Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-68262 (GCVE-0-2025-68262)
Vulnerability from cvelistv5
Published
2025-12-16 14:45
Modified
2025-12-16 14:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: zstd - fix double-free in per-CPU stream cleanup
The crypto/zstd module has a double-free bug that occurs when multiple
tfms are allocated and freed.
The issue happens because zstd_streams (per-CPU contexts) are freed in
zstd_exit() during every tfm destruction, rather than being managed at
the module level. When multiple tfms exist, each tfm exit attempts to
free the same shared per-CPU streams, resulting in a double-free.
This leads to a stack trace similar to:
BUG: Bad page state in process kworker/u16:1 pfn:106fd93
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93
flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)
page_type: 0xffffffff()
raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: nonzero entire_mapcount
Modules linked in: ...
CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B
Hardware name: ...
Workqueue: btrfs-delalloc btrfs_work_helper
Call Trace:
<TASK>
dump_stack_lvl+0x5d/0x80
bad_page+0x71/0xd0
free_unref_page_prepare+0x24e/0x490
free_unref_page+0x60/0x170
crypto_acomp_free_streams+0x5d/0xc0
crypto_acomp_exit_tfm+0x23/0x50
crypto_destroy_tfm+0x60/0xc0
...
Change the lifecycle management of zstd_streams to free the streams only
once during module cleanup.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/zstd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dc0f4509b0ed5d82bef78e058db0ac4df04d0695",
"status": "affected",
"version": "f5ad93ffb54119a8dc5e18f070624d4ead586969",
"versionType": "git"
},
{
"lessThan": "e983feaa79de1e46c9087fb9f02fedb0e5397ce6",
"status": "affected",
"version": "f5ad93ffb54119a8dc5e18f070624d4ead586969",
"versionType": "git"
},
{
"lessThan": "48bc9da3c97c15f1ea24934bcb3b736acd30163d",
"status": "affected",
"version": "f5ad93ffb54119a8dc5e18f070624d4ead586969",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/zstd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.17"
},
{
"lessThan": "6.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.12",
"versionStartIncluding": "6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.1",
"versionStartIncluding": "6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19-rc1",
"versionStartIncluding": "6.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: zstd - fix double-free in per-CPU stream cleanup\n\nThe crypto/zstd module has a double-free bug that occurs when multiple\ntfms are allocated and freed.\n\nThe issue happens because zstd_streams (per-CPU contexts) are freed in\nzstd_exit() during every tfm destruction, rather than being managed at\nthe module level. When multiple tfms exist, each tfm exit attempts to\nfree the same shared per-CPU streams, resulting in a double-free.\n\nThis leads to a stack trace similar to:\n\n BUG: Bad page state in process kworker/u16:1 pfn:106fd93\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93\n flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: nonzero entire_mapcount\n Modules linked in: ...\n CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B\n Hardware name: ...\n Workqueue: btrfs-delalloc btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n bad_page+0x71/0xd0\n free_unref_page_prepare+0x24e/0x490\n free_unref_page+0x60/0x170\n crypto_acomp_free_streams+0x5d/0xc0\n crypto_acomp_exit_tfm+0x23/0x50\n crypto_destroy_tfm+0x60/0xc0\n ...\n\nChange the lifecycle management of zstd_streams to free the streams only\nonce during module cleanup."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T14:45:04.198Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dc0f4509b0ed5d82bef78e058db0ac4df04d0695"
},
{
"url": "https://git.kernel.org/stable/c/e983feaa79de1e46c9087fb9f02fedb0e5397ce6"
},
{
"url": "https://git.kernel.org/stable/c/48bc9da3c97c15f1ea24934bcb3b736acd30163d"
}
],
"title": "crypto: zstd - fix double-free in per-CPU stream cleanup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68262",
"datePublished": "2025-12-16T14:45:04.198Z",
"dateReserved": "2025-12-16T13:41:40.267Z",
"dateUpdated": "2025-12-16T14:45:04.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-68262\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-16T15:15:55.697\",\"lastModified\":\"2025-12-18T15:08:06.237\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: zstd - fix double-free in per-CPU stream cleanup\\n\\nThe crypto/zstd module has a double-free bug that occurs when multiple\\ntfms are allocated and freed.\\n\\nThe issue happens because zstd_streams (per-CPU contexts) are freed in\\nzstd_exit() during every tfm destruction, rather than being managed at\\nthe module level. When multiple tfms exist, each tfm exit attempts to\\nfree the same shared per-CPU streams, resulting in a double-free.\\n\\nThis leads to a stack trace similar to:\\n\\n BUG: Bad page state in process kworker/u16:1 pfn:106fd93\\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93\\n flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\\n page_type: 0xffffffff()\\n raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000\\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\\n page dumped because: nonzero entire_mapcount\\n Modules linked in: ...\\n CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B\\n Hardware name: ...\\n Workqueue: btrfs-delalloc btrfs_work_helper\\n Call Trace:\\n \u003cTASK\u003e\\n dump_stack_lvl+0x5d/0x80\\n bad_page+0x71/0xd0\\n free_unref_page_prepare+0x24e/0x490\\n free_unref_page+0x60/0x170\\n crypto_acomp_free_streams+0x5d/0xc0\\n crypto_acomp_exit_tfm+0x23/0x50\\n crypto_destroy_tfm+0x60/0xc0\\n ...\\n\\nChange the lifecycle management of zstd_streams to free the streams only\\nonce during module cleanup.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/48bc9da3c97c15f1ea24934bcb3b736acd30163d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dc0f4509b0ed5d82bef78e058db0ac4df04d0695\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e983feaa79de1e46c9087fb9f02fedb0e5397ce6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
opensuse-su-2025:15836-1
Vulnerability from csaf_opensuse
Published
2025-12-20 00:00
Modified
2025-12-20 00:00
Summary
kernel-devel-6.18.2-1.1 on GA media
Notes
Title of the patch
kernel-devel-6.18.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the kernel-devel-6.18.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15836
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kernel-devel-6.18.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kernel-devel-6.18.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15836",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15836-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68254 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68255 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68256 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68260 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68261 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68262 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68263 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68264 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68324 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68325 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68325/"
}
],
"title": "kernel-devel-6.18.2-1.1 on GA media",
"tracking": {
"current_release_date": "2025-12-20T00:00:00Z",
"generator": {
"date": "2025-12-20T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15836-1",
"initial_release_date": "2025-12-20T00:00:00Z",
"revision_history": [
{
"date": "2025-12-20T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.18.2-1.1.aarch64",
"product": {
"name": "kernel-devel-6.18.2-1.1.aarch64",
"product_id": "kernel-devel-6.18.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.18.2-1.1.aarch64",
"product": {
"name": "kernel-macros-6.18.2-1.1.aarch64",
"product_id": "kernel-macros-6.18.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.18.2-1.1.aarch64",
"product": {
"name": "kernel-source-6.18.2-1.1.aarch64",
"product_id": "kernel-source-6.18.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.18.2-1.1.aarch64",
"product": {
"name": "kernel-source-vanilla-6.18.2-1.1.aarch64",
"product_id": "kernel-source-vanilla-6.18.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.18.2-1.1.ppc64le",
"product": {
