_data_page
- f2fs_inplace_write_data
- f2fs_merge_page_bio
- add_inu_page
: cache page #1 into bio & cache bio in
io->bio_list
- f2fs_write_single_data_page
- f2fs_do_write_data_page
- f2fs_inplace_write_data
- f2fs_merge_page_bio
- add_inu_page
: cache page #2 into bio which is linked
in io->bio_list
write
- f2fs_write_begin
: write page #1
- f2fs_folio_wait_writeback
- f2fs_submit_merged_ipu_write
- f2fs_submit_write_bio
: submit bio which inclues page #1 and #2
software IRQ
- f2fs_write_end_io
- fscrypt_free_bounce_page
: freed bounced page which belongs to page #2
- inc_page_count( , WB_DATA_TYPE(data_folio), false)
: data_folio points to fio->encrypted_page
the bounced page can be freed before
accessing it in f2fs_is_cp_guarantee()
It can reproduce w/ below testcase:
Run below script in shell #1:
for ((i=1;i>0;i++)) do xfs_io -f /mnt/f2fs/enc/file \
-c "pwrite 0 32k" -c "fdatasync"
Run below script in shell #2:
for ((i=1;i>0;i++)) do xfs_io -f /mnt/f2fs/enc/file \
-c "pwrite 0 32k" -c "fdatasync"
So, in f2fs_merge_page_bio(), let's avoid using fio->encrypted_page after
commit page into internal ipu cache.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/data.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "01118321e0c8a5f3ece57d0d377bfc92d83cd210",
"status": "affected",
"version": "0b20fcec8651569935a10afe03fedc0b812d044e",
"versionType": "git"
},
{
"lessThan": "edf7e9040fc52c922db947f9c6c36f07377c52ea",
"status": "affected",
"version": "0b20fcec8651569935a10afe03fedc0b812d044e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/data.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18-rc1",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix UAF issue in f2fs_merge_page_bio()\n\nAs JY reported in bugzilla [1],\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\npc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98\nlr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4\nCPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5\nTainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nWorkqueue: writeback wb_workfn (flush-254:49)\nCall trace:\n f2fs_is_cp_guaranteed+0x70/0x98\n f2fs_inplace_write_data+0x174/0x2f4\n f2fs_do_write_data_page+0x214/0x81c\n f2fs_write_single_data_page+0x28c/0x764\n f2fs_write_data_pages+0x78c/0xce4\n do_writepages+0xe8/0x2fc\n __writeback_single_inode+0x4c/0x4b4\n writeback_sb_inodes+0x314/0x540\n __writeback_inodes_wb+0xa4/0xf4\n wb_writeback+0x160/0x448\n wb_workfn+0x2f0/0x5dc\n process_scheduled_works+0x1c8/0x458\n worker_thread+0x334/0x3f0\n kthread+0x118/0x1ac\n ret_from_fork+0x10/0x20\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=220575\n\nThe panic was caused by UAF issue w/ below race condition:\n\nkworker\n- writepages\n - f2fs_write_cache_pages\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #1 into bio \u0026 cache bio in\n io-\u003ebio_list\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #2 into bio which is linked\n in io-\u003ebio_list\n\t\t\t\t\t\twrite\n\t\t\t\t\t\t- f2fs_write_begin\n\t\t\t\t\t\t: write page #1\n\t\t\t\t\t\t - f2fs_folio_wait_writeback\n\t\t\t\t\t\t - f2fs_submit_merged_ipu_write\n\t\t\t\t\t\t - f2fs_submit_write_bio\n\t\t\t\t\t\t : submit bio which inclues page #1 and #2\n\n\t\t\t\t\t\tsoftware IRQ\n\t\t\t\t\t\t- f2fs_write_end_io\n\t\t\t\t\t\t - fscrypt_free_bounce_page\n\t\t\t\t\t\t : freed bounced page which belongs to page #2\n - inc_page_count( , WB_DATA_TYPE(data_folio), false)\n : data_folio points to fio-\u003eencrypted_page\n the bounced page can be freed before\n accessing it in f2fs_is_cp_guarantee()\n\nIt can reproduce w/ below testcase:\nRun below script in shell #1:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nRun below script in shell #2:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nSo, in f2fs_merge_page_bio(), let\u0027s avoid using fio-\u003eencrypted_page after\ncommit page into internal ipu cache."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T11:48:29.073Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/01118321e0c8a5f3ece57d0d377bfc92d83cd210"
},
{
"url": "https://git.kernel.org/stable/c/edf7e9040fc52c922db947f9c6c36f07377c52ea"
}
],
"title": "f2fs: fix UAF issue in f2fs_merge_page_bio()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40054",
"datePublished": "2025-10-28T11:48:29.073Z",
"dateReserved": "2025-04-16T07:20:57.157Z",
"dateUpdated": "2025-10-28T11:48:29.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-40054\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-28T12:15:39.640\",\"lastModified\":\"2025-10-30T15:05:32.197\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: fix UAF issue in f2fs_merge_page_bio()\\n\\nAs JY reported in bugzilla [1],\\n\\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\\npc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98\\nlr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4\\nCPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5\\nTainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\\nWorkqueue: writeback wb_workfn (flush-254:49)\\nCall trace:\\n f2fs_is_cp_guaranteed+0x70/0x98\\n f2fs_inplace_write_data+0x174/0x2f4\\n f2fs_do_write_data_page+0x214/0x81c\\n f2fs_write_single_data_page+0x28c/0x764\\n f2fs_write_data_pages+0x78c/0xce4\\n do_writepages+0xe8/0x2fc\\n __writeback_single_inode+0x4c/0x4b4\\n writeback_sb_inodes+0x314/0x540\\n __writeback_inodes_wb+0xa4/0xf4\\n wb_writeback+0x160/0x448\\n wb_workfn+0x2f0/0x5dc\\n process_scheduled_works+0x1c8/0x458\\n worker_thread+0x334/0x3f0\\n kthread+0x118/0x1ac\\n ret_from_fork+0x10/0x20\\n\\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=220575\\n\\nThe panic was caused by UAF issue w/ below race condition:\\n\\nkworker\\n- writepages\\n - f2fs_write_cache_pages\\n - f2fs_write_single_data_page\\n - f2fs_do_write_data_page\\n - f2fs_inplace_write_data\\n - f2fs_merge_page_bio\\n - add_inu_page\\n : cache page #1 into bio \u0026 cache bio in\\n io-\u003ebio_list\\n - f2fs_write_single_data_page\\n - f2fs_do_write_data_page\\n - f2fs_inplace_write_data\\n - f2fs_merge_page_bio\\n - add_inu_page\\n : cache page #2 into bio which is linked\\n in io-\u003ebio_list\\n\\t\\t\\t\\t\\t\\twrite\\n\\t\\t\\t\\t\\t\\t- f2fs_write_begin\\n\\t\\t\\t\\t\\t\\t: write page #1\\n\\t\\t\\t\\t\\t\\t - f2fs_folio_wait_writeback\\n\\t\\t\\t\\t\\t\\t - f2fs_submit_merged_ipu_write\\n\\t\\t\\t\\t\\t\\t - f2fs_submit_write_bio\\n\\t\\t\\t\\t\\t\\t : submit bio which inclues page #1 and #2\\n\\n\\t\\t\\t\\t\\t\\tsoftware IRQ\\n\\t\\t\\t\\t\\t\\t- f2fs_write_end_io\\n\\t\\t\\t\\t\\t\\t - fscrypt_free_bounce_page\\n\\t\\t\\t\\t\\t\\t : freed bounced page which belongs to page #2\\n - inc_page_count( , WB_DATA_TYPE(data_folio), false)\\n : data_folio points to fio-\u003eencrypted_page\\n the bounced page can be freed before\\n accessing it in f2fs_is_cp_guarantee()\\n\\nIt can reproduce w/ below testcase:\\nRun below script in shell #1:\\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\\\\n-c \\\"pwrite 0 32k\\\" -c \\\"fdatasync\\\"\\n\\nRun below script in shell #2:\\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\\\\n-c \\\"pwrite 0 32k\\\" -c \\\"fdatasync\\\"\\n\\nSo, in f2fs_merge_page_bio(), let\u0027s avoid using fio-\u003eencrypted_page after\\ncommit page into internal ipu cache.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/01118321e0c8a5f3ece57d0d377bfc92d83cd210\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/edf7e9040fc52c922db947f9c6c36f07377c52ea\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
ghsa-2xf6-75gh-3848
Vulnerability from github
Published
2025-10-28 12:30
Modified
2025-10-28 12:30
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix UAF issue in f2fs_merge_page_bio()
As JY reported in bugzilla [1],
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98 lr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4 CPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5 Tainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Workqueue: writeback wb_workfn (flush-254:49) Call trace: f2fs_is_cp_guaranteed+0x70/0x98 f2fs_inplace_write_data+0x174/0x2f4 f2fs_do_write_data_page+0x214/0x81c f2fs_write_single_data_page+0x28c/0x764 f2fs_write_data_pages+0x78c/0xce4 do_writepages+0xe8/0x2fc __writeback_single_inode+0x4c/0x4b4 writeback_sb_inodes+0x314/0x540 __writeback_inodes_wb+0xa4/0xf4 wb_writeback+0x160/0x448 wb_workfn+0x2f0/0x5dc process_scheduled_works+0x1c8/0x458 worker_thread+0x334/0x3f0 kthread+0x118/0x1ac ret_from_fork+0x10/0x20
[1] https://bugzilla.kernel.org/show_bug.cgi?id=220575
The panic was caused by UAF issue w/ below race condition:
kworker - writepages - f2fs_write_cache_pages - f2fs_write_single_data_page - f2fs_do_write_data_page - f2fs_inplace_write_data - f2fs_merge_page_bio - add_inu_page : cache page #1 into bio & cache bio in io->bio_list - f2fs_write_single_data_page - f2fs_do_write_data_page - f2fs_inplace_write_data - f2fs_merge_page_bio - add_inu_page : cache page #2 into bio which is linked in io->bio_list write - f2fs_write_begin : write page #1 - f2fs_folio_wait_writeback - f2fs_submit_merged_ipu_write - f2fs_submit_write_bio : submit bio which inclues page #1 and #2
software IRQ
- f2fs_write_end_io
- fscrypt_free_bounce_page
: freed bounced page which belongs to page #2
- inc_page_count( , WB_DATA_TYPE(data_folio), false)
: data_folio points to fio->encrypted_page
the bounced page can be freed before
accessing it in f2fs_is_cp_guarantee()
It can reproduce w/ below testcase: Run below script in shell #1: for ((i=1;i>0;i++)) do xfs_io -f /mnt/f2fs/enc/file \ -c "pwrite 0 32k" -c "fdatasync"
Run below script in shell #2: for ((i=1;i>0;i++)) do xfs_io -f /mnt/f2fs/enc/file \ -c "pwrite 0 32k" -c "fdatasync"
So, in f2fs_merge_page_bio(), let's avoid using fio->encrypted_page after commit page into internal ipu cache.