"name": "kernel-devel-6.18.2-1.1.ppc64le",
"product_id": "kernel-devel-6.18.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.18.2-1.1.ppc64le",
"product": {
"name": "kernel-macros-6.18.2-1.1.ppc64le",
"product_id": "kernel-macros-6.18.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-6.18.2-1.1.ppc64le",
"product": {
"name": "kernel-source-6.18.2-1.1.ppc64le",
"product_id": "kernel-source-6.18.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.18.2-1.1.ppc64le",
"product": {
"name": "kernel-source-vanilla-6.18.2-1.1.ppc64le",
"product_id": "kernel-source-vanilla-6.18.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.18.2-1.1.s390x",
"product": {
"name": "kernel-devel-6.18.2-1.1.s390x",
"product_id": "kernel-devel-6.18.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.18.2-1.1.s390x",
"product": {
"name": "kernel-macros-6.18.2-1.1.s390x",
"product_id": "kernel-macros-6.18.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-6.18.2-1.1.s390x",
"product": {
"name": "kernel-source-6.18.2-1.1.s390x",
"product_id": "kernel-source-6.18.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.18.2-1.1.s390x",
"product": {
"name": "kernel-source-vanilla-6.18.2-1.1.s390x",
"product_id": "kernel-source-vanilla-6.18.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.18.2-1.1.x86_64",
"product": {
"name": "kernel-devel-6.18.2-1.1.x86_64",
"product_id": "kernel-devel-6.18.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.18.2-1.1.x86_64",
"product": {
"name": "kernel-macros-6.18.2-1.1.x86_64",
"product_id": "kernel-macros-6.18.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.18.2-1.1.x86_64",
"product": {
"name": "kernel-source-6.18.2-1.1.x86_64",
"product_id": "kernel-source-6.18.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.18.2-1.1.x86_64",
"product": {
"name": "kernel-source-vanilla-6.18.2-1.1.x86_64",
"product_id": "kernel-source-vanilla-6.18.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.18.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64"
},
"product_reference": "kernel-devel-6.18.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.18.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le"
},
"product_reference": "kernel-devel-6.18.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.18.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x"
},
"product_reference": "kernel-devel-6.18.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.18.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64"
},
"product_reference": "kernel-devel-6.18.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.18.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64"
},
"product_reference": "kernel-macros-6.18.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.18.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le"
},
"product_reference": "kernel-macros-6.18.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.18.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x"
},
"product_reference": "kernel-macros-6.18.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.18.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64"
},
"product_reference": "kernel-macros-6.18.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.18.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64"
},
"product_reference": "kernel-source-6.18.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.18.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le"
},
"product_reference": "kernel-source-6.18.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.18.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x"
},
"product_reference": "kernel-source-6.18.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.18.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64"
},
"product_reference": "kernel-source-6.18.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.18.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64"
},
"product_reference": "kernel-source-vanilla-6.18.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.18.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le"
},
"product_reference": "kernel-source-vanilla-6.18.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.18.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x"
},
"product_reference": "kernel-source-vanilla-6.18.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.18.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
},
"product_reference": "kernel-source-vanilla-6.18.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68254"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing\n\nThe Extended Supported Rates (ESR) IE handling in OnBeacon accessed\n*(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these\noffsets lie within the received frame buffer. A malformed beacon with\nan ESR IE positioned at the end of the buffer could cause an\nout-of-bounds read, potentially triggering a kernel panic.\n\nAdd a boundary check to ensure that the ESR IE body and the subsequent\nbytes are within the limits of the frame before attempting to access\nthem.\n\nThis prevents OOB reads caused by malformed beacon frames.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68254",
"url": "https://www.suse.com/security/cve/CVE-2025-68254"
},
{
"category": "external",
"summary": "SUSE Bug 1255140 for CVE-2025-68254",
"url": "https://bugzilla.suse.com/1255140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68254"
},
{
"cve": "CVE-2025-68255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing\n\nThe Supported Rates IE length from an incoming Association Request frame\nwas used directly as the memcpy() length when copying into a fixed-size\n16-byte stack buffer (supportRate). A malicious station can advertise an\nIE length larger than 16 bytes, causing a stack buffer overflow.\n\nClamp ie_len to the buffer size before copying the Supported Rates IE,\nand correct the bounds check when merging Extended Supported Rates to\nprevent a second potential overflow.\n\nThis prevents kernel stack corruption triggered by malformed association\nrequests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68255",
"url": "https://www.suse.com/security/cve/CVE-2025-68255"
},
{
"category": "external",
"summary": "SUSE Bug 1255395 for CVE-2025-68255",
"url": "https://bugzilla.suse.com/1255395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68255"
},
{
"cve": "CVE-2025-68256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser\n\nThe Information Element (IE) parser rtw_get_ie() trusted the length\nbyte of each IE without validating that the IE body (len bytes after\nthe 2-byte header) fits inside the remaining frame buffer. A malformed\nframe can advertise an IE length larger than the available data, causing\nthe parser to increment its pointer beyond the buffer end. This results\nin out-of-bounds reads or, depending on the pattern, an infinite loop.\n\nFix by validating that (offset + 2 + len) does not exceed the limit\nbefore accepting the IE or advancing to the next element.\n\nThis prevents OOB reads and ensures the parser terminates safely on\nmalformed frames.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68256",
"url": "https://www.suse.com/security/cve/CVE-2025-68256"
},
{
"category": "external",
"summary": "SUSE Bug 1255138 for CVE-2025-68256",
"url": "https://bugzilla.suse.com/1255138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68256"
},
{
"cve": "CVE-2025-68257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: check device\u0027s attached status in compat ioctls\n\nSyzbot identified an issue [1] that crashes kernel, seemingly due to\nunexistent callback dev-\u003eget_valid_routes(). By all means, this should\nnot occur as said callback must always be set to\nget_zero_valid_routes() in __comedi_device_postconfig().\n\nAs the crash seems to appear exclusively in i386 kernels, at least,\njudging from [1] reports, the blame lies with compat versions\nof standard IOCTL handlers. Several of them are modified and\ndo not use comedi_unlocked_ioctl(). While functionality of these\nioctls essentially copy their original versions, they do not\nhave required sanity check for device\u0027s attached status. This,\nin turn, leads to a possibility of calling select IOCTLs on a\ndevice that has not been properly setup, even via COMEDI_DEVCONFIG.\n\nDoing so on unconfigured devices means that several crucial steps\nare missed, for instance, specifying dev-\u003eget_valid_routes()\ncallback.\n\nFix this somewhat crudely by ensuring device\u0027s attached status before\nperforming any ioctls, improving logic consistency between modern\nand compat functions.\n\n[1] Syzbot report:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCR2: ffffffffffffffd6 CR3: 000000006c717000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n get_valid_routes drivers/comedi/comedi_fops.c:1322 [inline]\n parse_insn+0x78c/0x1970 drivers/comedi/comedi_fops.c:1401\n do_insnlist_ioctl+0x272/0x700 drivers/comedi/comedi_fops.c:1594\n compat_insnlist drivers/comedi/comedi_fops.c:3208 [inline]\n comedi_compat_ioctl+0x810/0x990 drivers/comedi/comedi_fops.c:3273\n __do_compat_sys_ioctl fs/ioctl.c:695 [inline]\n __se_compat_sys_ioctl fs/ioctl.c:638 [inline]\n __ia32_compat_sys_ioctl+0x242/0x370 fs/ioctl.c:638\n do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68257",
"url": "https://www.suse.com/security/cve/CVE-2025-68257"
},
{
"category": "external",
"summary": "SUSE Bug 1255167 for CVE-2025-68257",
"url": "https://bugzilla.suse.com/1255167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68257"
},
{
"cve": "CVE-2025-68258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: multiq3: sanitize config options in multiq3_attach()\n\nSyzbot identified an issue [1] in multiq3_attach() that induces a\ntask timeout due to open() or COMEDI_DEVCONFIG ioctl operations,\nspecifically, in the case of multiq3 driver.\n\nThis problem arose when syzkaller managed to craft weird configuration\noptions used to specify the number of channels in encoder subdevice.\nIf a particularly great number is passed to s-\u003en_chan in\nmultiq3_attach() via it-\u003eoptions[2], then multiple calls to\nmultiq3_encoder_reset() at the end of driver-specific attach() method\nwill be running for minutes, thus blocking tasks and affected devices\nas well.\n\nWhile this issue is most likely not too dangerous for real-life\ndevices, it still makes sense to sanitize configuration inputs. Enable\na sensible limit on the number of encoder chips (4 chips max, each\nwith 2 channels) to stop this behaviour from manifesting.\n\n[1] Syzbot crash:\nINFO: task syz.2.19:6067 blocked for more than 143 seconds.\n...\nCall Trace:\n \u003cTASK\u003e\n context_switch kernel/sched/core.c:5254 [inline]\n __schedule+0x17c4/0x4d60 kernel/sched/core.c:6862\n __schedule_loop kernel/sched/core.c:6944 [inline]\n schedule+0x165/0x360 kernel/sched/core.c:6959\n schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7016\n __mutex_lock_common kernel/locking/mutex.c:676 [inline]\n __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:760\n comedi_open+0xc0/0x590 drivers/comedi/comedi_fops.c:2868\n chrdev_open+0x4cc/0x5e0 fs/char_dev.c:414\n do_dentry_open+0x953/0x13f0 fs/open.c:965\n vfs_open+0x3b/0x340 fs/open.c:1097\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68258",
"url": "https://www.suse.com/security/cve/CVE-2025-68258"
},
{
"category": "external",
"summary": "SUSE Bug 1255182 for CVE-2025-68258",
"url": "https://bugzilla.suse.com/1255182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68258"
},
{
"cve": "CVE-2025-68259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Don\u0027t skip unrelated instruction if INT3/INTO is replaced\n\nWhen re-injecting a soft interrupt from an INT3, INT0, or (select) INTn\ninstruction, discard the exception and retry the instruction if the code\nstream is changed (e.g. by a different vCPU) between when the CPU\nexecutes the instruction and when KVM decodes the instruction to get the\nnext RIP.\n\nAs effectively predicted by commit 6ef88d6e36c2 (\"KVM: SVM: Re-inject\nINT3/INTO instead of retrying the instruction\"), failure to verify that\nthe correct INTn instruction was decoded can effectively clobber guest\nstate due to decoding the wrong instruction and thus specifying the\nwrong next RIP.\n\nThe bug most often manifests as \"Oops: int3\" panics on static branch\nchecks in Linux guests. Enabling or disabling a static branch in Linux\nuses the kernel\u0027s \"text poke\" code patching mechanism. To modify code\nwhile other CPUs may be executing that code, Linux (temporarily)\nreplaces the first byte of the original instruction with an int3 (opcode\n0xcc), then patches in the new code stream except for the first byte,\nand finally replaces the int3 with the first byte of the new code\nstream. If a CPU hits the int3, i.e. executes the code while it\u0027s being\nmodified, then the guest kernel must look up the RIP to determine how to\nhandle the #BP, e.g. by emulating the new instruction. If the RIP is\nincorrect, then this lookup fails and the guest kernel panics.\n\nThe bug reproduces almost instantly by hacking the guest kernel to\nrepeatedly check a static branch[1] while running a drgn script[2] on\nthe host to constantly swap out the memory containing the guest\u0027s TSS.\n\n[1]: https://gist.github.com/osandov/44d17c51c28c0ac998ea0334edf90b5a\n[2]: https://gist.github.com/osandov/10e45e45afa29b11e0c7209247afc00b",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68259",
"url": "https://www.suse.com/security/cve/CVE-2025-68259"
},
{
"category": "external",
"summary": "SUSE Bug 1255199 for CVE-2025-68259",
"url": "https://bugzilla.suse.com/1255199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68259"
},
{
"cve": "CVE-2025-68260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68260"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrust_binder: fix race condition on death_list\n\nRust Binder contains the following unsafe operation:\n\n\t// SAFETY: A `NodeDeath` is never inserted into the death list\n\t// of any node other than its owner, so it is either in this\n\t// death list or in no death list.\n\tunsafe { node_inner.death_list.remove(self) };\n\nThis operation is unsafe because when touching the prev/next pointers of\na list element, we have to ensure that no other thread is also touching\nthem in parallel. If the node is present in the list that `remove` is\ncalled on, then that is fine because we have exclusive access to that\nlist. If the node is not in any list, then it\u0027s also ok. But if it\u0027s\npresent in a different list that may be accessed in parallel, then that\nmay be a data race on the prev/next pointers.\n\nAnd unfortunately that is exactly what is happening here. In\nNode::release, we:\n\n 1. Take the lock.\n 2. Move all items to a local list on the stack.\n 3. Drop the lock.\n 4. Iterate the local list on the stack.\n\nCombined with threads using the unsafe remove method on the original\nlist, this leads to memory corruption of the prev/next pointers. This\nleads to crashes like this one:\n\n\tUnable to handle kernel paging request at virtual address 000bb9841bcac70e\n\tMem abort info:\n\t ESR = 0x0000000096000044\n\t EC = 0x25: DABT (current EL), IL = 32 bits\n\t SET = 0, FnV = 0\n\t EA = 0, S1PTW = 0\n\t FSC = 0x04: level 0 translation fault\n\tData abort info:\n\t ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000\n\t CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n\t GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\t[000bb9841bcac70e] address between user and kernel address ranges\n\tInternal error: Oops: 0000000096000044 [#1] PREEMPT SMP\n\tgoogle-cdd 538c004.gcdd: context saved(CPU:1)\n\titem - log_kevents is disabled\n\tModules linked in: ... rust_binder\n\tCPU: 1 UID: 0 PID: 2092 Comm: kworker/1:178 Tainted: G S W OE 6.12.52-android16-5-g98debd5df505-4k #1 f94a6367396c5488d635708e43ee0c888d230b0b\n\tTainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n\tHardware name: MUSTANG PVT 1.0 based on LGA (DT)\n\tWorkqueue: events _RNvXs6_NtCsdfZWD8DztAw_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCs8QPsHWIn21X_16rust_binder_main7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [rust_binder]\n\tpstate: 23400005 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n\tpc : _RNvXs3_NtCs8QPsHWIn21X_16rust_binder_main7processNtB5_7ProcessNtNtCsdfZWD8DztAw_6kernel9workqueue8WorkItem3run+0x450/0x11f8 [rust_binder]\n\tlr : _RNvXs3_NtCs8QPsHWIn21X_16rust_binder_main7processNtB5_7ProcessNtNtCsdfZWD8DztAw_6kernel9workqueue8WorkItem3run+0x464/0x11f8 [rust_binder]\n\tsp : ffffffc09b433ac0\n\tx29: ffffffc09b433d30 x28: ffffff8821690000 x27: ffffffd40cbaa448\n\tx26: ffffff8821690000 x25: 00000000ffffffff x24: ffffff88d0376578\n\tx23: 0000000000000001 x22: ffffffc09b433c78 x21: ffffff88e8f9bf40\n\tx20: ffffff88e8f9bf40 x19: ffffff882692b000 x18: ffffffd40f10bf00\n\tx17: 00000000c006287d x16: 00000000c006287d x15: 00000000000003b0\n\tx14: 0000000000000100 x13: 000000201cb79ae0 x12: fffffffffffffff0\n\tx11: 0000000000000000 x10: 0000000000000001 x9 : 0000000000000000\n\tx8 : b80bb9841bcac706 x7 : 0000000000000001 x6 : fffffffebee63f30\n\tx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\n\tx2 : 0000000000004c31 x1 : ffffff88216900c0 x0 : ffffff88e8f9bf00\n\tCall trace:\n\t _RNvXs3_NtCs8QPsHWIn21X_16rust_binder_main7processNtB5_7ProcessNtNtCsdfZWD8DztAw_6kernel9workqueue8WorkItem3run+0x450/0x11f8 [rust_binder bbc172b53665bbc815363b22e97e3f7e3fe971fc]\n\t process_scheduled_works+0x1c4/0x45c\n\t worker_thread+0x32c/0x3e8\n\t kthread+0x11c/0x1c8\n\t ret_from_fork+0x10/0x20\n\tCode: 94218d85 b4000155 a94026a8 d10102a0 (f9000509)\n\t---[ end trace 0000000000000000 ]---\n\nThus, modify Node::release to pop items directly off the original list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68260",