{
"affected": [],
"aliases": [
"CVE-2025-40054"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-28T12:15:39Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix UAF issue in f2fs_merge_page_bio()\n\nAs JY reported in bugzilla [1],\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\npc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98\nlr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4\nCPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5\nTainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nWorkqueue: writeback wb_workfn (flush-254:49)\nCall trace:\n f2fs_is_cp_guaranteed+0x70/0x98\n f2fs_inplace_write_data+0x174/0x2f4\n f2fs_do_write_data_page+0x214/0x81c\n f2fs_write_single_data_page+0x28c/0x764\n f2fs_write_data_pages+0x78c/0xce4\n do_writepages+0xe8/0x2fc\n __writeback_single_inode+0x4c/0x4b4\n writeback_sb_inodes+0x314/0x540\n __writeback_inodes_wb+0xa4/0xf4\n wb_writeback+0x160/0x448\n wb_workfn+0x2f0/0x5dc\n process_scheduled_works+0x1c8/0x458\n worker_thread+0x334/0x3f0\n kthread+0x118/0x1ac\n ret_from_fork+0x10/0x20\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=220575\n\nThe panic was caused by UAF issue w/ below race condition:\n\nkworker\n- writepages\n - f2fs_write_cache_pages\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #1 into bio \u0026 cache bio in\n io-\u003ebio_list\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #2 into bio which is linked\n in io-\u003ebio_list\n\t\t\t\t\t\twrite\n\t\t\t\t\t\t- f2fs_write_begin\n\t\t\t\t\t\t: write page #1\n\t\t\t\t\t\t - f2fs_folio_wait_writeback\n\t\t\t\t\t\t - f2fs_submit_merged_ipu_write\n\t\t\t\t\t\t - f2fs_submit_write_bio\n\t\t\t\t\t\t : submit bio which inclues page #1 and #2\n\n\t\t\t\t\t\tsoftware IRQ\n\t\t\t\t\t\t- f2fs_write_end_io\n\t\t\t\t\t\t - fscrypt_free_bounce_page\n\t\t\t\t\t\t : freed bounced page which belongs to page #2\n - inc_page_count( , WB_DATA_TYPE(data_folio), false)\n : data_folio points to fio-\u003eencrypted_page\n the bounced page can be freed before\n accessing it in f2fs_is_cp_guarantee()\n\nIt can reproduce w/ below testcase:\nRun below script in shell #1:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nRun below script in shell #2:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nSo, in f2fs_merge_page_bio(), let\u0027s avoid using fio-\u003eencrypted_page after\ncommit page into internal ipu cache.",
"id": "GHSA-2xf6-75gh-3848",
"modified": "2025-10-28T12:30:17Z",
"published": "2025-10-28T12:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40054"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01118321e0c8a5f3ece57d0d377bfc92d83cd210"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/edf7e9040fc52c922db947f9c6c36f07377c52ea"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2025-40054
Vulnerability from fkie_nvd
Published
2025-10-28 12:15
Modified
2025-10-30 15:05
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix UAF issue in f2fs_merge_page_bio()
As JY reported in bugzilla [1],
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
pc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98
lr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4
CPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5
Tainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Workqueue: writeback wb_workfn (flush-254:49)
Call trace:
f2fs_is_cp_guaranteed+0x70/0x98
f2fs_inplace_write_data+0x174/0x2f4
f2fs_do_write_data_page+0x214/0x81c
f2fs_write_single_data_page+0x28c/0x764
f2fs_write_data_pages+0x78c/0xce4
do_writepages+0xe8/0x2fc
__writeback_single_inode+0x4c/0x4b4
writeback_sb_inodes+0x314/0x540
__writeback_inodes_wb+0xa4/0xf4
wb_writeback+0x160/0x448
wb_workfn+0x2f0/0x5dc
process_scheduled_works+0x1c8/0x458
worker_thread+0x334/0x3f0
kthread+0x118/0x1ac
ret_from_fork+0x10/0x20
[1] https://bugzilla.kernel.org/show_bug.cgi?id=220575
The panic was caused by UAF issue w/ below race condition:
kworker
- writepages
- f2fs_write_cache_pages
- f2fs_write_single_data_page
- f2fs_do_write_data_page
- f2fs_inplace_write_data
- f2fs_merge_page_bio
- add_inu_page
: cache page #1 into bio & cache bio in
io->bio_list
- f2fs_write_single_data_page
- f2fs_do_write_data_page
- f2fs_inplace_write_data
- f2fs_merge_page_bio
- add_inu_page
: cache page #2 into bio which is linked
in io->bio_list
write
- f2fs_write_begin
: write page #1
- f2fs_folio_wait_writeback
- f2fs_submit_merged_ipu_write
- f2fs_submit_write_bio
: submit bio which inclues page #1 and #2
software IRQ
- f2fs_write_end_io
- fscrypt_free_bounce_page
: freed bounced page which belongs to page #2
- inc_page_count( , WB_DATA_TYPE(data_folio), false)
: data_folio points to fio->encrypted_page
the bounced page can be freed before
accessing it in f2fs_is_cp_guarantee()
It can reproduce w/ below testcase:
Run below script in shell #1:
for ((i=1;i>0;i++)) do xfs_io -f /mnt/f2fs/enc/file \
-c "pwrite 0 32k" -c "fdatasync"
Run below script in shell #2:
for ((i=1;i>0;i++)) do xfs_io -f /mnt/f2fs/enc/file \
-c "pwrite 0 32k" -c "fdatasync"
So, in f2fs_merge_page_bio(), let's avoid using fio->encrypted_page after
commit page into internal ipu cache.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix UAF issue in f2fs_merge_page_bio()\n\nAs JY reported in bugzilla [1],\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\npc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98\nlr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4\nCPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5\nTainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nWorkqueue: writeback wb_workfn (flush-254:49)\nCall trace:\n f2fs_is_cp_guaranteed+0x70/0x98\n f2fs_inplace_write_data+0x174/0x2f4\n f2fs_do_write_data_page+0x214/0x81c\n f2fs_write_single_data_page+0x28c/0x764\n f2fs_write_data_pages+0x78c/0xce4\n do_writepages+0xe8/0x2fc\n __writeback_single_inode+0x4c/0x4b4\n writeback_sb_inodes+0x314/0x540\n __writeback_inodes_wb+0xa4/0xf4\n wb_writeback+0x160/0x448\n wb_workfn+0x2f0/0x5dc\n process_scheduled_works+0x1c8/0x458\n worker_thread+0x334/0x3f0\n kthread+0x118/0x1ac\n ret_from_fork+0x10/0x20\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=220575\n\nThe panic was caused by UAF issue w/ below race condition:\n\nkworker\n- writepages\n - f2fs_write_cache_pages\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #1 into bio \u0026 cache bio in\n io-\u003ebio_list\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #2 into bio which is linked\n in io-\u003ebio_list\n\t\t\t\t\t\twrite\n\t\t\t\t\t\t- f2fs_write_begin\n\t\t\t\t\t\t: write page #1\n\t\t\t\t\t\t - f2fs_folio_wait_writeback\n\t\t\t\t\t\t - f2fs_submit_merged_ipu_write\n\t\t\t\t\t\t - f2fs_submit_write_bio\n\t\t\t\t\t\t : submit bio which inclues page #1 and #2\n\n\t\t\t\t\t\tsoftware IRQ\n\t\t\t\t\t\t- f2fs_write_end_io\n\t\t\t\t\t\t - fscrypt_free_bounce_page\n\t\t\t\t\t\t : freed bounced page which belongs to page #2\n - inc_page_count( , WB_DATA_TYPE(data_folio), false)\n : data_folio points to fio-\u003eencrypted_page\n the bounced page can be freed before\n accessing it in f2fs_is_cp_guarantee()\n\nIt can reproduce w/ below testcase:\nRun below script in shell #1:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nRun below script in shell #2:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nSo, in f2fs_merge_page_bio(), let\u0027s avoid using fio-\u003eencrypted_page after\ncommit page into internal ipu cache."
}
],
"id": "CVE-2025-40054",
"lastModified": "2025-10-30T15:05:32.197",
"metrics": {},
"published": "2025-10-28T12:15:39.640",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/01118321e0c8a5f3ece57d0d377bfc92d83cd210"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/edf7e9040fc52c922db947f9c6c36f07377c52ea"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
opensuse-su-2025:15702-1
Vulnerability from csaf_opensuse
Published
2025-11-04 00:00
Modified
2025-11-04 00:00
Summary
kernel-devel-6.17.7-1.1 on GA media
Notes
Title of the patch
kernel-devel-6.17.7-1.1 on GA media
Description of the patch
These are all security issues fixed in the kernel-devel-6.17.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15702
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kernel-devel-6.17.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kernel-devel-6.17.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15702",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15702-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40025 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40026 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40027 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40027/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40028 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40030 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40031 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40033 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40037 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40038 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40039 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40040 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40041 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40042 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40045 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40046 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40046/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40047 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40048 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40050 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40050/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40053 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40054 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40055 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40057 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40059 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40065 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40066 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40067 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40068 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40069 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40070 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40072 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40073 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40074 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40075 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40076 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40077 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40081 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40084 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40086 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40092 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40093 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40094 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40095 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40097 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40098 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40101 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40103 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40104 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40106 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40106/"
}
],
"title": "kernel-devel-6.17.7-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-04T00:00:00Z",
"generator": {
"date": "2025-11-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15702-1",
"initial_release_date": "2025-11-04T00:00:00Z",
"revision_history": [
{
"date": "2025-11-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.17.7-1.1.aarch64",
"product": {
"name": "kernel-devel-6.17.7-1.1.aarch64",
"product_id": "kernel-devel-6.17.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.17.7-1.1.aarch64",
"product": {
"name": "kernel-macros-6.17.7-1.1.aarch64",
"product_id": "kernel-macros-6.17.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.17.7-1.1.aarch64",
"product": {
"name": "kernel-source-6.17.7-1.1.aarch64",
"product_id": "kernel-source-6.17.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.17.7-1.1.aarch64",
"product": {
"name": "kernel-source-vanilla-6.17.7-1.1.aarch64",
"product_id": "kernel-source-vanilla-6.17.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.17.7-1.1.ppc64le",
"product": {
"name": "kernel-devel-6.17.7-1.1.ppc64le",
"product_id": "kernel-devel-6.17.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.17.7-1.1.ppc64le",
"product": {
"name": "kernel-macros-6.17.7-1.1.ppc64le",
"product_id": "kernel-macros-6.17.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-6.17.7-1.1.ppc64le",
"product": {
"name": "kernel-source-6.17.7-1.1.ppc64le",
"product_id": "kernel-source-6.17.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.17.7-1.1.ppc64le",
"product": {
"name": "kernel-source-vanilla-6.17.7-1.1.ppc64le",
"product_id": "kernel-source-vanilla-6.17.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.17.7-1.1.s390x",
"product": {
"name": "kernel-devel-6.17.7-1.1.s390x",
"product_id": "kernel-devel-6.17.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.17.7-1.1.s390x",
"product": {
"name": "kernel-macros-6.17.7-1.1.s390x",
"product_id": "kernel-macros-6.17.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-6.17.7-1.1.s390x",
"product": {
"name": "kernel-source-6.17.7-1.1.s390x",
"product_id": "kernel-source-6.17.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.17.7-1.1.s390x",
"product": {
"name": "kernel-source-vanilla-6.17.7-1.1.s390x",
"product_id": "kernel-source-vanilla-6.17.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.17.7-1.1.x86_64",
"product": {
"name": "kernel-devel-6.17.7-1.1.x86_64",
"product_id": "kernel-devel-6.17.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.17.7-1.1.x86_64",
"product": {
"name": "kernel-macros-6.17.7-1.1.x86_64",
"product_id": "kernel-macros-6.17.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.17.7-1.1.x86_64",
"product": {
"name": "kernel-source-6.17.7-1.1.x86_64",
"product_id": "kernel-source-6.17.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.17.7-1.1.x86_64",
"product": {
"name": "kernel-source-vanilla-6.17.7-1.1.x86_64",
"product_id": "kernel-source-vanilla-6.17.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64"
},
"product_reference": "kernel-devel-6.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le"
},
"product_reference": "kernel-devel-6.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x"
},
"product_reference": "kernel-devel-6.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64"
},
"product_reference": "kernel-devel-6.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64"
},
"product_reference": "kernel-macros-6.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le"
},
"product_reference": "kernel-macros-6.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x"