"url": "https://www.suse.com/security/cve/CVE-2025-68260"
},
{
"category": "external",
"summary": "SUSE Bug 1255177 for CVE-2025-68260",
"url": "https://bugzilla.suse.com/1255177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68260"
},
{
"cve": "CVE-2025-68261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68261"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add i_data_sem protection in ext4_destroy_inline_data_nolock()\n\nFix a race between inline data destruction and block mapping.\n\nThe function ext4_destroy_inline_data_nolock() changes the inode data\nlayout by clearing EXT4_INODE_INLINE_DATA and setting EXT4_INODE_EXTENTS.\nAt the same time, another thread may execute ext4_map_blocks(), which\ntests EXT4_INODE_EXTENTS to decide whether to call ext4_ext_map_blocks()\nor ext4_ind_map_blocks().\n\nWithout i_data_sem protection, ext4_ind_map_blocks() may receive inode\nwith EXT4_INODE_EXTENTS flag and triggering assert.\n\nkernel BUG at fs/ext4/indirect.c:546!\nEXT4-fs (loop2): unmounting filesystem.\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:ext4_ind_map_blocks.cold+0x2b/0x5a fs/ext4/indirect.c:546\n\nCall Trace:\n \u003cTASK\u003e\n ext4_map_blocks+0xb9b/0x16f0 fs/ext4/inode.c:681\n _ext4_get_block+0x242/0x590 fs/ext4/inode.c:822\n ext4_block_write_begin+0x48b/0x12c0 fs/ext4/inode.c:1124\n ext4_write_begin+0x598/0xef0 fs/ext4/inode.c:1255\n ext4_da_write_begin+0x21e/0x9c0 fs/ext4/inode.c:3000\n generic_perform_write+0x259/0x5d0 mm/filemap.c:3846\n ext4_buffered_write_iter+0x15b/0x470 fs/ext4/file.c:285\n ext4_file_write_iter+0x8e0/0x17f0 fs/ext4/file.c:679\n call_write_iter include/linux/fs.h:2271 [inline]\n do_iter_readv_writev+0x212/0x3c0 fs/read_write.c:735\n do_iter_write+0x186/0x710 fs/read_write.c:861\n vfs_iter_write+0x70/0xa0 fs/read_write.c:902\n iter_file_splice_write+0x73b/0xc90 fs/splice.c:685\n do_splice_from fs/splice.c:763 [inline]\n direct_splice_actor+0x10f/0x170 fs/splice.c:950\n splice_direct_to_actor+0x33a/0xa10 fs/splice.c:896\n do_splice_direct+0x1a9/0x280 fs/splice.c:1002\n do_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n __do_sys_sendfile64 fs/read_write.c:1323 [inline]\n __se_sys_sendfile64 fs/read_write.c:1309 [inline]\n __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68261",
"url": "https://www.suse.com/security/cve/CVE-2025-68261"
},
{
"category": "external",
"summary": "SUSE Bug 1255164 for CVE-2025-68261",
"url": "https://bugzilla.suse.com/1255164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68261"
},
{
"cve": "CVE-2025-68262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68262"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: zstd - fix double-free in per-CPU stream cleanup\n\nThe crypto/zstd module has a double-free bug that occurs when multiple\ntfms are allocated and freed.\n\nThe issue happens because zstd_streams (per-CPU contexts) are freed in\nzstd_exit() during every tfm destruction, rather than being managed at\nthe module level. When multiple tfms exist, each tfm exit attempts to\nfree the same shared per-CPU streams, resulting in a double-free.\n\nThis leads to a stack trace similar to:\n\n BUG: Bad page state in process kworker/u16:1 pfn:106fd93\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93\n flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: nonzero entire_mapcount\n Modules linked in: ...\n CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B\n Hardware name: ...\n Workqueue: btrfs-delalloc btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n bad_page+0x71/0xd0\n free_unref_page_prepare+0x24e/0x490\n free_unref_page+0x60/0x170\n crypto_acomp_free_streams+0x5d/0xc0\n crypto_acomp_exit_tfm+0x23/0x50\n crypto_destroy_tfm+0x60/0xc0\n ...\n\nChange the lifecycle management of zstd_streams to free the streams only\nonce during module cleanup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68262",
"url": "https://www.suse.com/security/cve/CVE-2025-68262"
},
{
"category": "external",
"summary": "SUSE Bug 1255158 for CVE-2025-68262",
"url": "https://bugzilla.suse.com/1255158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68262"
},
{
"cve": "CVE-2025-68263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68263"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: ipc: fix use-after-free in ipc_msg_send_request\n\nipc_msg_send_request() waits for a generic netlink reply using an\nipc_msg_table_entry on the stack. The generic netlink handler\n(handle_generic_event()/handle_response()) fills entry-\u003eresponse under\nipc_msg_table_lock, but ipc_msg_send_request() used to validate and free\nentry-\u003eresponse without holding the same lock.\n\nUnder high concurrency this allows a race where handle_response() is\ncopying data into entry-\u003eresponse while ipc_msg_send_request() has just\nfreed it, leading to a slab-use-after-free reported by KASAN in\nhandle_generic_event():\n\n BUG: KASAN: slab-use-after-free in handle_generic_event+0x3c4/0x5f0 [ksmbd]\n Write of size 12 at addr ffff888198ee6e20 by task pool/109349\n ...\n Freed by task:\n kvfree\n ipc_msg_send_request [ksmbd]\n ksmbd_rpc_open -\u003e ksmbd_session_rpc_open [ksmbd]\n\nFix by:\n- Taking ipc_msg_table_lock in ipc_msg_send_request() while validating\n entry-\u003eresponse, freeing it when invalid, and removing the entry from\n ipc_msg_table.\n- Returning the final entry-\u003eresponse pointer to the caller only after\n the hash entry is removed under the lock.\n- Returning NULL in the error path, preserving the original API\n semantics.\n\nThis makes all accesses to entry-\u003eresponse consistent with\nhandle_response(), which already updates and fills the response buffer\nunder ipc_msg_table_lock, and closes the race that allowed the UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68263",
"url": "https://www.suse.com/security/cve/CVE-2025-68263"
},
{
"category": "external",
"summary": "SUSE Bug 1255384 for CVE-2025-68263",
"url": "https://bugzilla.suse.com/1255384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68263"
},
{
"cve": "CVE-2025-68264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: refresh inline data size before write operations\n\nThe cached ei-\u003ei_inline_size can become stale between the initial size\ncheck and when ext4_update_inline_data()/ext4_create_inline_data() use\nit. Although ext4_get_max_inline_size() reads the correct value at the\ntime of the check, concurrent xattr operations can modify i_inline_size\nbefore ext4_write_lock_xattr() is acquired.\n\nThis causes ext4_update_inline_data() and ext4_create_inline_data() to\nwork with stale capacity values, leading to a BUG_ON() crash in\next4_write_inline_data():\n\n kernel BUG at fs/ext4/inline.c:1331!\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nThe race window:\n1. ext4_get_max_inline_size() reads i_inline_size = 60 (correct)\n2. Size check passes for 50-byte write\n3. [Another thread adds xattr, i_inline_size changes to 40]\n4. ext4_write_lock_xattr() acquires lock\n5. ext4_update_inline_data() uses stale i_inline_size = 60\n6. Attempts to write 50 bytes but only 40 bytes actually available\n7. BUG_ON() triggers\n\nFix this by recalculating i_inline_size via ext4_find_inline_data_nolock()\nimmediately after acquiring xattr_sem. This ensures ext4_update_inline_data()\nand ext4_create_inline_data() work with current values that are protected\nfrom concurrent modifications.\n\nThis is similar to commit a54c4613dac1 (\"ext4: fix race writing to an\ninline_data file while its xattrs are changing\") which fixed i_inline_off\nstaleness. This patch addresses the related i_inline_size staleness issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68264",