},
"product_reference": "kernel-macros-6.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64"
},
"product_reference": "kernel-macros-6.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64"
},
"product_reference": "kernel-source-6.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le"
},
"product_reference": "kernel-source-6.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x"
},
"product_reference": "kernel-source-6.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64"
},
"product_reference": "kernel-source-6.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64"
},
"product_reference": "kernel-source-vanilla-6.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le"
},
"product_reference": "kernel-source-vanilla-6.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x"
},
"product_reference": "kernel-source-vanilla-6.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
},
"product_reference": "kernel-source-vanilla-6.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node footer for non inode dnode\n\nAs syzbot reported below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/file.c:1243!\nOops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(full)\nRIP: 0010:f2fs_truncate_hole+0x69e/0x6c0 fs/f2fs/file.c:1243\nCall Trace:\n \u003cTASK\u003e\n f2fs_punch_hole+0x2db/0x330 fs/f2fs/file.c:1306\n f2fs_fallocate+0x546/0x990 fs/f2fs/file.c:2018\n vfs_fallocate+0x666/0x7e0 fs/open.c:342\n ksys_fallocate fs/open.c:366 [inline]\n __do_sys_fallocate fs/open.c:371 [inline]\n __se_sys_fallocate fs/open.c:369 [inline]\n __x64_sys_fallocate+0xc0/0x110 fs/open.c:369\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f1e65f8ebe9\n\nw/ a fuzzed image, f2fs may encounter panic due to it detects inconsistent\ntruncation range in direct node in f2fs_truncate_hole().\n\nThe root cause is: a non-inode dnode may has the same footer.ino and\nfooter.nid, so the dnode will be parsed as an inode, then ADDRS_PER_PAGE()\nmay return wrong blkaddr count which may be 923 typically, by chance,\ndn.ofs_in_node is equal to 923, then count can be calculated to 0 in below\nstatement, later it will trigger panic w/ f2fs_bug_on(, count == 0 || ...).\n\n\tcount = min(end_offset - dn.ofs_in_node, pg_end - pg_start);\n\nThis patch introduces a new node_type NODE_TYPE_NON_INODE, then allowing\npassing the new_type to sanity_check_node_footer in f2fs_get_node_folio()\nto detect corruption that a non-inode dnode has the same footer.ino and\nfooter.nid.\n\nScripts to reproduce:\nmkfs.f2fs -f /dev/vdb\nmount /dev/vdb /mnt/f2fs\ntouch /mnt/f2fs/foo\ntouch /mnt/f2fs/bar\ndd if=/dev/zero of=/mnt/f2fs/foo bs=1M count=8\numount /mnt/f2fs\ninject.f2fs --node --mb i_nid --nid 4 --idx 0 --val 5 /dev/vdb\nmount /dev/vdb /mnt/f2fs\nxfs_io /mnt/f2fs/foo -c \"fpunch 6984k 4k\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40025",
"url": "https://www.suse.com/security/cve/CVE-2025-40025"
},
{
"category": "external",
"summary": "SUSE Bug 1252766 for CVE-2025-40025",
"url": "https://bugzilla.suse.com/1252766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40025"
},
{
"cve": "CVE-2025-40026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Don\u0027t (re)check L1 intercepts when completing userspace I/O\n\nWhen completing emulation of instruction that generated a userspace exit\nfor I/O, don\u0027t recheck L1 intercepts as KVM has already finished that\nphase of instruction execution, i.e. has already committed to allowing L2\nto perform I/O. If L1 (or host userspace) modifies the I/O permission\nbitmaps during the exit to userspace, KVM will treat the access as being\nintercepted despite already having emulated the I/O access.\n\nPivot on EMULTYPE_NO_DECODE to detect that KVM is completing emulation.\nOf the three users of EMULTYPE_NO_DECODE, only complete_emulated_io() (the\nintended \"recipient\") can reach the code in question. gp_interception()\u0027s\nuse is mutually exclusive with is_guest_mode(), and\ncomplete_emulated_insn_gp() unconditionally pairs EMULTYPE_NO_DECODE with\nEMULTYPE_SKIP.\n\nThe bad behavior was detected by a syzkaller program that toggles port I/O\ninterception during the userspace I/O exit, ultimately resulting in a WARN\non vcpu-\u003earch.pio.count being non-zero due to KVM no completing emulation\nof the I/O instruction.\n\n WARNING: CPU: 23 PID: 1083 at arch/x86/kvm/x86.c:8039 emulator_pio_in_out+0x154/0x170 [kvm]\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 23 UID: 1000 PID: 1083 Comm: repro Not tainted 6.16.0-rc5-c1610d2d66b1-next-vm #74 NONE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:emulator_pio_in_out+0x154/0x170 [kvm]\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n kvm_fast_pio+0xd6/0x1d0 [kvm]\n vmx_handle_exit+0x149/0x610 [kvm_intel]\n kvm_arch_vcpu_ioctl_run+0xda8/0x1ac0 [kvm]\n kvm_vcpu_ioctl+0x244/0x8c0 [kvm]\n __x64_sys_ioctl+0x8a/0xd0\n do_syscall_64+0x5d/0xc60\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40026",
"url": "https://www.suse.com/security/cve/CVE-2025-40026"
},
{
"category": "external",
"summary": "SUSE Bug 1252764 for CVE-2025-40026",
"url": "https://bugzilla.suse.com/1252764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-40026"
},
{
"cve": "CVE-2025-40027",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40027"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix double req put in p9_fd_cancelled\n\nSyzkaller reports a KASAN issue as below:\n\ngeneral protection fault, probably for non-canonical address 0xfbd59c0000000021: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: maybe wild-memory-access in range [0xdead000000000108-0xdead00000000010f]\nCPU: 0 PID: 5083 Comm: syz-executor.2 Not tainted 6.1.134-syzkaller-00037-g855bd1d7d838 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:__list_del include/linux/list.h:114 [inline]\nRIP: 0010:__list_del_entry include/linux/list.h:137 [inline]\nRIP: 0010:list_del include/linux/list.h:148 [inline]\nRIP: 0010:p9_fd_cancelled+0xe9/0x200 net/9p/trans_fd.c:734\n\nCall Trace:\n \u003cTASK\u003e\n p9_client_flush+0x351/0x440 net/9p/client.c:614\n p9_client_rpc+0xb6b/0xc70 net/9p/client.c:734\n p9_client_version net/9p/client.c:920 [inline]\n p9_client_create+0xb51/0x1240 net/9p/client.c:1027\n v9fs_session_init+0x1f0/0x18f0 fs/9p/v9fs.c:408\n v9fs_mount+0xba/0xcb0 fs/9p/vfs_super.c:126\n legacy_get_tree+0x108/0x220 fs/fs_context.c:632\n vfs_get_tree+0x8e/0x300 fs/super.c:1573\n do_new_mount fs/namespace.c:3056 [inline]\n path_mount+0x6a6/0x1e90 fs/namespace.c:3386\n do_mount fs/namespace.c:3399 [inline]\n __do_sys_mount fs/namespace.c:3607 [inline]\n __se_sys_mount fs/namespace.c:3584 [inline]\n __x64_sys_mount+0x283/0x300 fs/namespace.c:3584\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nThis happens because of a race condition between:\n\n- The 9p client sending an invalid flush request and later cleaning it up;\n- The 9p client in p9_read_work() canceled all pending requests.\n\n Thread 1 Thread 2\n ...\n p9_client_create()\n ...\n p9_fd_create()\n ...\n p9_conn_create()\n ...\n // start Thread 2\n INIT_WORK(\u0026m-\u003erq, p9_read_work);\n p9_read_work()\n ...\n p9_client_rpc()\n ...\n ...\n p9_conn_cancel()\n ...\n spin_lock(\u0026m-\u003ereq_lock);\n ...\n p9_fd_cancelled()\n ...\n ...\n spin_unlock(\u0026m-\u003ereq_lock);\n // status rewrite\n p9_client_cb(m-\u003eclient, req, REQ_STATUS_ERROR)\n // first remove\n list_del(\u0026req-\u003ereq_list);\n ...\n\n spin_lock(\u0026m-\u003ereq_lock)\n ...\n // second remove\n list_del(\u0026req-\u003ereq_list);\n spin_unlock(\u0026m-\u003ereq_lock)\n ...\n\nCommit 74d6a5d56629 (\"9p/trans_fd: Fix concurrency del of req_list in\np9_fd_cancelled/p9_read_work\") fixes a concurrency issue in the 9p filesystem\nclient where the req_list could be deleted simultaneously by both\np9_read_work and p9_fd_cancelled functions, but for the case where req-\u003estatus\nequals REQ_STATUS_RCVD.\n\nUpdate the check for req-\u003estatus in p9_fd_cancelled to skip processing not\njust received requests, but anything that is not SENT, as whatever\nchanged the state from SENT also removed the request from its list.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n\n[updated the check from status == RECV || status == ERROR to status != SENT]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40027",
"url": "https://www.suse.com/security/cve/CVE-2025-40027"
},
{
"category": "external",
"summary": "SUSE Bug 1252763 for CVE-2025-40027",
"url": "https://bugzilla.suse.com/1252763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40027"
},
{
"cve": "CVE-2025-40028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix double-free in dbitmap\n\nA process might fail to allocate a new bitmap when trying to expand its\nproc-\u003edmap. In that case, dbitmap_grow() fails and frees the old bitmap\nvia dbitmap_free(). However, the driver calls dbitmap_free() again when\nthe same process terminates, leading to a double-free error:\n\n ==================================================================\n BUG: KASAN: double-free in binder_proc_dec_tmpref+0x2e0/0x55c\n Free of addr ffff00000b7c1420 by task kworker/9:1/209\n\n CPU: 9 UID: 0 PID: 209 Comm: kworker/9:1 Not tainted 6.17.0-rc6-dirty #5 PREEMPT\n Hardware name: linux,dummy-virt (DT)\n Workqueue: events binder_deferred_func\n Call trace:\n kfree+0x164/0x31c\n binder_proc_dec_tmpref+0x2e0/0x55c\n binder_deferred_func+0xc24/0x1120\n process_one_work+0x520/0xba4\n [...]\n\n Allocated by task 448:\n __kmalloc_noprof+0x178/0x3c0\n bitmap_zalloc+0x24/0x30\n binder_open+0x14c/0xc10\n [...]\n\n Freed by task 449:\n kfree+0x184/0x31c\n binder_inc_ref_for_node+0xb44/0xe44\n binder_transaction+0x29b4/0x7fbc\n binder_thread_write+0x1708/0x442c\n binder_ioctl+0x1b50/0x2900\n [...]\n ==================================================================\n\nFix this issue by marking proc-\u003emap NULL in dbitmap_free().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40028",
"url": "https://www.suse.com/security/cve/CVE-2025-40028"
},
{
"category": "external",
"summary": "SUSE Bug 1252762 for CVE-2025-40028",
"url": "https://bugzilla.suse.com/1252762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40028"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40030"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: check the return value of pinmux_ops::get_function_name()\n\nWhile the API contract in docs doesn\u0027t specify it explicitly, the\ngeneric implementation of the get_function_name() callback from struct\npinmux_ops - pinmux_generic_get_function_name() - can fail and return\nNULL. This is already checked in pinmux_check_ops() so add a similar\ncheck in pinmux_func_name_to_selector() instead of passing the returned\npointer right down to strcmp() where the NULL can get dereferenced. This\nis normal operation when adding new pinfunctions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40030",
"url": "https://www.suse.com/security/cve/CVE-2025-40030"
},
{
"category": "external",
"summary": "SUSE Bug 1252773 for CVE-2025-40030",
"url": "https://bugzilla.suse.com/1252773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40030"
},
{
"cve": "CVE-2025-40031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: fix register_shm_helper()\n\nIn register_shm_helper(), fix incorrect error handling for a call to\niov_iter_extract_pages(). A case is missing for when\niov_iter_extract_pages() only got some pages and return a number larger\nthan 0, but not the requested amount.\n\nThis fixes a possible NULL pointer dereference following a bad input from\nioctl(TEE_IOC_SHM_REGISTER) where parts of the buffer isn\u0027t mapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40031",
"url": "https://www.suse.com/security/cve/CVE-2025-40031"
},
{
"category": "external",
"summary": "SUSE Bug 1252779 for CVE-2025-40031",
"url": "https://bugzilla.suse.com/1252779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40031"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40033"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable()\n\npru_rproc_set_ctable() accessed rproc-\u003epriv before the IS_ERR_OR_NULL\ncheck, which could lead to a null pointer dereference. Move the pru\nassignment, ensuring we never dereference a NULL rproc pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40033",
"url": "https://www.suse.com/security/cve/CVE-2025-40033"
},
{
"category": "external",
"summary": "SUSE Bug 1252824 for CVE-2025-40033",
"url": "https://bugzilla.suse.com/1252824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40033"
},
{
"cve": "CVE-2025-40034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/AER: Avoid NULL pointer dereference in aer_ratelimit()\n\nWhen platform firmware supplies error information to the OS, e.g., via the\nACPI APEI GHES mechanism, it may identify an error source device that\ndoesn\u0027t advertise an AER Capability and therefore dev-\u003eaer_info, which\ncontains AER stats and ratelimiting data, is NULL.\n\npci_dev_aer_stats_incr() already checks dev-\u003eaer_info for NULL, but\naer_ratelimit() did not, leading to NULL pointer dereferences like this one\nfrom the URL below:\n\n {1}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 0\n {1}[Hardware Error]: event severity: corrected\n {1}[Hardware Error]: device_id: 0000:00:00.0\n {1}[Hardware Error]: vendor_id: 0x8086, device_id: 0x2020\n {1}[Hardware Error]: aer_cor_status: 0x00001000, aer_cor_mask: 0x00002000\n BUG: kernel NULL pointer dereference, address: 0000000000000264\n RIP: 0010:___ratelimit+0xc/0x1b0\n pci_print_aer+0x141/0x360\n aer_recover_work_func+0xb5/0x130\n\n[8086:2020] is an Intel \"Sky Lake-E DMI3 Registers\" device that claims to\nbe a Root Port but does not advertise an AER Capability.\n\nAdd a NULL check in aer_ratelimit() to avoid the NULL pointer dereference.\nNote that this also prevents ratelimiting these events from GHES.\n\n[bhelgaas: add crash details to commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40034",
"url": "https://www.suse.com/security/cve/CVE-2025-40034"
},
{
"category": "external",
"summary": "SUSE Bug 1252868 for CVE-2025-40034",