"url": "https://www.suse.com/security/cve/CVE-2025-68264"
},
{
"category": "external",
"summary": "SUSE Bug 1255380 for CVE-2025-68264",
"url": "https://bugzilla.suse.com/1255380"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68264"
},
{
"cve": "CVE-2025-68323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: fix use-after-free caused by uec-\u003ework\n\nThe delayed work uec-\u003ework is scheduled in gaokun_ucsi_probe()\nbut never properly canceled in gaokun_ucsi_remove(). This creates\nuse-after-free scenarios where the ucsi and gaokun_ucsi structure\nare freed after ucsi_destroy() completes execution, while the\ngaokun_ucsi_register_worker() might be either currently executing\nor still pending in the work queue. The already-freed gaokun_ucsi\nor ucsi structure may then be accessed.\n\nFurthermore, the race window is 3 seconds, which is sufficiently\nlong to make this bug easily reproducible. The following is the\ntrace captured by KASAN:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timers+0x5ec/0x630\nWrite of size 8 at addr ffff00000ec28cc8 by task swapper/0/0\n...\nCall trace:\n show_stack+0x18/0x24 (C)\n dump_stack_lvl+0x78/0x90\n print_report+0x114/0x580\n kasan_report+0xa4/0xf0\n __asan_report_store8_noabort+0x20/0x2c\n __run_timers+0x5ec/0x630\n run_timer_softirq+0xe8/0x1cc\n handle_softirqs+0x294/0x720\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x30/0x48\n do_softirq_own_stack+0x1c/0x28\n __irq_exit_rcu+0x27c/0x364\n irq_exit_rcu+0x10/0x1c\n el1_interrupt+0x40/0x60\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x6c/0x70\n arch_local_irq_enable+0x4/0x8 (P)\n do_idle+0x334/0x458\n cpu_startup_entry+0x60/0x70\n rest_init+0x158/0x174\n start_kernel+0x2f8/0x394\n __primary_switched+0x8c/0x94\n\nAllocated by task 72 on cpu 0 at 27.510341s:\n kasan_save_stack+0x2c/0x54\n kasan_save_track+0x24/0x5c\n kasan_save_alloc_info+0x40/0x54\n __kasan_kmalloc+0xa0/0xb8\n __kmalloc_node_track_caller_noprof+0x1c0/0x588\n devm_kmalloc+0x7c/0x1c8\n gaokun_ucsi_probe+0xa0/0x840 auxiliary_bus_probe+0x94/0xf8\n really_probe+0x17c/0x5b8\n __driver_probe_device+0x158/0x2c4\n driver_probe_device+0x10c/0x264\n __device_attach_driver+0x168/0x2d0\n bus_for_each_drv+0x100/0x188\n __device_attach+0x174/0x368\n device_initial_probe+0x14/0x20\n bus_probe_device+0x120/0x150\n device_add+0xb3c/0x10fc\n __auxiliary_device_add+0x88/0x130\n...\n\nFreed by task 73 on cpu 1 at 28.910627s:\n kasan_save_stack+0x2c/0x54\n kasan_save_track+0x24/0x5c\n __kasan_save_free_info+0x4c/0x74\n __kasan_slab_free+0x60/0x8c\n kfree+0xd4/0x410\n devres_release_all+0x140/0x1f0\n device_unbind_cleanup+0x20/0x190\n device_release_driver_internal+0x344/0x460\n device_release_driver+0x18/0x24\n bus_remove_device+0x198/0x274\n device_del+0x310/0xa84\n...\n\nThe buggy address belongs to the object at ffff00000ec28c00\n which belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 200 bytes inside of\n freed 512-byte region\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ec28\nhead: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nflags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)\npage_type: f5(slab)\nraw: 03fffe0000000040 ffff000008801c80 dead000000000122 0000000000000000\nraw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000\nhead: 03fffe0000000040 ffff000008801c80 dead000000000122 0000000000000000\nhead: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000\nhead: 03fffe0000000002 fffffdffc03b0a01 00000000ffffffff 00000000ffffffff\nhead: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff00000ec28b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff00000ec28c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\u003effff00000ec28c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff00000ec28d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff00000ec28d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n================================================================\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68323",
"url": "https://www.suse.com/security/cve/CVE-2025-68323"
},
{
"category": "external",
"summary": "SUSE Bug 1255405 for CVE-2025-68323",
"url": "https://bugzilla.suse.com/1255405"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-68323"
},
{
"cve": "CVE-2025-68324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68324"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: imm: Fix use-after-free bug caused by unfinished delayed work\n\nThe delayed work item \u0027imm_tq\u0027 is initialized in imm_attach() and\nscheduled via imm_queuecommand() for processing SCSI commands. When the\nIMM parallel port SCSI host adapter is detached through imm_detach(),\nthe imm_struct device instance is deallocated.\n\nHowever, the delayed work might still be pending or executing\nwhen imm_detach() is called, leading to use-after-free bugs\nwhen the work function imm_interrupt() accesses the already\nfreed imm_struct memory.\n\nThe race condition can occur as follows:\n\nCPU 0(detach thread) | CPU 1\n | imm_queuecommand()\n | imm_queuecommand_lck()\nimm_detach() | schedule_delayed_work()\n kfree(dev) //FREE | imm_interrupt()\n | dev = container_of(...) //USE\n dev-\u003e //USE\n\nAdd disable_delayed_work_sync() in imm_detach() to guarantee proper\ncancellation of the delayed work item before imm_struct is deallocated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68324",
"url": "https://www.suse.com/security/cve/CVE-2025-68324"
},
{
"category": "external",
"summary": "SUSE Bug 1255416 for CVE-2025-68324",
"url": "https://bugzilla.suse.com/1255416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68324"
},
{
"cve": "CVE-2025-68325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68325"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_cake: Fix incorrect qlen reduction in cake_drop\n\nIn cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen\nand backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes\nthat the parent qdisc will enqueue the current packet. However, this\nassumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent\nqdisc stops enqueuing current packet, leaving the tree qlen/backlog\naccounting inconsistent. This mismatch can lead to a NULL dereference\n(e.g., when the parent Qdisc is qfq_qdisc).\n\nThis patch computes the qlen/backlog delta in a more robust way by\nobserving the difference before and after the series of cake_drop()\ncalls, and then compensates the qdisc tree accounting if cake_enqueue()\nreturns NET_XMIT_CN.\n\nTo ensure correct compensation when ACK thinning is enabled, a new\nvariable is introduced to keep qlen unchanged.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68325",
"url": "https://www.suse.com/security/cve/CVE-2025-68325"
},
{
"category": "external",
"summary": "SUSE Bug 1255417 for CVE-2025-68325",
"url": "https://bugzilla.suse.com/1255417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.2-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68325"
}
]
}
ghsa-3792-937m-5pm4
Vulnerability from github
Published
2025-12-16 15:30
Modified
2025-12-16 15:30
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
crypto: zstd - fix double-free in per-CPU stream cleanup
The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed.
The issue happens because zstd_streams (per-CPU contexts) are freed in zstd_exit() during every tfm destruction, rather than being managed at the module level. When multiple tfms exist, each tfm exit attempts to free the same shared per-CPU streams, resulting in a double-free.
This leads to a stack trace similar to:
BUG: Bad page state in process kworker/u16:1 pfn:106fd93 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93 flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero entire_mapcount Modules linked in: ... CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B Hardware name: ... Workqueue: btrfs-delalloc btrfs_work_helper Call Trace: dump_stack_lvl+0x5d/0x80 bad_page+0x71/0xd0 free_unref_page_prepare+0x24e/0x490 free_unref_page+0x60/0x170 crypto_acomp_free_streams+0x5d/0xc0 crypto_acomp_exit_tfm+0x23/0x50 crypto_destroy_tfm+0x60/0xc0 ...
Change the lifecycle management of zstd_streams to free the streams only once during module cleanup.