"url": "https://bugzilla.suse.com/1252868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40034"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: simplefb: Fix use after free in simplefb_detach_genpds()\n\nThe pm_domain cleanup can not be devres managed as it uses struct\nsimplefb_par which is allocated within struct fb_info by\nframebuffer_alloc(). This allocation is explicitly freed by\nunregister_framebuffer() in simplefb_remove().\nDevres managed cleanup runs after the device remove call and thus can no\nlonger access struct simplefb_par.\nCall simplefb_detach_genpds() explicitly from simplefb_destroy() like\nthe cleanup functions for clocks and regulators.\n\nFixes an use after free on M2 Mac mini during\naperture_remove_conflicting_devices() using the downstream asahi kernel\nwith Debian\u0027s kernel config. For unknown reasons this started to\nconsistently dereference an invalid pointer in v6.16.3 based kernels.\n\n[ 6.736134] BUG: KASAN: slab-use-after-free in simplefb_detach_genpds+0x58/0x220\n[ 6.743545] Read of size 4 at addr ffff8000304743f0 by task (udev-worker)/227\n[ 6.750697]\n[ 6.752182] CPU: 6 UID: 0 PID: 227 Comm: (udev-worker) Tainted: G S 6.16.3-asahi+ #16 PREEMPTLAZY\n[ 6.752186] Tainted: [S]=CPU_OUT_OF_SPEC\n[ 6.752187] Hardware name: Apple Mac mini (M2, 2023) (DT)\n[ 6.752189] Call trace:\n[ 6.752190] show_stack+0x34/0x98 (C)\n[ 6.752194] dump_stack_lvl+0x60/0x80\n[ 6.752197] print_report+0x17c/0x4d8\n[ 6.752201] kasan_report+0xb4/0x100\n[ 6.752206] __asan_report_load4_noabort+0x20/0x30\n[ 6.752209] simplefb_detach_genpds+0x58/0x220\n[ 6.752213] devm_action_release+0x50/0x98\n[ 6.752216] release_nodes+0xd0/0x2c8\n[ 6.752219] devres_release_all+0xfc/0x178\n[ 6.752221] device_unbind_cleanup+0x28/0x168\n[ 6.752224] device_release_driver_internal+0x34c/0x470\n[ 6.752228] device_release_driver+0x20/0x38\n[ 6.752231] bus_remove_device+0x1b0/0x380\n[ 6.752234] device_del+0x314/0x820\n[ 6.752238] platform_device_del+0x3c/0x1e8\n[ 6.752242] platform_device_unregister+0x20/0x50\n[ 6.752246] aperture_detach_platform_device+0x1c/0x30\n[ 6.752250] aperture_detach_devices+0x16c/0x290\n[ 6.752253] aperture_remove_conflicting_devices+0x34/0x50\n...\n[ 6.752343]\n[ 6.967409] Allocated by task 62:\n[ 6.970724] kasan_save_stack+0x3c/0x70\n[ 6.974560] kasan_save_track+0x20/0x40\n[ 6.978397] kasan_save_alloc_info+0x40/0x58\n[ 6.982670] __kasan_kmalloc+0xd4/0xd8\n[ 6.986420] __kmalloc_noprof+0x194/0x540\n[ 6.990432] framebuffer_alloc+0xc8/0x130\n[ 6.994444] simplefb_probe+0x258/0x2378\n...\n[ 7.054356]\n[ 7.055838] Freed by task 227:\n[ 7.058891] kasan_save_stack+0x3c/0x70\n[ 7.062727] kasan_save_track+0x20/0x40\n[ 7.066565] kasan_save_free_info+0x4c/0x80\n[ 7.070751] __kasan_slab_free+0x6c/0xa0\n[ 7.074675] kfree+0x10c/0x380\n[ 7.077727] framebuffer_release+0x5c/0x90\n[ 7.081826] simplefb_destroy+0x1b4/0x2c0\n[ 7.085837] put_fb_info+0x98/0x100\n[ 7.089326] unregister_framebuffer+0x178/0x320\n[ 7.093861] simplefb_remove+0x3c/0x60\n[ 7.097611] platform_remove+0x60/0x98\n[ 7.101361] device_remove+0xb8/0x160\n[ 7.105024] device_release_driver_internal+0x2fc/0x470\n[ 7.110256] device_release_driver+0x20/0x38\n[ 7.114529] bus_remove_device+0x1b0/0x380\n[ 7.118628] device_del+0x314/0x820\n[ 7.122116] platform_device_del+0x3c/0x1e8\n[ 7.126302] platform_device_unregister+0x20/0x50\n[ 7.131012] aperture_detach_platform_device+0x1c/0x30\n[ 7.136157] aperture_detach_devices+0x16c/0x290\n[ 7.140779] aperture_remove_conflicting_devices+0x34/0x50\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40037",
"url": "https://www.suse.com/security/cve/CVE-2025-40037"
},
{
"category": "external",
"summary": "SUSE Bug 1252819 for CVE-2025-40037",
"url": "https://bugzilla.suse.com/1252819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40037"
},
{
"cve": "CVE-2025-40038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn\u0027t valid\n\nSkip the WRMSR and HLT fastpaths in SVM\u0027s VM-Exit handler if the next RIP\nisn\u0027t valid, e.g. because KVM is running with nrips=false. SVM must\ndecode and emulate to skip the instruction if the CPU doesn\u0027t provide the\nnext RIP, and getting the instruction bytes to decode requires reading\nguest memory. Reading guest memory through the emulator can fault, i.e.\ncan sleep, which is disallowed since the fastpath handlers run with IRQs\ndisabled.\n\n BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:106\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 32611, name: qemu\n preempt_count: 1, expected: 0\n INFO: lockdep is turned off.\n irq event stamp: 30580\n hardirqs last enabled at (30579): [\u003cffffffffc08b2527\u003e] vcpu_run+0x1787/0x1db0 [kvm]\n hardirqs last disabled at (30580): [\u003cffffffffb4f62e32\u003e] __schedule+0x1e2/0xed0\n softirqs last enabled at (30570): [\u003cffffffffb4247a64\u003e] fpu_swap_kvm_fpstate+0x44/0x210\n softirqs last disabled at (30568): [\u003cffffffffb4247a64\u003e] fpu_swap_kvm_fpstate+0x44/0x210\n CPU: 298 UID: 0 PID: 32611 Comm: qemu Tainted: G U 6.16.0-smp--e6c618b51cfe-sleep #782 NONE\n Tainted: [U]=USER\n Hardware name: Google Astoria-Turin/astoria, BIOS 0.20241223.2-0 01/17/2025\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7d/0xb0\n __might_resched+0x271/0x290\n __might_fault+0x28/0x80\n kvm_vcpu_read_guest_page+0x8d/0xc0 [kvm]\n kvm_fetch_guest_virt+0x92/0xc0 [kvm]\n __do_insn_fetch_bytes+0xf3/0x1e0 [kvm]\n x86_decode_insn+0xd1/0x1010 [kvm]\n x86_emulate_instruction+0x105/0x810 [kvm]\n __svm_skip_emulated_instruction+0xc4/0x140 [kvm_amd]\n handle_fastpath_invd+0xc4/0x1a0 [kvm]\n vcpu_run+0x11a1/0x1db0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x5cc/0x730 [kvm]\n kvm_vcpu_ioctl+0x578/0x6a0 [kvm]\n __se_sys_ioctl+0x6d/0xb0\n do_syscall_64+0x8a/0x2c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7f479d57a94b\n \u003c/TASK\u003e\n\nNote, this is essentially a reapply of commit 5c30e8101e8d (\"KVM: SVM:\nSkip WRMSR fastpath on VM-Exit if next RIP isn\u0027t valid\"), but with\ndifferent justification (KVM now grabs SRCU when skipping the instruction\nfor other reasons).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40038",
"url": "https://www.suse.com/security/cve/CVE-2025-40038"
},
{
"category": "external",
"summary": "SUSE Bug 1252817 for CVE-2025-40038",
"url": "https://bugzilla.suse.com/1252817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40038"
},
{
"cve": "CVE-2025-40039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40039"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix race condition in RPC handle list access\n\nThe \u0027sess-\u003erpc_handle_list\u0027 XArray manages RPC handles within a ksmbd\nsession. Access to this list is intended to be protected by\n\u0027sess-\u003erpc_lock\u0027 (an rw_semaphore). However, the locking implementation was\nflawed, leading to potential race conditions.\n\nIn ksmbd_session_rpc_open(), the code incorrectly acquired only a read lock\nbefore calling xa_store() and xa_erase(). Since these operations modify\nthe XArray structure, a write lock is required to ensure exclusive access\nand prevent data corruption from concurrent modifications.\n\nFurthermore, ksmbd_session_rpc_method() accessed the list using xa_load()\nwithout holding any lock at all. This could lead to reading inconsistent\ndata or a potential use-after-free if an entry is concurrently removed and\nthe pointer is dereferenced.\n\nFix these issues by:\n1. Using down_write() and up_write() in ksmbd_session_rpc_open()\n to ensure exclusive access during XArray modification, and ensuring\n the lock is correctly released on error paths.\n2. Adding down_read() and up_read() in ksmbd_session_rpc_method()\n to safely protect the lookup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40039",
"url": "https://www.suse.com/security/cve/CVE-2025-40039"
},
{
"category": "external",
"summary": "SUSE Bug 1252783 for CVE-2025-40039",
"url": "https://bugzilla.suse.com/1252783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40039"
},
{
"cve": "CVE-2025-40040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40040"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ksm: fix flag-dropping behavior in ksm_madvise\n\nsyzkaller discovered the following crash: (kernel BUG)\n\n[ 44.607039] ------------[ cut here ]------------\n[ 44.607422] kernel BUG at mm/userfaultfd.c:2067!\n[ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none)\n[ 44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460\n\n\u003csnip other registers, drop unreliable trace\u003e\n\n[ 44.617726] Call Trace:\n[ 44.617926] \u003cTASK\u003e\n[ 44.619284] userfaultfd_release+0xef/0x1b0\n[ 44.620976] __fput+0x3f9/0xb60\n[ 44.621240] fput_close_sync+0x110/0x210\n[ 44.622222] __x64_sys_close+0x8f/0x120\n[ 44.622530] do_syscall_64+0x5b/0x2f0\n[ 44.622840] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 44.623244] RIP: 0033:0x7f365bb3f227\n\nKernel panics because it detects UFFD inconsistency during\nuserfaultfd_release_all(). Specifically, a VMA which has a valid pointer\nto vma-\u003evm_userfaultfd_ctx, but no UFFD flags in vma-\u003evm_flags.\n\nThe inconsistency is caused in ksm_madvise(): when user calls madvise()\nwith MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode,\nit accidentally clears all flags stored in the upper 32 bits of\nvma-\u003evm_flags.\n\nAssuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and\nint are 32-bit wide. This setup causes the following mishap during the \u0026=\n~VM_MERGEABLE assignment.\n\nVM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000\u00270000. \nAfter ~ is applied, it becomes 0x7fff\u0027ffff unsigned int, which is then\npromoted to unsigned long before the \u0026 operation. This promotion fills\nupper 32 bits with leading 0s, as we\u0027re doing unsigned conversion (and\neven for a signed conversion, this wouldn\u0027t help as the leading bit is 0).\n\u0026 operation thus ends up AND-ing vm_flags with 0x0000\u00270000\u00277fff\u0027ffff\ninstead of intended 0xffff\u0027ffff\u00277fff\u0027ffff and hence accidentally clears\nthe upper 32-bits of its value.\n\nFix it by changing `VM_MERGEABLE` constant to unsigned long, using the\nBIT() macro.\n\nNote: other VM_* flags are not affected: This only happens to the\nVM_MERGEABLE flag, as the other VM_* flags are all constants of type int\nand after ~ operation, they end up with leading 1 and are thus converted\nto unsigned long with leading 1s.\n\nNote 2:\nAfter commit 31defc3b01d9 (\"userfaultfd: remove (VM_)BUG_ON()s\"), this is\nno longer a kernel BUG, but a WARNING at the same place:\n\n[ 45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067\n\nbut the root-cause (flag-drop) remains the same.\n\n[akpm@linux-foundation.org: rust bindgen wasn\u0027t able to handle BIT(), from Miguel]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40040",
"url": "https://www.suse.com/security/cve/CVE-2025-40040"
},
{
"category": "external",
"summary": "SUSE Bug 1252780 for CVE-2025-40040",
"url": "https://bugzilla.suse.com/1252780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40040"
},
{
"cve": "CVE-2025-40041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40041"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: BPF: Sign-extend struct ops return values properly\n\nThe ns_bpf_qdisc selftest triggers a kernel panic:\n\n Oops[#1]:\n CPU 0 Unable to handle kernel paging request at virtual address 0000000000741d58, era == 90000000851b5ac0, ra == 90000000851b5aa4\n CPU: 0 UID: 0 PID: 449 Comm: test_progs Tainted: G OE 6.16.0+ #3 PREEMPT(full)\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n pc 90000000851b5ac0 ra 90000000851b5aa4 tp 90000001076b8000 sp 90000001076bb600\n a0 0000000000741ce8 a1 0000000000000001 a2 90000001076bb5c0 a3 0000000000000008\n a4 90000001004c4620 a5 9000000100741ce8 a6 0000000000000000 a7 0100000000000000\n t0 0000000000000010 t1 0000000000000000 t2 9000000104d24d30 t3 0000000000000001\n t4 4f2317da8a7e08c4 t5 fffffefffc002f00 t6 90000001004c4620 t7 ffffffffc61c5b3d\n t8 0000000000000000 u0 0000000000000001 s9 0000000000000050 s0 90000001075bc800\n s1 0000000000000040 s2 900000010597c400 s3 0000000000000008 s4 90000001075bc880\n s5 90000001075bc8f0 s6 0000000000000000 s7 0000000000741ce8 s8 0000000000000000\n ra: 90000000851b5aa4 __qdisc_run+0xac/0x8d8\n ERA: 90000000851b5ac0 __qdisc_run+0xc8/0x8d8\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 00000004 (PPLV0 +PIE -PWE)\n EUEN: 00000007 (+FPE +SXE +ASXE -BTE)\n ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n BADV: 0000000000741d58\n PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\n Modules linked in: bpf_testmod(OE) [last unloaded: bpf_testmod(OE)]\n Process test_progs (pid: 449, threadinfo=000000009af02b3a, task=00000000e9ba4956)\n Stack : 0000000000000000 90000001075bc8ac 90000000869524a8 9000000100741ce8\n 90000001075bc800 9000000100415300 90000001075bc8ac 0000000000000000\n 900000010597c400 900000008694a000 0000000000000000 9000000105b59000\n 90000001075bc800 9000000100741ce8 0000000000000050 900000008513000c\n 9000000086936000 0000000100094d4c fffffff400676208 0000000000000000\n 9000000105b59000 900000008694a000 9000000086bf0dc0 9000000105b59000\n 9000000086bf0d68 9000000085147010 90000001075be788 0000000000000000\n 9000000086bf0f98 0000000000000001 0000000000000010 9000000006015840\n 0000000000000000 9000000086be6c40 0000000000000000 0000000000000000\n 0000000000000000 4f2317da8a7e08c4 0000000000000101 4f2317da8a7e08c4\n ...\n Call Trace:\n [\u003c90000000851b5ac0\u003e] __qdisc_run+0xc8/0x8d8\n [\u003c9000000085130008\u003e] __dev_queue_xmit+0x578/0x10f0\n [\u003c90000000853701c0\u003e] ip6_finish_output2+0x2f0/0x950\n [\u003c9000000085374bc8\u003e] ip6_finish_output+0x2b8/0x448\n [\u003c9000000085370b24\u003e] ip6_xmit+0x304/0x858\n [\u003c90000000853c4438\u003e] inet6_csk_xmit+0x100/0x170\n [\u003c90000000852b32f0\u003e] __tcp_transmit_skb+0x490/0xdd0\n [\u003c90000000852b47fc\u003e] tcp_connect+0xbcc/0x1168\n [\u003c90000000853b9088\u003e] tcp_v6_connect+0x580/0x8a0\n [\u003c90000000852e7738\u003e] __inet_stream_connect+0x170/0x480\n [\u003c90000000852e7a98\u003e] inet_stream_connect+0x50/0x88\n [\u003c90000000850f2814\u003e] __sys_connect+0xe4/0x110\n [\u003c90000000850f2858\u003e] sys_connect+0x18/0x28\n [\u003c9000000085520c94\u003e] do_syscall+0x94/0x1a0\n [\u003c9000000083df1fb8\u003e] handle_syscall+0xb8/0x158\n\n Code: 4001ad80 2400873f 2400832d \u003c240073cc\u003e 001137ff 001133ff 6407b41f 001503cc 0280041d\n\n ---[ end trace 0000000000000000 ]---\n\nThe bpf_fifo_dequeue prog returns a skb which is a pointer. The pointer\nis treated as a 32bit value and sign extend to 64bit in epilogue. This\nbehavior is right for most bpf prog types but wrong for struct ops which\nrequires LoongArch ABI.\n\nSo let\u0027s sign extend struct ops return values according to the LoongArch\nABI ([1]) and return value spec in function model.\n\n[1]: https://loongson.github.io/LoongArch-Documentation/LoongArch-ELF-ABI-EN.html",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40041",
"url": "https://www.suse.com/security/cve/CVE-2025-40041"
},
{
"category": "external",
"summary": "SUSE Bug 1252860 for CVE-2025-40041",
"url": "https://bugzilla.suse.com/1252860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40041"
},
{
"cve": "CVE-2025-40042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix race condition in kprobe initialization causing NULL pointer dereference\n\nThere is a critical race condition in kprobe initialization that can lead to\nNULL pointer dereference and kernel crash.\n\n[1135630.084782] Unable to handle kernel paging request at virtual address 0000710a04630000\n...\n[1135630.260314] pstate: 404003c9 (nZcv DAIF +PAN -UAO)\n[1135630.269239] pc : kprobe_perf_func+0x30/0x260\n[1135630.277643] lr : kprobe_dispatcher+0x44/0x60\n[1135630.286041] sp : ffffaeff4977fa40\n[1135630.293441] x29: ffffaeff4977fa40 x28: ffffaf015340e400\n[1135630.302837] x27: 0000000000000000 x26: 0000000000000000\n[1135630.312257] x25: ffffaf029ed108a8 x24: ffffaf015340e528\n[1135630.321705] x23: ffffaeff4977fc50 x22: ffffaeff4977fc50\n[1135630.331154] x21: 0000000000000000 x20: ffffaeff4977fc50\n[1135630.340586] x19: ffffaf015340e400 x18: 0000000000000000\n[1135630.349985] x17: 0000000000000000 x16: 0000000000000000\n[1135630.359285] x15: 0000000000000000 x14: 0000000000000000\n[1135630.368445] x13: 0000000000000000 x12: 0000000000000000\n[1135630.377473] x11: 0000000000000000 x10: 0000000000000000\n[1135630.386411] x9 : 0000000000000000 x8 : 0000000000000000\n[1135630.395252] x7 : 0000000000000000 x6 : 0000000000000000\n[1135630.403963] x5 : 0000000000000000 x4 : 0000000000000000\n[1135630.412545] x3 : 0000710a04630000 x2 : 0000000000000006\n[1135630.421021] x1 : ffffaeff4977fc50 x0 : 0000710a04630000\n[1135630.429410] Call trace:\n[1135630.434828] kprobe_perf_func+0x30/0x260\n[1135630.441661] kprobe_dispatcher+0x44/0x60\n[1135630.448396] aggr_pre_handler+0x70/0xc8\n[1135630.454959] kprobe_breakpoint_handler+0x140/0x1e0\n[1135630.462435] brk_handler+0xbc/0xd8\n[1135630.468437] do_debug_exception+0x84/0x138\n[1135630.475074] el1_dbg+0x18/0x8c\n[1135630.480582] security_file_permission+0x0/0xd0\n[1135630.487426] vfs_write+0x70/0x1c0\n[1135630.493059] ksys_write+0x5c/0xc8\n[1135630.498638] __arm64_sys_write+0x24/0x30\n[1135630.504821] el0_svc_common+0x78/0x130\n[1135630.510838] el0_svc_handler+0x38/0x78\n[1135630.516834] el0_svc+0x8/0x1b0\n\nkernel/trace/trace_kprobe.c: 1308\n0xffff3df8995039ec \u003ckprobe_perf_func+0x2c\u003e: ldr x21, [x24,#120]\ninclude/linux/compiler.h: 294\n0xffff3df8995039f0 \u003ckprobe_perf_func+0x30\u003e: ldr x1, [x21,x0]\n\nkernel/trace/trace_kprobe.c\n1308: head = this_cpu_ptr(call-\u003eperf_events);\n1309: if (hlist_empty(head))\n1310: \treturn 0;\n\ncrash\u003e struct trace_event_call -o\nstruct trace_event_call {\n ...\n [120] struct hlist_head *perf_events; //(call-\u003eperf_event)\n ...\n}\n\ncrash\u003e struct trace_event_call ffffaf015340e528\nstruct trace_event_call {\n ...\n perf_events = 0xffff0ad5fa89f088, //this value is correct, but x21 = 0\n ...\n}\n\nRace Condition Analysis:\n\nThe race occurs between kprobe activation and perf_events initialization:\n\n CPU0 CPU1\n ==== ====\n perf_kprobe_init\n perf_trace_event_init\n tp_event-\u003eperf_events = list;(1)\n tp_event-\u003eclass-\u003ereg (2)\u003c- KPROBE ACTIVE\n Debug exception triggers\n ...\n kprobe_dispatcher\n kprobe_perf_func (tk-\u003etp.flags \u0026 TP_FLAG_PROFILE)\n head = this_cpu_ptr(call-\u003eperf_events)(3)\n (perf_events is still NULL)\n\nProblem:\n1. CPU0 executes (1) assigning tp_event-\u003eperf_events = list\n2. CPU0 executes (2) enabling kprobe functionality via class-\u003ereg()\n3. CPU1 triggers and reaches kprobe_dispatcher\n4. CPU1 checks TP_FLAG_PROFILE - condition passes (step 2 completed)\n5. CPU1 calls kprobe_perf_func() and crashes at (3) because\n call-\u003eperf_events is still NULL\n\nCPU1 sees that kprobe functionality is enabled but does not see that\nperf_events has been assigned.\n\nAdd pairing read an\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40042",
"url": "https://www.suse.com/security/cve/CVE-2025-40042"
},
{
"category": "external",
"summary": "SUSE Bug 1252861 for CVE-2025-40042",
"url": "https://bugzilla.suse.com/1252861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40042"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd937x: set the comp soundwire port correctly\n\nFor some reason we endup with setting soundwire port for\nHPHL_COMP and HPHR_COMP as zero, this can potentially result\nin a memory corruption due to accessing and setting -1 th element of\nport_map array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40045",
"url": "https://www.suse.com/security/cve/CVE-2025-40045"
},
{
"category": "external",
"summary": "SUSE Bug 1252784 for CVE-2025-40045",
"url": "https://bugzilla.suse.com/1252784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40045"
},
{
"cve": "CVE-2025-40046",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40046"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/zcrx: fix overshooting recv limit\n\nIt\u0027s reported that sometimes a zcrx request can receive more than was\nrequested. It\u0027s caused by io_zcrx_recv_skb() adjusting desc-\u003ecount for\nall received buffers including frag lists, but then doing recursive\ncalls to process frag list skbs, which leads to desc-\u003ecount double\naccounting and underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40046",
"url": "https://www.suse.com/security/cve/CVE-2025-40046"
},
{
"category": "external",
"summary": "SUSE Bug 1252791 for CVE-2025-40046",
"url": "https://bugzilla.suse.com/1252791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40046"
},
{
"cve": "CVE-2025-40047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/waitid: always prune wait queue entry in io_waitid_wait()\n\nFor a successful return, always remove our entry from the wait queue\nentry list. Previously this was skipped if a cancelation was in\nprogress, but this can race with another invocation of the wait queue\nentry callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40047",
"url": "https://www.suse.com/security/cve/CVE-2025-40047"
},
{
"category": "external",
"summary": "SUSE Bug 1252790 for CVE-2025-40047",
"url": "https://bugzilla.suse.com/1252790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40047"
},
{
"cve": "CVE-2025-40048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Let userspace take care of interrupt mask\n\nRemove the logic to set interrupt mask by default in uio_hv_generic\ndriver as the interrupt mask value is supposed to be controlled\ncompletely by the user space. If the mask bit gets changed\nby the driver, concurrently with user mode operating on the ring,\nthe mask bit may be set when it is supposed to be clear, and the\nuser-mode driver will miss an interrupt which will cause a hang.\n\nFor eg- when the driver sets inbound ring buffer interrupt mask to 1,\nthe host does not interrupt the guest on the UIO VMBus channel.\nHowever, setting the mask does not prevent the host from putting a\nmessage in the inbound ring buffer. So let\u0027s assume that happens,\nthe host puts a message into the ring buffer but does not interrupt.\n\nSubsequently, the user space code in the guest sets the inbound ring\nbuffer interrupt mask to 0, saying \"Hey, I\u0027m ready for interrupts\".\nUser space code then calls pread() to wait for an interrupt.\nThen one of two things happens:\n\n* The host never sends another message. So the pread() waits forever.\n* The host does send another message. But because there\u0027s already a\n message in the ring buffer, it doesn\u0027t generate an interrupt.\n This is the correct behavior, because the host should only send an\n interrupt when the inbound ring buffer transitions from empty to\n not-empty. Adding an additional message to a ring buffer that is not\n empty is not supposed to generate an interrupt on the guest.\n Since the guest is waiting in pread() and not removing messages from\n the ring buffer, the pread() waits forever.\n\nThis could be easily reproduced in hv_fcopy_uio_daemon if we delay\nsetting interrupt mask to 0.\n\nSimilarly if hv_uio_channel_cb() sets the interrupt_mask to 1,\nthere\u0027s a race condition. Once user space empties the inbound ring\nbuffer, but before user space sets interrupt_mask to 0, the host could\nput another message in the ring buffer but it wouldn\u0027t interrupt.\nThen the next pread() would hang.\n\nFix these by removing all instances where interrupt_mask is changed,\nwhile keeping the one in set_event() unchanged to enable userspace\ncontrol the interrupt mask by writing 0/1 to /dev/uioX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40048",
"url": "https://www.suse.com/security/cve/CVE-2025-40048"
},
{
"category": "external",
"summary": "SUSE Bug 1252862 for CVE-2025-40048",
"url": "https://bugzilla.suse.com/1252862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40048"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40050",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40050"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Skip scalar adjustment for BPF_NEG if dst is a pointer\n\nIn check_alu_op(), the verifier currently calls check_reg_arg() and\nadjust_scalar_min_max_vals() unconditionally for BPF_NEG operations.\nHowever, if the destination register holds a pointer, these scalar\nadjustments are unnecessary and potentially incorrect.\n\nThis patch adds a check to skip the adjustment logic when the destination\nregister contains a pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40050",
"url": "https://www.suse.com/security/cve/CVE-2025-40050"
},
{
"category": "external",
"summary": "SUSE Bug 1252856 for CVE-2025-40050",
"url": "https://bugzilla.suse.com/1252856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40050"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40053"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dlink: handle copy_thresh allocation failure\n\nThe driver did not handle failure of `netdev_alloc_skb_ip_align()`.\nIf the allocation failed, dereferencing `skb-\u003eprotocol` could lead to\na NULL pointer dereference.\n\nThis patch tries to allocate `skb`. If the allocation fails, it falls\nback to the normal path.\n\nTested-on: D-Link DGE-550T Rev-A3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40053",
"url": "https://www.suse.com/security/cve/CVE-2025-40053"
},
{
"category": "external",
"summary": "SUSE Bug 1252808 for CVE-2025-40053",
"url": "https://bugzilla.suse.com/1252808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40053"
},
{
"cve": "CVE-2025-40054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix UAF issue in f2fs_merge_page_bio()\n\nAs JY reported in bugzilla [1],\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\npc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98\nlr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4\nCPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5\nTainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nWorkqueue: writeback wb_workfn (flush-254:49)\nCall trace:\n f2fs_is_cp_guaranteed+0x70/0x98\n f2fs_inplace_write_data+0x174/0x2f4\n f2fs_do_write_data_page+0x214/0x81c\n f2fs_write_single_data_page+0x28c/0x764\n f2fs_write_data_pages+0x78c/0xce4\n do_writepages+0xe8/0x2fc\n __writeback_single_inode+0x4c/0x4b4\n writeback_sb_inodes+0x314/0x540\n __writeback_inodes_wb+0xa4/0xf4\n wb_writeback+0x160/0x448\n wb_workfn+0x2f0/0x5dc\n process_scheduled_works+0x1c8/0x458\n worker_thread+0x334/0x3f0\n kthread+0x118/0x1ac\n ret_from_fork+0x10/0x20\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=220575\n\nThe panic was caused by UAF issue w/ below race condition:\n\nkworker\n- writepages\n - f2fs_write_cache_pages\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #1 into bio \u0026 cache bio in\n io-\u003ebio_list\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #2 into bio which is linked\n in io-\u003ebio_list\n\t\t\t\t\t\twrite\n\t\t\t\t\t\t- f2fs_write_begin\n\t\t\t\t\t\t: write page #1\n\t\t\t\t\t\t - f2fs_folio_wait_writeback\n\t\t\t\t\t\t - f2fs_submit_merged_ipu_write\n\t\t\t\t\t\t - f2fs_submit_write_bio\n\t\t\t\t\t\t : submit bio which inclues page #1 and #2\n\n\t\t\t\t\t\tsoftware IRQ\n\t\t\t\t\t\t- f2fs_write_end_io\n\t\t\t\t\t\t - fscrypt_free_bounce_page\n\t\t\t\t\t\t : freed bounced page which belongs to page #2\n - inc_page_count( , WB_DATA_TYPE(data_folio), false)\n : data_folio points to fio-\u003eencrypted_page\n the bounced page can be freed before\n accessing it in f2fs_is_cp_guarantee()\n\nIt can reproduce w/ below testcase:\nRun below script in shell #1:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nRun below script in shell #2:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nSo, in f2fs_merge_page_bio(), let\u0027s avoid using fio-\u003eencrypted_page after\ncommit page into internal ipu cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40054",
"url": "https://www.suse.com/security/cve/CVE-2025-40054"
},
{
"category": "external",
"summary": "SUSE Bug 1252853 for CVE-2025-40054",
"url": "https://bugzilla.suse.com/1252853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40054"
},
{
"cve": "CVE-2025-40055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix double free in user_cluster_connect()\n\nuser_cluster_disconnect() frees \"conn-\u003ecc_private\" which is \"lc\" but then\nthe error handling frees \"lc\" a second time. Set \"lc\" to NULL on this\npath to avoid a double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40055",
"url": "https://www.suse.com/security/cve/CVE-2025-40055"
},
{
"category": "external",
"summary": "SUSE Bug 1252821 for CVE-2025-40055",
"url": "https://bugzilla.suse.com/1252821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40055"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Add a upper bound on max_vclocks\n\nsyzbot reported WARNING in max_vclocks_store.\n\nThis occurs when the argument max is too large for kcalloc to handle.\n\nExtend the guard to guard against values that are too large for\nkcalloc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40057",
"url": "https://www.suse.com/security/cve/CVE-2025-40057"
},
{
"category": "external",
"summary": "SUSE Bug 1252825 for CVE-2025-40057",
"url": "https://bugzilla.suse.com/1252825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40057"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: Fix incorrect handling for return value of devm_kzalloc\n\nThe return value of devm_kzalloc could be an null pointer,\nuse \"!desc.pdata\" to fix incorrect handling return value\nof devm_kzalloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40059",
"url": "https://www.suse.com/security/cve/CVE-2025-40059"
},
{
"category": "external",
"summary": "SUSE Bug 1252809 for CVE-2025-40059",
"url": "https://bugzilla.suse.com/1252809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40059"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: comp - Use same definition of context alloc and free ops\n\nIn commit 42d9f6c77479 (\"crypto: acomp - Move scomp stream allocation\ncode into acomp\"), the crypto_acomp_streams struct was made to rely on\nhaving the alloc_ctx and free_ctx operations defined in the same order\nas the scomp_alg struct. But in that same commit, the alloc_ctx and\nfree_ctx members of scomp_alg may be randomized by structure layout\nrandomization, since they are contained in a pure ops structure\n(containing only function pointers). If the pointers within scomp_alg\nare randomized, but those in crypto_acomp_streams are not, then\nthe order may no longer match. This fixes the problem by removing the\nunion from scomp_alg so that both crypto_acomp_streams and scomp_alg\nwill share the same definition of alloc_ctx and free_ctx, ensuring\nthey will always have the same layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40063",