{
"affected": [],
"aliases": [
"CVE-2025-68262"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-16T15:15:55Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: zstd - fix double-free in per-CPU stream cleanup\n\nThe crypto/zstd module has a double-free bug that occurs when multiple\ntfms are allocated and freed.\n\nThe issue happens because zstd_streams (per-CPU contexts) are freed in\nzstd_exit() during every tfm destruction, rather than being managed at\nthe module level. When multiple tfms exist, each tfm exit attempts to\nfree the same shared per-CPU streams, resulting in a double-free.\n\nThis leads to a stack trace similar to:\n\n BUG: Bad page state in process kworker/u16:1 pfn:106fd93\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93\n flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: nonzero entire_mapcount\n Modules linked in: ...\n CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B\n Hardware name: ...\n Workqueue: btrfs-delalloc btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n bad_page+0x71/0xd0\n free_unref_page_prepare+0x24e/0x490\n free_unref_page+0x60/0x170\n crypto_acomp_free_streams+0x5d/0xc0\n crypto_acomp_exit_tfm+0x23/0x50\n crypto_destroy_tfm+0x60/0xc0\n ...\n\nChange the lifecycle management of zstd_streams to free the streams only\nonce during module cleanup.",
"id": "GHSA-3792-937m-5pm4",
"modified": "2025-12-16T15:30:47Z",
"published": "2025-12-16T15:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68262"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/48bc9da3c97c15f1ea24934bcb3b736acd30163d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc0f4509b0ed5d82bef78e058db0ac4df04d0695"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e983feaa79de1e46c9087fb9f02fedb0e5397ce6"
}
],
"schema_version": "1.4.0",
"severity": []
}
wid-sec-w-2025-2868
Vulnerability from csaf_certbund
Published
2025-12-16 23:00
Modified
2025-12-21 23:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einer Denial-of-Service- Bedingung f\u00fchren oder eine Speicherbesch\u00e4digung verursachen k\u00f6nnen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2868 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2868.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2868 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2868"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40346",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-40346-623f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40347",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-40347-275c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40348",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-40348-4387@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40349",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-40349-82c6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40350",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-40350-577e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40351",
"url": "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40351-55f8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40352",
"url": "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40352-3fa5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40353",
"url": "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40353-fb93@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40354",
"url": "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-40354-b9bd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40355",
"url": "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-40355-7b3b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40356",
"url": "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-40356-27b8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40357",
"url": "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-40357-67de@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40358",
"url": "https://lore.kernel.org/linux-cve-announce/2025121643-CVE-2025-40358-9963@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40359",
"url": "https://lore.kernel.org/linux-cve-announce/2025121644-CVE-2025-40359-143c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40360",
"url": "https://lore.kernel.org/linux-cve-announce/2025121644-CVE-2025-40360-28d0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40361",
"url": "https://lore.kernel.org/linux-cve-announce/2025121644-CVE-2025-40361-50ca@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40362",
"url": "https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-40362-c4d6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40363",
"url": "https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-40363-bbdd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68167",
"url": "https://lore.kernel.org/linux-cve-announce/2025121627-CVE-2025-68167-a6eb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68168",
"url": "https://lore.kernel.org/linux-cve-announce/2025121627-CVE-2025-68168-7341@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68169",
"url": "https://lore.kernel.org/linux-cve-announce/2025121628-CVE-2025-68169-1e23@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68170",
"url": "https://lore.kernel.org/linux-cve-announce/2025121628-CVE-2025-68170-6a22@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68171",
"url": "https://lore.kernel.org/linux-cve-announce/2025121628-CVE-2025-68171-d43d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68172",
"url": "https://lore.kernel.org/linux-cve-announce/2025121629-CVE-2025-68172-3d84@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68173",
"url": "https://lore.kernel.org/linux-cve-announce/2025121629-CVE-2025-68173-788c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68174",
"url": "https://lore.kernel.org/linux-cve-announce/2025121629-CVE-2025-68174-84da@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68175",
"url": "https://lore.kernel.org/linux-cve-announce/2025121629-CVE-2025-68175-d545@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68176",
"url": "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68176-4be5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68177",
"url": "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68177-5af8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68178",
"url": "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68178-6a73@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68179",
"url": "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68179-6ce9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68180",
"url": "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68180-385e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68181",
"url": "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68181-57dd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68182",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68182-87b4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68183",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68183-f588@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68184",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68184-602a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68185",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68185-6db0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68186",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68186-8a42@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68187",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68187-630c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68188",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68188-5392@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68189",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68189-c9b6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68190",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68190-e648@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68191",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68191-ec54@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68192",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68192-4491@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68193",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68193-2474@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68194",
"url": "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68194-2b2f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68195",
"url": "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68195-98fc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68196",
"url": "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68196-5e6e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68197",
"url": "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-68197-5624@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68198",
"url": "https://lore.kernel.org/linux-cve-announce/2025121627-CVE-2025-68198-2638@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68199",
"url": "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68199-c244@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68200",
"url": "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68200-3bbb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68201",
"url": "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68201-d175@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68202",
"url": "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68202-f008@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68203",
"url": "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68203-7510@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68204",
"url": "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68204-8659@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68205",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68205-6672@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68206",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68206-47ba@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68207",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68207-c0f2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68208",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68208-d2fc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68209",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68209-2e49@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68210",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68210-c4b9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68211",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68211-180a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68212",
"url": "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68212-eab7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68213",
"url": "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68213-2d63@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68214",
"url": "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68214-1871@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68215",
"url": "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68215-ee77@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68216",
"url": "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68216-405a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68217",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68217-896e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68218",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68218-4aee@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68219",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68219-f9c4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68220",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68220-9526@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68221",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68221-7f16@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68222",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68222-1d22@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68223",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68223-4e44@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68224",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68224-37da@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68225",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68225-bfd3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68226",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68226-6559@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68227",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68227-930f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68228",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68228-43e1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68229",
"url": "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68229-8958@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68230",
"url": "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68230-a9be@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68231",
"url": "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68231-74ba@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68232",
"url": "https://lore.kernel.org/linux-cve-announce/2025121617-CVE-2025-68232-3ea7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68233",
"url": "https://lore.kernel.org/linux-cve-announce/2025121617-CVE-2025-68233-1595@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68234",
"url": "https://lore.kernel.org/linux-cve-announce/2025121617-CVE-2025-68234-5ab4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68235",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68235-2837@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68236",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68236-d2fe@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68237",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68237-7f03@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68238",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68238-fd37@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68239",