"url": "https://www.suse.com/security/cve/CVE-2025-40063"
},
{
"category": "external",
"summary": "SUSE Bug 1252844 for CVE-2025-40063",
"url": "https://bugzilla.suse.com/1252844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40063"
},
{
"cve": "CVE-2025-40064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in __pnet_find_base_ndev().\n\nsyzbot reported use-after-free of net_device in __pnet_find_base_ndev(),\nwhich was called during connect(). [0]\n\nsmc_pnet_find_ism_resource() fetches sk_dst_get(sk)-\u003edev and passes\ndown to pnet_find_base_ndev(), where RTNL is held. Then, UAF happened\nat __pnet_find_base_ndev() when the dev is first used.\n\nThis means dev had already been freed before acquiring RTNL in\npnet_find_base_ndev().\n\nWhile dev is going away, dst-\u003edev could be swapped with blackhole_netdev,\nand the dev\u0027s refcnt by dst will be released.\n\nWe must hold dev\u0027s refcnt before calling smc_pnet_find_ism_resource().\n\nAlso, smc_pnet_find_roce_resource() has the same problem.\n\nLet\u0027s use __sk_dst_get() and dst_dev_rcu() in the two functions.\n\n[0]:\nBUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\nRead of size 1 at addr ffff888036bac33a by task syz.0.3632/18609\n\nCPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\n pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline]\n smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline]\n smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154\n smc_find_ism_device net/smc/af_smc.c:1030 [inline]\n smc_find_proposal_devices net/smc/af_smc.c:1115 [inline]\n __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545\n smc_connect+0x877/0xd90 net/smc/af_smc.c:1715\n __sys_connect_file net/socket.c:2086 [inline]\n __sys_connect+0x313/0x440 net/socket.c:2105\n __do_sys_connect net/socket.c:2111 [inline]\n __se_sys_connect net/socket.c:2108 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2108\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f47cbf8eba9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9\nRDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b\nRBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000\nraw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851\n prep_new_page mm/page_alloc.c:1859 [inline]\n get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858\n __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148\n alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416\n ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317\n __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348\n __do_kmalloc_node mm/slub.c:4364 [inline]\n __kvmalloc_node\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40064",
"url": "https://www.suse.com/security/cve/CVE-2025-40064"
},
{
"category": "external",
"summary": "SUSE Bug 1252845 for CVE-2025-40064",
"url": "https://bugzilla.suse.com/1252845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40064"
},
{
"cve": "CVE-2025-40065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40065"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRISC-V: KVM: Write hgatp register with valid mode bits\n\nAccording to the RISC-V Privileged Architecture Spec, when MODE=Bare\nis selected,software must write zero to the remaining fields of hgatp.\n\nWe have detected the valid mode supported by the HW before, So using a\nvalid mode to detect how many vmid bits are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40065",
"url": "https://www.suse.com/security/cve/CVE-2025-40065"
},
{
"category": "external",
"summary": "SUSE Bug 1252846 for CVE-2025-40065",
"url": "https://bugzilla.suse.com/1252846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40065"
},
{
"cve": "CVE-2025-40066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()\n\nIn order to avoid a possible NULL pointer dereference in\nmt7996_mac_sta_init_link routine, move the phy pointer check before\nrunning mt7996_mac_sta_init_link() in mt7996_mac_sta_add_links routine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40066",
"url": "https://www.suse.com/security/cve/CVE-2025-40066"
},
{
"category": "external",
"summary": "SUSE Bug 1252842 for CVE-2025-40066",
"url": "https://bugzilla.suse.com/1252842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40066"
},
{
"cve": "CVE-2025-40067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40067"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist\n\nIndex allocation requires at least one bit in the $BITMAP attribute to\ntrack usage of index entries. If the bitmap is empty while index blocks\nare already present, this reflects on-disk corruption.\n\nsyzbot triggered this condition using a malformed NTFS image. During a\nrename() operation involving a long filename (which spans multiple\nindex entries), the empty bitmap allowed the name to be added without\nvalid tracking. Subsequent deletion of the original entry failed with\n-ENOENT, due to unexpected index state.\n\nReject such cases by verifying that the bitmap is not empty when index\nblocks exist.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40067",
"url": "https://www.suse.com/security/cve/CVE-2025-40067"
},
{
"category": "external",
"summary": "SUSE Bug 1252840 for CVE-2025-40067",
"url": "https://bugzilla.suse.com/1252840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40067"
},
{
"cve": "CVE-2025-40068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: Fix integer overflow in run_unpack()\n\nThe MFT record relative to the file being opened contains its runlist,\nan array containing information about the file\u0027s location on the physical\ndisk. Analysis of all Call Stack paths showed that the values of the\nrunlist array, from which LCNs are calculated, are not validated before\nrun_unpack function.\n\nThe run_unpack function decodes the compressed runlist data format\nfrom MFT attributes (for example, $DATA), converting them into a runs_tree\nstructure, which describes the mapping of virtual clusters (VCN) to\nlogical clusters (LCN). The NTFS3 subsystem also has a shortcut for\ndeleting files from MFT records - in this case, the RUN_DEALLOCATE\ncommand is sent to the run_unpack input, and the function logic\nprovides that all data transferred to the runlist about file or\ndirectory is deleted without creating a runs_tree structure.\n\nSubstituting the runlist in the $DATA attribute of the MFT record for an\narbitrary file can lead either to access to arbitrary data on the disk\nbypassing access checks to them (since the inode access check\noccurs above) or to destruction of arbitrary data on the disk.\n\nAdd overflow check for addition operation.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40068",
"url": "https://www.suse.com/security/cve/CVE-2025-40068"
},
{
"category": "external",
"summary": "SUSE Bug 1252843 for CVE-2025-40068",
"url": "https://bugzilla.suse.com/1252843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40068"
},
{
"cve": "CVE-2025-40069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix obj leak in VM_BIND error path\n\nIf we fail a handle-lookup part way thru, we need to drop the already\nobtained obj references.\n\nPatchwork: https://patchwork.freedesktop.org/patch/669784/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40069",
"url": "https://www.suse.com/security/cve/CVE-2025-40069"
},
{
"category": "external",
"summary": "SUSE Bug 1252831 for CVE-2025-40069",
"url": "https://bugzilla.suse.com/1252831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40069"
},
{
"cve": "CVE-2025-40070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: fix warning in pps_register_cdev when register device fail\n\nSimilar to previous commit 2a934fdb01db (\"media: v4l2-dev: fix error\nhandling in __video_register_device()\"), the release hook should be set\nbefore device_register(). Otherwise, when device_register() return error\nand put_device() try to callback the release function, the below warning\nmay happen.\n\n ------------[ cut here ]------------\n WARNING: CPU: 1 PID: 4760 at drivers/base/core.c:2567 device_release+0x1bd/0x240 drivers/base/core.c:2567\n Modules linked in:\n CPU: 1 UID: 0 PID: 4760 Comm: syz.4.914 Not tainted 6.17.0-rc3+ #1 NONE\n RIP: 0010:device_release+0x1bd/0x240 drivers/base/core.c:2567\n Call Trace:\n \u003cTASK\u003e\n kobject_cleanup+0x136/0x410 lib/kobject.c:689\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0xe9/0x130 lib/kobject.c:737\n put_device+0x24/0x30 drivers/base/core.c:3797\n pps_register_cdev+0x2da/0x370 drivers/pps/pps.c:402\n pps_register_source+0x2f6/0x480 drivers/pps/kapi.c:108\n pps_tty_open+0x190/0x310 drivers/pps/clients/pps-ldisc.c:57\n tty_ldisc_open+0xa7/0x120 drivers/tty/tty_ldisc.c:432\n tty_set_ldisc+0x333/0x780 drivers/tty/tty_ldisc.c:563\n tiocsetd drivers/tty/tty_io.c:2429 [inline]\n tty_ioctl+0x5d1/0x1700 drivers/tty/tty_io.c:2728\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:598 [inline]\n __se_sys_ioctl fs/ioctl.c:584 [inline]\n __x64_sys_ioctl+0x194/0x210 fs/ioctl.c:584\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x5f/0x2a0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\nBefore commit c79a39dc8d06 (\"pps: Fix a use-after-free\"),\npps_register_cdev() call device_create() to create pps-\u003edev, which will\ninit dev-\u003erelease to device_create_release(). Now the comment is outdated,\njust remove it.\n\nThanks for the reminder from Calvin Owens, \u0027kfree_pps\u0027 should be removed\nin pps_register_source() to avoid a double free in the failure case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40070",
"url": "https://www.suse.com/security/cve/CVE-2025-40070"
},
{
"category": "external",
"summary": "SUSE Bug 1252836 for CVE-2025-40070",
"url": "https://bugzilla.suse.com/1252836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40070"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfanotify: Validate the return value of mnt_ns_from_dentry() before dereferencing\n\nThe function do_fanotify_mark() does not validate if\nmnt_ns_from_dentry() returns NULL before dereferencing mntns-\u003euser_ns.\nThis causes a NULL pointer dereference in do_fanotify_mark() if the\npath is not a mount namespace object.\n\nFix this by checking mnt_ns_from_dentry()\u0027s return value before\ndereferencing it.\n\nBefore the patch\n\n$ gcc fanotify_nullptr.c -o fanotify_nullptr\n$ mkdir A\n$ ./fanotify_nullptr\nFanotify fd: 3\nfanotify_mark: Operation not permitted\n$ unshare -Urm\nFanotify fd: 3\nKilled\n\nint main(void){\n int ffd;\n ffd = fanotify_init(FAN_CLASS_NOTIF | FAN_REPORT_MNT, 0);\n if(ffd \u003c 0){\n perror(\"fanotify_init\");\n exit(EXIT_FAILURE);\n }\n\n printf(\"Fanotify fd: %d\\n\",ffd);\n\n if(fanotify_mark(ffd, FAN_MARK_ADD | FAN_MARK_MNTNS,\nFAN_MNT_ATTACH, AT_FDCWD, \"A\") \u003c 0){\n perror(\"fanotify_mark\");\n exit(EXIT_FAILURE);\n }\n\nreturn 0;\n}\n\nAfter the patch\n\n$ gcc fanotify_nullptr.c -o fanotify_nullptr\n$ mkdir A\n$ ./fanotify_nullptr\nFanotify fd: 3\nfanotify_mark: Operation not permitted\n$ unshare -Urm\nFanotify fd: 3\nfanotify_mark: Invalid argument\n\n[ 25.694973] BUG: kernel NULL pointer dereference, address: 0000000000000038\n[ 25.695006] #PF: supervisor read access in kernel mode\n[ 25.695012] #PF: error_code(0x0000) - not-present page\n[ 25.695017] PGD 109a30067 P4D 109a30067 PUD 142b46067 PMD 0\n[ 25.695025] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 25.695032] CPU: 4 UID: 1000 PID: 1478 Comm: fanotify_nullpt Not\ntainted 6.17.0-rc4 #1 PREEMPT(lazy)\n[ 25.695040] Hardware name: VMware, Inc. VMware Virtual\nPlatform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n[ 25.695049] RIP: 0010:do_fanotify_mark+0x817/0x950\n[ 25.695066] Code: 04 00 00 e9 45 fd ff ff 48 8b 7c 24 48 4c 89 54\n24 18 4c 89 5c 24 10 4c 89 0c 24 e8 b3 11 fc ff 4c 8b 54 24 18 4c 8b\n5c 24 10 \u003c48\u003e 8b 78 38 4c 8b 0c 24 49 89 c4 e9 13 fd ff ff 8b 4c 24 28\n85 c9\n[ 25.695081] RSP: 0018:ffffd31c469e3c08 EFLAGS: 00010203\n[ 25.695104] RAX: 0000000000000000 RBX: 0000000001000000 RCX: ffff8eb48aebd220\n[ 25.695110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8eb4835e8180\n[ 25.695115] RBP: 0000000000000111 R08: 0000000000000000 R09: 0000000000000000\n[ 25.695142] R10: ffff8eb48a7d56c0 R11: ffff8eb482bede00 R12: 00000000004012a7\n[ 25.695148] R13: 0000000000000110 R14: 0000000000000001 R15: ffff8eb48a7d56c0\n[ 25.695154] FS: 00007f8733bda740(0000) GS:ffff8eb61ce5f000(0000)\nknlGS:0000000000000000\n[ 25.695162] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 25.695170] CR2: 0000000000000038 CR3: 0000000136994006 CR4: 00000000003706f0\n[ 25.695201] Call Trace:\n[ 25.695209] \u003cTASK\u003e\n[ 25.695215] __x64_sys_fanotify_mark+0x1f/0x30\n[ 25.695222] do_syscall_64+0x82/0x2c0\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40072",
"url": "https://www.suse.com/security/cve/CVE-2025-40072"
},
{
"category": "external",
"summary": "SUSE Bug 1252796 for CVE-2025-40072",
"url": "https://bugzilla.suse.com/1252796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40072"
},
{
"cve": "CVE-2025-40073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Do not validate SSPP when it is not ready\n\nCurrent code will validate current plane and previous plane to\nconfirm they can share a SSPP with multi-rect mode. The SSPP\nis already allocated for previous plane, while current plane\nis not associated with any SSPP yet. Null pointer is referenced\nwhen validating the SSPP of current plane. Skip SSPP validation\nfor current plane.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000020\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000000888ac3000\n[0000000000000020] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] SMP\nModules linked in:\nCPU: 4 UID: 0 PID: 1891 Comm: modetest Tainted: G S 6.15.0-rc2-g3ee3f6e1202e #335 PREEMPT\nTainted: [S]=CPU_OUT_OF_SPEC\nHardware name: SM8650 EV1 rev1 4slam 2et (DT)\npstate: 63400009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : dpu_plane_is_multirect_capable+0x68/0x90\nlr : dpu_assign_plane_resources+0x288/0x410\nsp : ffff800093dcb770\nx29: ffff800093dcb770 x28: 0000000000002000 x27: ffff000817c6c000\nx26: ffff000806b46368 x25: ffff0008013f6080 x24: ffff00080cbf4800\nx23: ffff000810842680 x22: ffff0008013f1080 x21: ffff00080cc86080\nx20: ffff000806b463b0 x19: ffff00080cbf5a00 x18: 00000000ffffffff\nx17: 707a5f657a696c61 x16: 0000000000000003 x15: 0000000000002200\nx14: 00000000ffffffff x13: 00aaaaaa00aaaaaa x12: 0000000000000000\nx11: ffff000817c6e2b8 x10: 0000000000000000 x9 : ffff80008106a950\nx8 : ffff00080cbf48f4 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000438 x3 : 0000000000000438\nx2 : ffff800082e245e0 x1 : 0000000000000008 x0 : 0000000000000000\nCall trace:\n dpu_plane_is_multirect_capable+0x68/0x90 (P)\n dpu_crtc_atomic_check+0x5bc/0x650\n drm_atomic_helper_check_planes+0x13c/0x220\n drm_atomic_helper_check+0x58/0xb8\n msm_atomic_check+0xd8/0xf0\n drm_atomic_check_only+0x4a8/0x968\n drm_atomic_commit+0x50/0xd8\n drm_atomic_helper_update_plane+0x140/0x188\n __setplane_atomic+0xfc/0x148\n drm_mode_setplane+0x164/0x378\n drm_ioctl_kernel+0xc0/0x140\n drm_ioctl+0x20c/0x500\n __arm64_sys_ioctl+0xbc/0xf8\n invoke_syscall+0x50/0x120\n el0_svc_common.constprop.0+0x48/0xf8\n do_el0_svc+0x28/0x40\n el0_svc+0x30/0xd0\n el0t_64_sync_handler+0x144/0x168\n el0t_64_sync+0x198/0x1a0\nCode: b9402021 370fffc1 f9401441 3707ff81 (f94010a1)\n---[ end trace 0000000000000000 ]---\n\nPatchwork: https://patchwork.freedesktop.org/patch/669224/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40073",
"url": "https://www.suse.com/security/cve/CVE-2025-40073"
},
{
"category": "external",
"summary": "SUSE Bug 1252798 for CVE-2025-40073",
"url": "https://bugzilla.suse.com/1252798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40073"
},
{
"cve": "CVE-2025-40074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: start using dst_dev_rcu()\n\nChange icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF.\n\nChange ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(),\nipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40074",
"url": "https://www.suse.com/security/cve/CVE-2025-40074"
},
{
"category": "external",
"summary": "SUSE Bug 1252794 for CVE-2025-40074",
"url": "https://bugzilla.suse.com/1252794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40074"
},
{
"cve": "CVE-2025-40075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: use dst_dev_net_rcu()\n\nReplace three dst_dev() with a lockdep enabled helper.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40075",
"url": "https://www.suse.com/security/cve/CVE-2025-40075"
},
{
"category": "external",
"summary": "SUSE Bug 1252795 for CVE-2025-40075",
"url": "https://bugzilla.suse.com/1252795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40075"
},
{
"cve": "CVE-2025-40076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-host: Pass proper IRQ domain to generic_handle_domain_irq()\n\nStarting with commit dd26c1a23fd5 (\"PCI: rcar-host: Switch to\nmsi_create_parent_irq_domain()\"), the MSI parent IRQ domain is NULL because\nthe object of type struct irq_domain_info passed to:\n\nmsi_create_parent_irq_domain() -\u003e\n irq_domain_instantiate()() -\u003e\n __irq_domain_instantiate()\n\nhas no reference to the parent IRQ domain. Using msi-\u003edomain-\u003eparent as an\nargument for generic_handle_domain_irq() leads to below error:\n\n\t\"Unable to handle kernel NULL pointer dereference at virtual address\"\n\nThis error was identified while switching the upcoming RZ/G3S PCIe host\ncontroller driver to msi_create_parent_irq_domain() (which was using a\nsimilar pattern to handle MSIs (see link section)), but it was not tested\non hardware using the pcie-rcar-host controller driver due to lack of\nhardware.\n\n[mani: reworded subject and description]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40076",
"url": "https://www.suse.com/security/cve/CVE-2025-40076"
},
{
"category": "external",
"summary": "SUSE Bug 1252792 for CVE-2025-40076",
"url": "https://bugzilla.suse.com/1252792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40076"
},
{
"cve": "CVE-2025-40077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid overflow while left shift operation\n\nShould cast type of folio-\u003eindex from pgoff_t to loff_t to avoid overflow\nwhile left shift operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40077",
"url": "https://www.suse.com/security/cve/CVE-2025-40077"
},
{
"category": "external",
"summary": "SUSE Bug 1252782 for CVE-2025-40077",
"url": "https://bugzilla.suse.com/1252782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40077"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Sign extend struct ops return values properly\n\nThe ns_bpf_qdisc selftest triggers a kernel panic:\n\n Unable to handle kernel paging request at virtual address ffffffffa38dbf58\n Current test_progs pgtable: 4K pagesize, 57-bit VAs, pgdp=0x00000001109cc000\n [ffffffffa38dbf58] pgd=000000011fffd801, p4d=000000011fffd401, pud=000000011fffd001, pmd=0000000000000000\n Oops [#1]\n Modules linked in: bpf_testmod(OE) xt_conntrack nls_iso8859_1 [...] [last unloaded: bpf_testmod(OE)]\n CPU: 1 UID: 0 PID: 23584 Comm: test_progs Tainted: G W OE 6.17.0-rc1-g2465bb83e0b4 #1 NONE\n Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2024.01+dfsg-1ubuntu5.1 01/01/2024\n epc : __qdisc_run+0x82/0x6f0\n ra : __qdisc_run+0x6e/0x6f0\n epc : ffffffff80bd5c7a ra : ffffffff80bd5c66 sp : ff2000000eecb550\n gp : ffffffff82472098 tp : ff60000096895940 t0 : ffffffff8001f180\n t1 : ffffffff801e1664 t2 : 0000000000000000 s0 : ff2000000eecb5d0\n s1 : ff60000093a6a600 a0 : ffffffffa38dbee8 a1 : 0000000000000001\n a2 : ff2000000eecb510 a3 : 0000000000000001 a4 : 0000000000000000\n a5 : 0000000000000010 a6 : 0000000000000000 a7 : 0000000000735049\n s2 : ffffffffa38dbee8 s3 : 0000000000000040 s4 : ff6000008bcda000\n s5 : 0000000000000008 s6 : ff60000093a6a680 s7 : ff60000093a6a6f0\n s8 : ff60000093a6a6ac s9 : ff60000093140000 s10: 0000000000000000\n s11: ff2000000eecb9d0 t3 : 0000000000000000 t4 : 0000000000ff0000\n t5 : 0000000000000000 t6 : ff60000093a6a8b6\n status: 0000000200000120 badaddr: ffffffffa38dbf58 cause: 000000000000000d\n [\u003cffffffff80bd5c7a\u003e] __qdisc_run+0x82/0x6f0\n [\u003cffffffff80b6fe58\u003e] __dev_queue_xmit+0x4c0/0x1128\n [\u003cffffffff80b80ae0\u003e] neigh_resolve_output+0xd0/0x170\n [\u003cffffffff80d2daf6\u003e] ip6_finish_output2+0x226/0x6c8\n [\u003cffffffff80d31254\u003e] ip6_finish_output+0x10c/0x2a0\n [\u003cffffffff80d31446\u003e] ip6_output+0x5e/0x178\n [\u003cffffffff80d2e232\u003e] ip6_xmit+0x29a/0x608\n [\u003cffffffff80d6f4c6\u003e] inet6_csk_xmit+0xe6/0x140\n [\u003cffffffff80c985e4\u003e] __tcp_transmit_skb+0x45c/0xaa8\n [\u003cffffffff80c995fe\u003e] tcp_connect+0x9ce/0xd10\n [\u003cffffffff80d66524\u003e] tcp_v6_connect+0x4ac/0x5e8\n [\u003cffffffff80cc19b8\u003e] __inet_stream_connect+0xd8/0x318\n [\u003cffffffff80cc1c36\u003e] inet_stream_connect+0x3e/0x68\n [\u003cffffffff80b42b20\u003e] __sys_connect_file+0x50/0x88\n [\u003cffffffff80b42bee\u003e] __sys_connect+0x96/0xc8\n [\u003cffffffff80b42c40\u003e] __riscv_sys_connect+0x20/0x30\n [\u003cffffffff80e5bcae\u003e] do_trap_ecall_u+0x256/0x378\n [\u003cffffffff80e69af2\u003e] handle_exception+0x14a/0x156\n Code: 892a 0363 1205 489c 8bc1 c7e5 2d03 084a 2703 080a (2783) 0709\n ---[ end trace 0000000000000000 ]---\n\nThe bpf_fifo_dequeue prog returns a skb which is a pointer. The pointer\nis treated as a 32bit value and sign extend to 64bit in epilogue. This\nbehavior is right for most bpf prog types but wrong for struct ops which\nrequires RISC-V ABI.\n\nSo let\u0027s sign extend struct ops return values according to the function\nmodel and RISC-V ABI([0]).\n\n [0]: https://riscv.org/wp-content/uploads/2024/12/riscv-calling.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40079",
"url": "https://www.suse.com/security/cve/CVE-2025-40079"
},
{
"category": "external",
"summary": "SUSE Bug 1252786 for CVE-2025-40079",
"url": "https://bugzilla.suse.com/1252786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40079"
},
{
"cve": "CVE-2025-40080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40080",
"url": "https://www.suse.com/security/cve/CVE-2025-40080"
},
{
"category": "external",
"summary": "SUSE Bug 1252774 for CVE-2025-40080",
"url": "https://bugzilla.suse.com/1252774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40080"
},
{
"cve": "CVE-2025-40081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm_spe: Prevent overflow in PERF_IDX2OFF()\n\nCast nr_pages to unsigned long to avoid overflow when handling large\nAUX buffer sizes (\u003e= 2 GiB).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40081",
"url": "https://www.suse.com/security/cve/CVE-2025-40081"
},
{
"category": "external",
"summary": "SUSE Bug 1252776 for CVE-2025-40081",
"url": "https://bugzilla.suse.com/1252776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40081"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: transport_ipc: validate payload size before reading handle\n\nhandle_response() dereferences the payload as a 4-byte handle without\nverifying that the declared payload size is at least 4 bytes. A malformed\nor truncated message from ksmbd.mountd can lead to a 4-byte read past the\ndeclared payload size. Validate the size before dereferencing.\n\nThis is a minimal fix to guard the initial handle read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40084",
"url": "https://www.suse.com/security/cve/CVE-2025-40084"
},
{
"category": "external",
"summary": "SUSE Bug 1252874 for CVE-2025-40084",
"url": "https://bugzilla.suse.com/1252874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40084"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don\u0027t allow evicting of BOs in same VM in array of VM binds\n\nAn array of VM binds can potentially evict other buffer objects (BOs)\nwithin the same VM under certain conditions, which may lead to NULL\npointer dereferences later in the bind pipeline. To prevent this, clear\nthe allow_res_evict flag in the xe_bo_validate call.\n\nv2:\n - Invert polarity of no_res_evict (Thomas)\n - Add comment in code explaining issue (Thomas)\n\n(cherry picked from commit 8b9ba8d6d95fe75fed6b0480bb03da4b321bea08)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40086",
"url": "https://www.suse.com/security/cve/CVE-2025-40086"
},
{
"category": "external",
"summary": "SUSE Bug 1252923 for CVE-2025-40086",
"url": "https://bugzilla.suse.com/1252923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40086"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/features: Add check for no entries in cxl_feature_info\n\ncxl EDAC calls cxl_feature_info() to get the feature information and\nif the hardware has no Features support, cxlfs may be passed in as\nNULL.\n\n[ 51.957498] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[ 51.965571] #PF: supervisor read access in kernel mode\n[ 51.971559] #PF: error_code(0x0000) - not-present page\n[ 51.977542] PGD 17e4f6067 P4D 0\n[ 51.981384] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 51.986300] CPU: 49 UID: 0 PID: 3782 Comm: systemd-udevd Not tainted 6.17.0dj\ntest+ #64 PREEMPT(voluntary)\n[ 51.997355] Hardware name: \u003cremoved\u003e\n[ 52.009790] RIP: 0010:cxl_feature_info+0xa/0x80 [cxl_core]\n\nAdd a check for cxlfs before dereferencing it and return -EOPNOTSUPP if\nthere is no cxlfs created due to no hardware support.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40089",
"url": "https://www.suse.com/security/cve/CVE-2025-40089"
},
{
"category": "external",
"summary": "SUSE Bug 1252903 for CVE-2025-40089",
"url": "https://bugzilla.suse.com/1252903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40089"
},
{
"cve": "CVE-2025-40090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix recursive locking in RPC handle list access\n\nSince commit 305853cce3794 (\"ksmbd: Fix race condition in RPC handle list\naccess\"), ksmbd_session_rpc_method() attempts to lock sess-\u003erpc_lock.\n\nThis causes hung connections / tasks when a client attempts to open\na named pipe. Using Samba\u0027s rpcclient tool:\n\n $ rpcclient //192.168.1.254 -U user%password\n $ rpcclient $\u003e srvinfo\n \u003cconnection hung here\u003e\n\nKernel side:\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/0:0 state:D stack:0 pid:5021 tgid:5021 ppid:2 flags:0x00200000\n Workqueue: ksmbd-io handle_ksmbd_work\n Call trace:\n __schedule from schedule+0x3c/0x58\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from rwsem_down_read_slowpath+0x1b0/0x1d8\n rwsem_down_read_slowpath from down_read+0x28/0x30\n down_read from ksmbd_session_rpc_method+0x18/0x3c\n ksmbd_session_rpc_method from ksmbd_rpc_open+0x34/0x68\n ksmbd_rpc_open from ksmbd_session_rpc_open+0x194/0x228\n ksmbd_session_rpc_open from create_smb2_pipe+0x8c/0x2c8\n create_smb2_pipe from smb2_open+0x10c/0x27ac\n smb2_open from handle_ksmbd_work+0x238/0x3dc\n handle_ksmbd_work from process_scheduled_works+0x160/0x25c\n process_scheduled_works from worker_thread+0x16c/0x1e8\n worker_thread from kthread+0xa8/0xb8\n kthread from ret_from_fork+0x14/0x38\n Exception stack(0x8529ffb0 to 0x8529fff8)\n\nThe task deadlocks because the lock is already held:\n ksmbd_session_rpc_open\n down_write(\u0026sess-\u003erpc_lock)\n ksmbd_rpc_open\n ksmbd_session_rpc_method\n down_read(\u0026sess-\u003erpc_lock) \u003c-- deadlock\n\nAdjust ksmbd_session_rpc_method() callers to take the lock when necessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40090",
"url": "https://www.suse.com/security/cve/CVE-2025-40090"
},
{
"category": "external",
"summary": "SUSE Bug 1252910 for CVE-2025-40090",
"url": "https://bugzilla.suse.com/1252910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40090"
},
{
"cve": "CVE-2025-40091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix too early devlink_free() in ixgbe_remove()\n\nSince ixgbe_adapter is embedded in devlink, calling devlink_free()\nprematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free()\nto the end.\n\nKASAN report:\n\n BUG: KASAN: use-after-free in ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]\n Read of size 8 at addr ffff0000adf813e0 by task bash/2095\n CPU: 1 UID: 0 PID: 2095 Comm: bash Tainted: G S 6.17.0-rc2-tnguy.net-queue+ #1 PREEMPT(full)\n [...]\n Call trace:\n show_stack+0x30/0x90 (C)\n dump_stack_lvl+0x9c/0xd0\n print_address_description.constprop.0+0x90/0x310\n print_report+0x104/0x1f0\n kasan_report+0x88/0x180\n __asan_report_load8_noabort+0x20/0x30\n ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]\n ixgbe_clear_interrupt_scheme+0xf8/0x130 [ixgbe]\n ixgbe_remove+0x2d0/0x8c0 [ixgbe]\n pci_device_remove+0xa0/0x220\n device_remove+0xb8/0x170\n device_release_driver_internal+0x318/0x490\n device_driver_detach+0x40/0x68\n unbind_store+0xec/0x118\n drv_attr_store+0x64/0xb8\n sysfs_kf_write+0xcc/0x138\n kernfs_fop_write_iter+0x294/0x440\n new_sync_write+0x1fc/0x588\n vfs_write+0x480/0x6a0\n ksys_write+0xf0/0x1e0\n __arm64_sys_write+0x70/0xc0\n invoke_syscall.constprop.0+0xcc/0x280\n el0_svc_common.constprop.0+0xa8/0x248\n do_el0_svc+0x44/0x68\n el0_svc+0x54/0x160\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1b0/0x1b8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40091",
"url": "https://www.suse.com/security/cve/CVE-2025-40091"
},
{
"category": "external",
"summary": "SUSE Bug 1252915 for CVE-2025-40091",
"url": "https://bugzilla.suse.com/1252915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40091"
},
{