"url": "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68239-f7a4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68240",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68240-03ff@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68241",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68241-854d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68242",
"url": "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68242-45e0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68243",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68243-cdd0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68244",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68244-9dbc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68245",
"url": "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68245-4e60@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68246",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68246-7c3d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68247",
"url": "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68247-9661@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68248",
"url": "https://lore.kernel.org/linux-cve-announce/2025121623-CVE-2025-68248-2695@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68249",
"url": "https://lore.kernel.org/linux-cve-announce/2025121623-CVE-2025-68249-f6bc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68250",
"url": "https://lore.kernel.org/linux-cve-announce/2025121623-CVE-2025-68250-9b9c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68251",
"url": "https://lore.kernel.org/linux-cve-announce/2025121624-CVE-2025-68251-782f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68252",
"url": "https://lore.kernel.org/linux-cve-announce/2025121624-CVE-2025-68252-5763@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68253",
"url": "https://lore.kernel.org/linux-cve-announce/2025121624-CVE-2025-68253-7e3c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68254",
"url": "https://lore.kernel.org/linux-cve-announce/2025121610-CVE-2025-68254-b745@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68255",
"url": "https://lore.kernel.org/linux-cve-announce/2025121612-CVE-2025-68255-3994@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68256",
"url": "https://lore.kernel.org/linux-cve-announce/2025121612-CVE-2025-68256-5ed2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68257",
"url": "https://lore.kernel.org/linux-cve-announce/2025121613-CVE-2025-68257-3579@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68258",
"url": "https://lore.kernel.org/linux-cve-announce/2025121613-CVE-2025-68258-9a76@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68259",
"url": "https://lore.kernel.org/linux-cve-announce/2025121613-CVE-2025-68259-16e3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68260",
"url": "https://lore.kernel.org/linux-cve-announce/2025121614-CVE-2025-68260-558d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68261",
"url": "https://lore.kernel.org/linux-cve-announce/2025121614-CVE-2025-68261-4e23@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68262",
"url": "https://lore.kernel.org/linux-cve-announce/2025121614-CVE-2025-68262-8492@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68263",
"url": "https://lore.kernel.org/linux-cve-announce/2025121615-CVE-2025-68263-9c03@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68264",
"url": "https://lore.kernel.org/linux-cve-announce/2025121615-CVE-2025-68264-6768@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68265",
"url": "https://lore.kernel.org/linux-cve-announce/2025121609-CVE-2025-68265-4800@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68266",
"url": "https://lore.kernel.org/linux-cve-announce/2025121609-CVE-2025-68266-d334@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68281",
"url": "https://lore.kernel.org/linux-cve-announce/2025121640-CVE-2025-68281-4fa1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68282",
"url": "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68282-641e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68283",
"url": "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-68283-77dd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68284",
"url": "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-68284-132f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68285",
"url": "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68285-8339@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68286",
"url": "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68286-cda3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68287",
"url": "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68287-5647@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68288",
"url": "https://lore.kernel.org/linux-cve-announce/2025121639-CVE-2025-68288-c606@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68289",
"url": "https://lore.kernel.org/linux-cve-announce/2025121639-CVE-2025-68289-1efe@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68290",
"url": "https://lore.kernel.org/linux-cve-announce/2025121639-CVE-2025-68290-e13c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68291",
"url": "https://lore.kernel.org/linux-cve-announce/2025121640-CVE-2025-68291-4649@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68292",
"url": "https://lore.kernel.org/linux-cve-announce/2025121640-CVE-2025-68292-434b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68293",
"url": "https://lore.kernel.org/linux-cve-announce/2025121640-CVE-2025-68293-ea76@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68294",
"url": "https://lore.kernel.org/linux-cve-announce/2025121641-CVE-2025-68294-fcd2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68295",
"url": "https://lore.kernel.org/linux-cve-announce/2025121641-CVE-2025-68295-89cb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68296",
"url": "https://lore.kernel.org/linux-cve-announce/2025121641-CVE-2025-68296-c946@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68297",
"url": "https://lore.kernel.org/linux-cve-announce/2025121642-CVE-2025-68297-1f6e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68298",
"url": "https://lore.kernel.org/linux-cve-announce/2025121642-CVE-2025-68298-40ed@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68299",
"url": "https://lore.kernel.org/linux-cve-announce/2025121642-CVE-2025-68299-411f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68300",
"url": "https://lore.kernel.org/linux-cve-announce/2025121643-CVE-2025-68300-ec22@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68301",
"url": "https://lore.kernel.org/linux-cve-announce/2025121643-CVE-2025-68301-be31@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68302",
"url": "https://lore.kernel.org/linux-cve-announce/2025121643-CVE-2025-68302-913d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68303",
"url": "https://lore.kernel.org/linux-cve-announce/2025121644-CVE-2025-68303-2c61@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68304",
"url": "https://lore.kernel.org/linux-cve-announce/2025121644-CVE-2025-68304-9ae7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68305",
"url": "https://lore.kernel.org/linux-cve-announce/2025121644-CVE-2025-68305-e40b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68306",
"url": "https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-68306-e034@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68307",
"url": "https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-68307-5e9b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68308",
"url": "https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-68308-5dc4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68309",
"url": "https://lore.kernel.org/linux-cve-announce/2025121651-CVE-2025-68309-1029@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68310",
"url": "https://lore.kernel.org/linux-cve-announce/2025121653-CVE-2025-68310-e0fc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68311",
"url": "https://lore.kernel.org/linux-cve-announce/2025121654-CVE-2025-68311-c43d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68312",
"url": "https://lore.kernel.org/linux-cve-announce/2025121654-CVE-2025-68312-63bb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68313",
"url": "https://lore.kernel.org/linux-cve-announce/2025121654-CVE-2025-68313-c65d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68314",
"url": "https://lore.kernel.org/linux-cve-announce/2025121655-CVE-2025-68314-847b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68315",
"url": "https://lore.kernel.org/linux-cve-announce/2025121655-CVE-2025-68315-158d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68316",
"url": "https://lore.kernel.org/linux-cve-announce/2025121655-CVE-2025-68316-fe36@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68317",
"url": "https://lore.kernel.org/linux-cve-announce/2025121656-CVE-2025-68317-28c8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68318",
"url": "https://lore.kernel.org/linux-cve-announce/2025121656-CVE-2025-68318-5c94@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68319",
"url": "https://lore.kernel.org/linux-cve-announce/2025121656-CVE-2025-68319-6b7f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68320",
"url": "https://lore.kernel.org/linux-cve-announce/2025121622-CVE-2025-68320-4e08@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68321",
"url": "https://lore.kernel.org/linux-cve-announce/2025121622-CVE-2025-68321-72b0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68322",
"url": "https://lore.kernel.org/linux-cve-announce/2025121622-CVE-2025-68322-b034@gregkh/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15836-1 vom 2025-12-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/53M4O7COKUKFXHXPCFMZDFAEZFGUL66A/"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-21T23:00:00.000+00:00",
"generator": {
"date": "2025-12-22T08:55:39.567+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2868",
"initial_release_date": "2025-12-16T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-16T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-21T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T049490",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1000204",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2018-1000204"
},
{
"cve": "CVE-2025-40346",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40346"
},
{
"cve": "CVE-2025-40347",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40347"
},
{
"cve": "CVE-2025-40348",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40348"
},
{
"cve": "CVE-2025-40349",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40349"
},
{
"cve": "CVE-2025-40350",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40350"
},
{
"cve": "CVE-2025-40351",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40351"
},
{
"cve": "CVE-2025-40352",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40352"
},
{
"cve": "CVE-2025-40353",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40353"
},
{
"cve": "CVE-2025-40354",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40354"
},
{
"cve": "CVE-2025-40355",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40355"
},
{
"cve": "CVE-2025-40356",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40356"
},
{
"cve": "CVE-2025-40357",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40357"
},
{
"cve": "CVE-2025-40358",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40358"
},
{
"cve": "CVE-2025-40359",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40359"
},
{
"cve": "CVE-2025-40360",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40360"
},
{
"cve": "CVE-2025-40361",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40361"
},
{
"cve": "CVE-2025-40362",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40362"
},
{
"cve": "CVE-2025-40363",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-40363"
},
{
"cve": "CVE-2025-68167",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68167"
},
{
"cve": "CVE-2025-68168",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68168"
},
{
"cve": "CVE-2025-68169",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68169"
},
{
"cve": "CVE-2025-68170",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68170"
},
{
"cve": "CVE-2025-68171",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68171"
},
{
"cve": "CVE-2025-68172",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68172"
},
{
"cve": "CVE-2025-68173",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68173"
},
{
"cve": "CVE-2025-68174",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68174"
},
{
"cve": "CVE-2025-68175",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68175"
},
{
"cve": "CVE-2025-68176",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68176"
},
{
"cve": "CVE-2025-68177",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68177"
},
{
"cve": "CVE-2025-68178",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68178"
},
{
"cve": "CVE-2025-68179",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68179"
},
{
"cve": "CVE-2025-68180",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68180"
},
{
"cve": "CVE-2025-68181",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68181"
},
{
"cve": "CVE-2025-68182",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68182"
},
{
"cve": "CVE-2025-68183",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68183"
},
{
"cve": "CVE-2025-68184",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68184"
},
{
"cve": "CVE-2025-68185",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68185"
},
{
"cve": "CVE-2025-68186",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68186"
},
{
"cve": "CVE-2025-68187",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68187"
},
{
"cve": "CVE-2025-68188",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68188"