"cve": "CVE-2025-40092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the ncm-\u003enotify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep-\u003eops-\u003efree_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000020\nCall trace:\n usb_ep_free_request+0x2c/0xec\n ncm_bind+0x39c/0x3dc\n usb_add_function+0xcc/0x1f0\n configfs_composite_bind+0x468/0x588\n gadget_bind_driver+0x104/0x270\n really_probe+0x190/0x374\n __driver_probe_device+0xa0/0x12c\n driver_probe_device+0x3c/0x218\n __device_attach_driver+0x14c/0x188\n bus_for_each_drv+0x10c/0x168\n __device_attach+0xfc/0x198\n device_initial_probe+0x14/0x24\n bus_probe_device+0x94/0x11c\n device_add+0x268/0x48c\n usb_add_gadget+0x198/0x28c\n dwc3_gadget_init+0x700/0x858\n __dwc3_set_mode+0x3cc/0x664\n process_scheduled_works+0x1d8/0x488\n worker_thread+0x244/0x334\n kthread+0x114/0x1bc\n ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40092",
"url": "https://www.suse.com/security/cve/CVE-2025-40092"
},
{
"category": "external",
"summary": "SUSE Bug 1252916 for CVE-2025-40092",
"url": "https://bugzilla.suse.com/1252916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40092"
},
{
"cve": "CVE-2025-40093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ecm: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the ecm-\u003enotify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep-\u003eops-\u003efree_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40093",
"url": "https://www.suse.com/security/cve/CVE-2025-40093"
},
{
"category": "external",
"summary": "SUSE Bug 1252906 for CVE-2025-40093",
"url": "https://bugzilla.suse.com/1252906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40093"
},
{
"cve": "CVE-2025-40094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_acm: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the acm-\u003enotify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep-\u003eops-\u003efree_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000020\nCall trace:\n usb_ep_free_request+0x2c/0xec\n gs_free_req+0x30/0x44\n acm_bind+0x1b8/0x1f4\n usb_add_function+0xcc/0x1f0\n configfs_composite_bind+0x468/0x588\n gadget_bind_driver+0x104/0x270\n really_probe+0x190/0x374\n __driver_probe_device+0xa0/0x12c\n driver_probe_device+0x3c/0x218\n __device_attach_driver+0x14c/0x188\n bus_for_each_drv+0x10c/0x168\n __device_attach+0xfc/0x198\n device_initial_probe+0x14/0x24\n bus_probe_device+0x94/0x11c\n device_add+0x268/0x48c\n usb_add_gadget+0x198/0x28c\n dwc3_gadget_init+0x700/0x858\n __dwc3_set_mode+0x3cc/0x664\n process_scheduled_works+0x1d8/0x488\n worker_thread+0x244/0x334\n kthread+0x114/0x1bc\n ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40094",
"url": "https://www.suse.com/security/cve/CVE-2025-40094"
},
{
"category": "external",
"summary": "SUSE Bug 1252899 for CVE-2025-40094",
"url": "https://bugzilla.suse.com/1252899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40094"
},
{
"cve": "CVE-2025-40095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_rndis: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the rndis-\u003enotify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep-\u003eops-\u003efree_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40095",
"url": "https://www.suse.com/security/cve/CVE-2025-40095"
},
{
"category": "external",
"summary": "SUSE Bug 1252898 for CVE-2025-40095",
"url": "https://bugzilla.suse.com/1252898"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40095"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix missing pointer check in hda_component_manager_init function\n\nThe __component_match_add function may assign the \u0027matchptr\u0027 pointer\nthe value ERR_PTR(-ENOMEM), which will subsequently be dereferenced.\n\nThe call stack leading to the error looks like this:\n\nhda_component_manager_init\n|-\u003e component_match_add\n |-\u003e component_match_add_release\n |-\u003e __component_match_add ( ... ,**matchptr, ... )\n |-\u003e *matchptr = ERR_PTR(-ENOMEM); // assign\n|-\u003e component_master_add_with_match( ... match)\n |-\u003e component_match_realloc(match, match-\u003enum); // dereference\n\nAdd IS_ERR() check to prevent the crash.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40097",
"url": "https://www.suse.com/security/cve/CVE-2025-40097"
},
{
"category": "external",
"summary": "SUSE Bug 1252900 for CVE-2025-40097",
"url": "https://bugzilla.suse.com/1252900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40097"
},
{
"cve": "CVE-2025-40098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state()\n\nReturn value of a function acpi_evaluate_dsm() is dereferenced without\nchecking for NULL, but it is usually checked for this function.\n\nacpi_evaluate_dsm() may return NULL, when acpi_evaluate_object() returns\nacpi_status other than ACPI_SUCCESS, so add a check to prevent the crach.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40098",
"url": "https://www.suse.com/security/cve/CVE-2025-40098"
},
{
"category": "external",
"summary": "SUSE Bug 1252917 for CVE-2025-40098",
"url": "https://bugzilla.suse.com/1252917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40098"
},
{
"cve": "CVE-2025-40099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: parse_dfs_referrals: prevent oob on malformed input\n\nMalicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS\n\n- reply smaller than sizeof(struct get_dfs_referral_rsp)\n- reply with number of referrals smaller than NumberOfReferrals in the\nheader\n\nProcessing of such replies will cause oob.\n\nReturn -EINVAL error on such replies to prevent oob-s.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40099",
"url": "https://www.suse.com/security/cve/CVE-2025-40099"
},
{
"category": "external",
"summary": "SUSE Bug 1252911 for CVE-2025-40099",
"url": "https://bugzilla.suse.com/1252911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40099"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
},
{
"cve": "CVE-2025-40101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST\n\nAt the end of btrfs_load_block_group_zone_info() the first thing we do\nis to ensure that if the mapping type is not a SINGLE one and there is\nno RAID stripe tree, then we return early with an error.\n\nDoing that, though, prevents the code from running the last calls from\nthis function which are about freeing memory allocated during its\nrun. Hence, in this case, instead of returning early, we set the ret\nvalue and fall through the rest of the cleanup code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40101",
"url": "https://www.suse.com/security/cve/CVE-2025-40101"
},
{
"category": "external",
"summary": "SUSE Bug 1252901 for CVE-2025-40101",
"url": "https://bugzilla.suse.com/1252901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-40101"
},
{
"cve": "CVE-2025-40102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Prevent access to vCPU events before init\n\nAnother day, another syzkaller bug. KVM erroneously allows userspace to\npend vCPU events for a vCPU that hasn\u0027t been initialized yet, leading to\nKVM interpreting a bunch of uninitialized garbage for routing /\ninjecting the exception.\n\nIn one case the injection code and the hyp disagree on whether the vCPU\nhas a 32bit EL1 and put the vCPU into an illegal mode for AArch64,\ntripping the BUG() in exception_target_el() during the next injection:\n\n kernel BUG at arch/arm64/kvm/inject_fault.c:40!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 3 UID: 0 PID: 318 Comm: repro Not tainted 6.17.0-rc4-00104-g10fd0285305d #6 PREEMPT\n Hardware name: linux,dummy-virt (DT)\n pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : exception_target_el+0x88/0x8c\n lr : pend_serror_exception+0x18/0x13c\n sp : ffff800082f03a10\n x29: ffff800082f03a10 x28: ffff0000cb132280 x27: 0000000000000000\n x26: 0000000000000000 x25: ffff0000c2a99c20 x24: 0000000000000000\n x23: 0000000000008000 x22: 0000000000000002 x21: 0000000000000004\n x20: 0000000000008000 x19: ffff0000c2a99c20 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 00000000200000c0\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : ffff800082f03af8 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : ffff800080f621f0 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 000000000040009b x1 : 0000000000000003 x0 : ffff0000c2a99c20\n Call trace:\n exception_target_el+0x88/0x8c (P)\n kvm_inject_serror_esr+0x40/0x3b4\n __kvm_arm_vcpu_set_events+0xf0/0x100\n kvm_arch_vcpu_ioctl+0x180/0x9d4\n kvm_vcpu_ioctl+0x60c/0x9f4\n __arm64_sys_ioctl+0xac/0x104\n invoke_syscall+0x48/0x110\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xf0\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\n Code: f946bc01 b4fffe61 9101e020 17fffff2 (d4210000)\n\nReject the ioctls outright as no sane VMM would call these before\nKVM_ARM_VCPU_INIT anyway. Even if it did the exception would\u0027ve been\nthrown away by the eventual reset of the vCPU\u0027s state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40102",
"url": "https://www.suse.com/security/cve/CVE-2025-40102"
},
{
"category": "external",
"summary": "SUSE Bug 1252919 for CVE-2025-40102",
"url": "https://bugzilla.suse.com/1252919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40102"
},
{
"cve": "CVE-2025-40103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix refcount leak for cifs_sb_tlink\n\nFix three refcount inconsistency issues related to `cifs_sb_tlink`.\n\nComments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be\ncalled after successful calls to `cifs_sb_tlink()`. Three calls fail to\nupdate refcount accordingly, leading to possible resource leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40103",
"url": "https://www.suse.com/security/cve/CVE-2025-40103"
},
{
"category": "external",
"summary": "SUSE Bug 1252924 for CVE-2025-40103",
"url": "https://bugzilla.suse.com/1252924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-40103"
},
{
"cve": "CVE-2025-40104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: fix mailbox API compatibility by negotiating supported features\n\nThere was backward compatibility in the terms of mailbox API. Various\ndrivers from various OSes supporting 10G adapters from Intel portfolio\ncould easily negotiate mailbox API.\n\nThis convention has been broken since introducing API 1.4.\nCommit 0062e7cc955e (\"ixgbevf: add VF IPsec offload code\") added support\nfor IPSec which is specific only for the kernel ixgbe driver. None of the\nrest of the Intel 10G PF/VF drivers supports it. And actually lack of\nsupport was not included in the IPSec implementation - there were no such\ncode paths. No possibility to negotiate support for the feature was\nintroduced along with introduction of the feature itself.\n\nCommit 339f28964147 (\"ixgbevf: Add support for new mailbox communication\nbetween PF and VF\") increasing API version to 1.5 did the same - it\nintroduced code supported specifically by the PF ESX driver. It altered API\nversion for the VF driver in the same time not touching the version\ndefined for the PF ixgbe driver. It led to additional discrepancies,\nas the code provided within API 1.6 cannot be supported for Linux ixgbe\ndriver as it causes crashes.\n\nThe issue was noticed some time ago and mitigated by Jake within the commit\nd0725312adf5 (\"ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5\").\nAs a result we have regression for IPsec support and after increasing API\nto version 1.6 ixgbevf driver stopped to support ESX MBX.\n\nTo fix this mess add new mailbox op asking PF driver about supported\nfeatures. Basing on a response determine whether to set support for IPSec\nand ESX-specific enhanced mailbox.\n\nNew mailbox op, for compatibility purposes, must be added within new API\nrevision, as API version of OOT PF \u0026 VF drivers is already increased to\n1.6 and doesn\u0027t incorporate features negotiate op.\n\nFeatures negotiation mechanism gives possibility to be extended with new\nfeatures when needed in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40104",
"url": "https://www.suse.com/security/cve/CVE-2025-40104"
},
{
"category": "external",
"summary": "SUSE Bug 1252921 for CVE-2025-40104",
"url": "https://bugzilla.suse.com/1252921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40104"
},
{
"cve": "CVE-2025-40105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don\u0027t leak disconnected dentries on umount\n\nWhen user calls open_by_handle_at() on some inode that is not cached, we\nwill create disconnected dentry for it. If such dentry is a directory,\nexportfs_decode_fh_raw() will then try to connect this dentry to the\ndentry tree through reconnect_path(). It may happen for various reasons\n(such as corrupted fs or race with rename) that the call to\nlookup_one_unlocked() in reconnect_one() will fail to find the dentry we\nare trying to reconnect and instead create a new dentry under the\nparent. Now this dentry will not be marked as disconnected although the\nparent still may well be disconnected (at least in case this\ninconsistency happened because the fs is corrupted and .. doesn\u0027t point\nto the real parent directory). This creates inconsistency in\ndisconnected flags but AFAICS it was mostly harmless. At least until\ncommit f1ee616214cb (\"VFS: don\u0027t keep disconnected dentries on d_anon\")\nwhich removed adding of most disconnected dentries to sb-\u003es_anon list.\nThus after this commit cleanup of disconnected dentries implicitely\nrelies on the fact that dput() will immediately reclaim such dentries.\nHowever when some leaf dentry isn\u0027t marked as disconnected, as in the\nscenario described above, the reclaim doesn\u0027t happen and the dentries\nare \"leaked\". Memory reclaim can eventually reclaim them but otherwise\nthey stay in memory and if umount comes first, we hit infamous \"Busy\ninodes after unmount\" bug. Make sure all dentries created under a\ndisconnected parent are marked as disconnected as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40105",
"url": "https://www.suse.com/security/cve/CVE-2025-40105"
},
{
"category": "external",
"summary": "SUSE Bug 1252928 for CVE-2025-40105",
"url": "https://bugzilla.suse.com/1252928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-40105"
},
{
"cve": "CVE-2025-40106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: fix divide-by-zero in comedi_buf_munge()\n\nThe comedi_buf_munge() function performs a modulo operation\n`async-\u003emunge_chan %= async-\u003ecmd.chanlist_len` without first\nchecking if chanlist_len is zero. If a user program submits a command with\nchanlist_len set to zero, this causes a divide-by-zero error when the device\nprocesses data in the interrupt handler path.\n\nAdd a check for zero chanlist_len at the beginning of the\nfunction, similar to the existing checks for !map and\nCMDF_RAWDATA flag. When chanlist_len is zero, update\nmunge_count and return early, indicating the data was\nhandled without munging.\n\nThis prevents potential kernel panics from malformed user commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40106",
"url": "https://www.suse.com/security/cve/CVE-2025-40106"
},
{
"category": "external",
"summary": "SUSE Bug 1252891 for CVE-2025-40106",
"url": "https://bugzilla.suse.com/1252891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.17.7-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40106"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…