},
{
"cve": "CVE-2025-68189",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68189"
},
{
"cve": "CVE-2025-68190",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68190"
},
{
"cve": "CVE-2025-68191",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68191"
},
{
"cve": "CVE-2025-68192",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68192"
},
{
"cve": "CVE-2025-68193",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68193"
},
{
"cve": "CVE-2025-68194",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68194"
},
{
"cve": "CVE-2025-68195",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68195"
},
{
"cve": "CVE-2025-68196",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68196"
},
{
"cve": "CVE-2025-68197",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68197"
},
{
"cve": "CVE-2025-68198",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68198"
},
{
"cve": "CVE-2025-68199",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68199"
},
{
"cve": "CVE-2025-68200",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68200"
},
{
"cve": "CVE-2025-68201",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68201"
},
{
"cve": "CVE-2025-68202",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68202"
},
{
"cve": "CVE-2025-68203",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68203"
},
{
"cve": "CVE-2025-68204",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68204"
},
{
"cve": "CVE-2025-68205",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68205"
},
{
"cve": "CVE-2025-68206",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68206"
},
{
"cve": "CVE-2025-68207",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68207"
},
{
"cve": "CVE-2025-68208",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68208"
},
{
"cve": "CVE-2025-68209",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68209"
},
{
"cve": "CVE-2025-68210",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68210"
},
{
"cve": "CVE-2025-68211",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68211"
},
{
"cve": "CVE-2025-68212",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68212"
},
{
"cve": "CVE-2025-68213",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68213"
},
{
"cve": "CVE-2025-68214",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68214"
},
{
"cve": "CVE-2025-68215",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68215"
},
{
"cve": "CVE-2025-68216",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68216"
},
{
"cve": "CVE-2025-68217",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68217"
},
{
"cve": "CVE-2025-68218",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68218"
},
{
"cve": "CVE-2025-68219",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68219"
},
{
"cve": "CVE-2025-68220",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68220"
},
{
"cve": "CVE-2025-68221",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68221"
},
{
"cve": "CVE-2025-68222",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68222"
},
{
"cve": "CVE-2025-68223",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68223"
},
{
"cve": "CVE-2025-68224",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68224"
},
{
"cve": "CVE-2025-68225",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68225"
},
{
"cve": "CVE-2025-68226",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68226"
},
{
"cve": "CVE-2025-68227",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68227"
},
{
"cve": "CVE-2025-68228",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68228"
},
{
"cve": "CVE-2025-68229",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68229"
},
{
"cve": "CVE-2025-68230",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68230"
},
{
"cve": "CVE-2025-68231",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68231"
},
{
"cve": "CVE-2025-68232",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68232"
},
{
"cve": "CVE-2025-68233",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68233"
},
{
"cve": "CVE-2025-68234",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68234"
},
{
"cve": "CVE-2025-68235",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68235"
},
{
"cve": "CVE-2025-68236",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68236"
},
{
"cve": "CVE-2025-68237",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68237"
},
{
"cve": "CVE-2025-68238",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68238"
},
{
"cve": "CVE-2025-68239",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68239"
},
{
"cve": "CVE-2025-68240",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68240"
},
{
"cve": "CVE-2025-68241",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68241"
},
{
"cve": "CVE-2025-68242",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68242"
},
{
"cve": "CVE-2025-68243",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68243"
},
{
"cve": "CVE-2025-68244",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68244"
},
{
"cve": "CVE-2025-68245",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68245"
},
{
"cve": "CVE-2025-68246",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68246"
},
{
"cve": "CVE-2025-68247",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68247"
},
{
"cve": "CVE-2025-68248",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68248"
},
{
"cve": "CVE-2025-68249",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68249"
},
{
"cve": "CVE-2025-68250",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68250"
},
{
"cve": "CVE-2025-68251",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68251"
},
{
"cve": "CVE-2025-68252",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68252"
},
{
"cve": "CVE-2025-68253",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68253"
},
{
"cve": "CVE-2025-68254",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68254"
},
{
"cve": "CVE-2025-68255",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68255"
},
{
"cve": "CVE-2025-68256",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68256"
},
{
"cve": "CVE-2025-68257",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68257"
},
{
"cve": "CVE-2025-68258",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68258"
},
{
"cve": "CVE-2025-68259",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68259"
},
{
"cve": "CVE-2025-68260",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68260"
},
{
"cve": "CVE-2025-68261",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68261"
},
{
"cve": "CVE-2025-68262",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68262"
},
{
"cve": "CVE-2025-68263",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68263"
},
{
"cve": "CVE-2025-68264",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68264"
},
{
"cve": "CVE-2025-68265",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68265"
},
{
"cve": "CVE-2025-68266",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68266"
},
{
"cve": "CVE-2025-68281",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68281"
},
{
"cve": "CVE-2025-68282",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68282"
},
{
"cve": "CVE-2025-68283",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68283"
},
{
"cve": "CVE-2025-68284",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68286",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68286"
},
{
"cve": "CVE-2025-68287",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68287"
},
{
"cve": "CVE-2025-68288",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68288"
},
{
"cve": "CVE-2025-68289",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68289"
},
{
"cve": "CVE-2025-68290",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68290"
},
{
"cve": "CVE-2025-68291",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68291"
},
{
"cve": "CVE-2025-68292",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68292"
},
{
"cve": "CVE-2025-68293",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68293"
},
{
"cve": "CVE-2025-68294",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68294"
},
{
"cve": "CVE-2025-68295",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68295"
},
{
"cve": "CVE-2025-68296",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68296"
},
{
"cve": "CVE-2025-68297",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68297"
},
{
"cve": "CVE-2025-68298",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68298"
},
{
"cve": "CVE-2025-68299",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68299"
},
{
"cve": "CVE-2025-68300",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68300"
},
{
"cve": "CVE-2025-68301",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68301"
},
{
"cve": "CVE-2025-68302",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68302"
},
{
"cve": "CVE-2025-68303",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68303"
},
{
"cve": "CVE-2025-68304",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68304"
},
{
"cve": "CVE-2025-68305",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68305"
},
{
"cve": "CVE-2025-68306",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68306"
},
{
"cve": "CVE-2025-68307",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68307"
},
{
"cve": "CVE-2025-68308",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68308"
},
{
"cve": "CVE-2025-68309",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68309"
},
{
"cve": "CVE-2025-68310",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68310"
},
{
"cve": "CVE-2025-68311",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68311"
},
{
"cve": "CVE-2025-68312",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68312"
},
{
"cve": "CVE-2025-68313",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68313"
},
{
"cve": "CVE-2025-68314",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68314"
},
{
"cve": "CVE-2025-68315",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68315"
},
{
"cve": "CVE-2025-68316",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68316"
},
{
"cve": "CVE-2025-68317",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68317"
},
{
"cve": "CVE-2025-68318",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68318"
},
{
"cve": "CVE-2025-68319",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68319"
},
{
"cve": "CVE-2025-68320",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68320"
},
{
"cve": "CVE-2025-68321",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68321"
},
{
"cve": "CVE-2025-68322",
"product_status": {
"known_affected": [
"T049490",
"T027843"
]
},
"release_date": "2025-12-16T23:00:00.000+00:00",
"title": "CVE-2025-68322"
}
]
}
fkie_cve-2025-68262
Vulnerability from fkie_nvd
Published
2025-12-16 15:15
Modified
2025-12-18 15:08
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: zstd - fix double-free in per-CPU stream cleanup
The crypto/zstd module has a double-free bug that occurs when multiple
tfms are allocated and freed.
The issue happens because zstd_streams (per-CPU contexts) are freed in
zstd_exit() during every tfm destruction, rather than being managed at
the module level. When multiple tfms exist, each tfm exit attempts to
free the same shared per-CPU streams, resulting in a double-free.
This leads to a stack trace similar to:
BUG: Bad page state in process kworker/u16:1 pfn:106fd93
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93
flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)
page_type: 0xffffffff()
raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: nonzero entire_mapcount
Modules linked in: ...
CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B
Hardware name: ...
Workqueue: btrfs-delalloc btrfs_work_helper
Call Trace:
<TASK>
dump_stack_lvl+0x5d/0x80
bad_page+0x71/0xd0
free_unref_page_prepare+0x24e/0x490
free_unref_page+0x60/0x170
crypto_acomp_free_streams+0x5d/0xc0
crypto_acomp_exit_tfm+0x23/0x50
crypto_destroy_tfm+0x60/0xc0
...
Change the lifecycle management of zstd_streams to free the streams only
once during module cleanup.
References
| URL | Tags | ||
|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/48bc9da3c97c15f1ea24934bcb3b736acd30163d | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/dc0f4509b0ed5d82bef78e058db0ac4df04d0695 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/e983feaa79de1e46c9087fb9f02fedb0e5397ce6 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: zstd - fix double-free in per-CPU stream cleanup\n\nThe crypto/zstd module has a double-free bug that occurs when multiple\ntfms are allocated and freed.\n\nThe issue happens because zstd_streams (per-CPU contexts) are freed in\nzstd_exit() during every tfm destruction, rather than being managed at\nthe module level. When multiple tfms exist, each tfm exit attempts to\nfree the same shared per-CPU streams, resulting in a double-free.\n\nThis leads to a stack trace similar to:\n\n BUG: Bad page state in process kworker/u16:1 pfn:106fd93\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93\n flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: nonzero entire_mapcount\n Modules linked in: ...\n CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B\n Hardware name: ...\n Workqueue: btrfs-delalloc btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n bad_page+0x71/0xd0\n free_unref_page_prepare+0x24e/0x490\n free_unref_page+0x60/0x170\n crypto_acomp_free_streams+0x5d/0xc0\n crypto_acomp_exit_tfm+0x23/0x50\n crypto_destroy_tfm+0x60/0xc0\n ...\n\nChange the lifecycle management of zstd_streams to free the streams only\nonce during module cleanup."
}
],
"id": "CVE-2025-68262",
"lastModified": "2025-12-18T15:08:06.237",
"metrics": {},
"published": "2025-12-16T15:15:55.697",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/48bc9da3c97c15f1ea24934bcb3b736acd30163d"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/dc0f4509b0ed5d82bef78e058db0ac4df04d0695"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/e983feaa79de1e46c9087fb9f02fedb0e5397ce6"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…